Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dff5e1b0-47da-4a73-89ef-f0714ed3fd6e.roa
File:                     dff5e1b0-47da-4a73-89ef-f0714ed3fd6e.roa (raw, json)
Hash identifier:          4APT7WaMRbTIzKss6s3weUIi1T7CF3xwMMrT2NsYJh4=
Subject key identifier:   65:9E:05:00:05:DD:95:AB:34:5F:1E:EE:B4:6E:01:72:C9:CE:07:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18B4733CF30DE5601B66C65563A6223BD93B7811
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dff5e1b0-47da-4a73-89ef-f0714ed3fd6e.roa
Signing time:             Fri 07 Jun 2024 00:00:00 +0000
ROA not before:           Fri 07 Jun 2024 00:00:00 +0000
ROA not after:            Fri 12 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        56.98.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 27 Jun 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:b4:73:3c:f3:0d:e5:60:1b:66:c6:55:63:a6:22:3b:d9:3b:78:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun  7 00:00:00 2024 GMT
            Not After : Jul 12 23:59:59 2024 GMT
        Subject: serialNumber=2acdd73c678e4df5d58acfb9bd13ea68cf50b831f527c339eb9a9857e5649441, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:bf:2d:73:67:e8:fe:ea:f5:c7:fe:b4:9a:bf:
                    66:e4:4b:ba:2e:71:59:a0:bb:35:a3:9f:56:0b:ec:
                    4f:a9:ba:2c:20:44:d7:3e:ec:95:19:42:01:05:5a:
                    26:6e:ff:b6:b3:9e:e1:de:c3:fe:52:4e:1a:53:85:
                    19:82:e6:88:cc:21:2d:b0:ea:a6:e4:35:57:93:19:
                    4d:db:5a:bb:fc:67:34:6b:82:66:9e:c2:fe:00:ad:
                    cc:1f:47:8f:5b:5f:af:8c:9b:84:b5:10:18:0f:54:
                    fd:d9:73:73:15:e1:df:a6:83:90:1a:10:99:be:e0:
                    bc:d1:6d:66:e9:23:fd:91:f6:63:64:b3:c1:d9:92:
                    a5:7c:af:56:7f:5c:11:e1:30:46:e2:3e:ec:16:e7:
                    92:3e:b4:0f:01:b6:ed:e5:9e:4e:b3:89:ad:7e:be:
                    b4:a1:e1:0a:b5:c4:f2:63:b3:d6:b0:4e:75:aa:db:
                    dd:80:6d:6f:ce:c2:d3:f9:64:57:7e:ba:8b:97:fb:
                    eb:28:51:b0:da:d3:15:e8:5e:e2:1f:1d:6c:82:4c:
                    1e:39:bd:cf:2c:b9:c6:79:3d:50:a9:91:b1:5f:d6:
                    12:d1:df:44:7f:9a:d8:be:e1:df:0c:8c:27:81:bb:
                    e4:08:4e:3b:6d:4a:45:51:b0:6d:c5:a9:10:55:b7:
                    7e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:9E:05:00:05:DD:95:AB:34:5F:1E:EE:B4:6E:01:72:C9:CE:07:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dff5e1b0-47da-4a73-89ef-f0714ed3fd6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.98.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         35:57:2b:8a:ef:a0:bd:f0:eb:56:ab:ba:37:3b:fd:88:5c:81:
         5f:6d:f6:7e:2d:9b:ef:be:56:3e:7b:00:04:9e:62:0e:20:8c:
         5d:65:f2:f5:36:8b:37:2c:37:81:40:f2:e1:9a:5d:b2:f0:7c:
         66:72:0f:2c:14:01:da:46:e6:db:8b:20:af:61:36:d8:a2:84:
         46:f7:0f:95:bd:f6:2f:4a:92:32:5d:7e:af:f5:04:24:1f:fc:
         7f:44:3f:c0:06:be:10:00:ef:ff:76:d4:40:dd:e1:f5:61:eb:
         45:18:fc:84:7b:e7:8e:4f:ec:b4:5c:24:48:06:0a:61:00:07:
         9b:49:f7:cc:b9:c3:f9:86:30:5e:1a:de:9c:e5:a1:27:61:9c:
         38:1d:d1:31:43:e1:4b:cd:7d:aa:88:37:4c:71:44:16:67:04:
         c4:61:7c:bd:38:ec:9c:f2:d5:b7:c2:f3:1c:cf:0f:09:e2:44:
         de:e9:12:e7:b4:fd:27:e2:e0:9b:53:86:ed:5f:b4:67:48:0e:
         c4:53:39:26:45:4b:a9:da:53:ab:95:fb:72:2c:c5:b8:79:0d:
         98:b7:f6:47:3d:ff:44:03:22:a0:2d:b7:90:2f:be:f9:a9:fb:
         e4:13:d2:64:ab:43:e2:73:2d:f4:ad:6c:38:f3:7f:de:4f:85:
         77:36:52:df
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGLRzPPMN5WAbZsZVY6YiO9k7eBEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNjA3MDAwMDAwWhcNMjQwNzEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYWNkZDczYzY3OGU0ZGY1ZDU4YWNmYjliZDEzZWE2OGNm
NTBiODMxZjUyN2MzMzllYjlhOTg1N2U1NjQ5NDQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmvy1zZ+j+6vXH/rSav2bkS7oucVmguzWjn1YL7E+puiwg
RNc+7JUZQgEFWiZu/7aznuHew/5SThpThRmC5ojMIS2w6qbkNVeTGU3bWrv8ZzRr
gmaewv4ArcwfR49bX6+Mm4S1EBgPVP3Zc3MV4d+mg5AaEJm+4LzRbWbpI/2R9mNk
s8HZkqV8r1Z/XBHhMEbiPuwW55I+tA8Btu3lnk6zia1+vrSh4Qq1xPJjs9awTnWq
292AbW/OwtP5ZFd+uouX++soUbDa0xXoXuIfHWyCTB45vc8sucZ5PVCpkbFf1hLR
30R/mti+4d8MjCeBu+QITjttSkVRsG3FqRBVt37xAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZZ4FAAXdlas0Xx7utG4BcsnOBzwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RmZjVlMWIwLTQ3ZGEtNGE3My04OWVmLWYwNzE0ZWQzZmQ2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YjANBgkqhkiG9w0BAQsFAAOCAQEANVcriu+gvfDrVqu6Nzv9iFyBX232
fi2b775WPnsABJ5iDiCMXWXy9TaLNyw3gUDy4ZpdsvB8ZnIPLBQB2kbm24sgr2E2
2KKERvcPlb32L0qSMl1+r/UEJB/8f0Q/wAa+EADv/3bUQN3h9WHrRRj8hHvnjk/s
tFwkSAYKYQAHm0n3zLnD+YYwXhrenOWhJ2GcOB3RMUPhS819qog3THFEFmcExGF8
vTjsnPLVt8LzHM8PCeJE3ukS57T9J+Lgm1OG7V+0Z0gOxFM5JkVLqdpTq5X7cizF
uHkNmLf2Rz3/RAMioC23kC+++an75BPSZKtD4nMt9K1sOPN/3k+FdzZS3w==
-----END CERTIFICATE-----