Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21bb0458-625d-4892-a4e1-e544b849201a.roa
File:                     21bb0458-625d-4892-a4e1-e544b849201a.roa (raw, json)
Hash identifier:          AKxQirEcjpSmLDS4f65yTcAOFBQGlyK0WmnkqiAt/Ks=
Subject key identifier:   35:DF:22:F0:AA:89:82:AE:7D:9E:43:E3:A0:C1:D4:DF:9F:00:51:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18AB5A14B52BC1922DE1733781A91085D1A97869
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21bb0458-625d-4892-a4e1-e544b849201a.roa
Signing time:             Tue 19 Mar 2024 00:00:00 +0000
ROA not before:           Tue 19 Mar 2024 00:00:00 +0000
ROA not after:            Tue 23 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        63.249.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 30 Mar 2024 12:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ab:5a:14:b5:2b:c1:92:2d:e1:73:37:81:a9:10:85:d1:a9:78:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 19 00:00:00 2024 GMT
            Not After : Apr 23 23:59:59 2024 GMT
        Subject: serialNumber=f095ff7044002dd057b77a3ba476c1b801252d12052f578c0eedab274518c137, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c3:f9:7a:b5:54:5d:44:35:e7:ae:f4:b6:47:
                    f8:c6:03:dd:05:b6:a1:cf:f8:44:c6:2a:e0:c8:fe:
                    3d:ac:c3:12:18:71:5b:f0:90:2d:41:e7:3d:f2:a3:
                    4e:79:53:3d:13:e4:ce:4d:5c:ce:af:07:fe:0f:b3:
                    0a:23:25:6b:19:c1:7e:cb:98:46:65:26:1f:68:0f:
                    47:05:92:55:3e:69:43:dc:e6:89:77:7e:92:b4:d8:
                    fd:14:99:15:2b:d2:a2:2b:3c:52:03:86:d9:95:ba:
                    7e:50:34:24:06:18:6f:b8:ec:fa:ee:2a:a2:c7:66:
                    a7:2c:f7:8b:3b:13:bd:54:cb:33:87:7b:90:f4:35:
                    7b:fb:66:fd:50:f6:34:dd:55:17:20:1b:e4:f8:22:
                    2b:7a:9c:b7:2a:10:9c:11:db:86:5c:d1:17:66:c6:
                    19:fe:30:35:53:ca:a5:3b:8f:33:3e:d4:53:2e:e8:
                    aa:15:f2:98:01:ac:9b:d0:e1:ae:bd:11:56:ea:10:
                    b4:11:35:18:91:24:35:f4:16:c7:02:ff:41:3e:3f:
                    b4:dc:e0:97:55:d6:5a:cc:22:b3:c6:5e:90:d9:d7:
                    14:74:2c:97:46:de:70:4c:7e:b9:f4:78:a0:6c:7b:
                    2d:9c:95:bc:d1:75:71:dc:57:6f:61:cc:83:e1:c8:
                    ba:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:DF:22:F0:AA:89:82:AE:7D:9E:43:E3:A0:C1:D4:DF:9F:00:51:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21bb0458-625d-4892-a4e1-e544b849201a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.249.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         13:a2:df:5f:06:35:9a:92:a6:5d:e6:51:f5:86:97:46:b4:4b:
         35:88:b2:38:2f:6b:19:0a:88:45:8b:c3:c0:b9:0e:a8:d8:2e:
         62:3e:b6:ac:73:7a:4a:b5:5f:8c:f9:d6:17:3f:63:a9:2f:d5:
         c8:bb:f8:a0:ec:1b:8f:82:23:83:52:dd:c4:d5:66:e3:ad:8e:
         89:8c:96:b6:18:07:45:08:1b:a7:06:3f:d7:aa:2f:ab:f8:45:
         f2:ed:2c:6a:ef:e4:ba:0e:ba:b6:d9:57:68:e3:80:9a:3f:2b:
         69:af:47:b8:f7:65:bb:77:ca:c1:cf:7f:5c:5f:25:90:d7:3c:
         a6:4c:93:bb:cc:6d:53:2b:17:43:30:9c:84:39:a2:df:46:64:
         7b:20:80:6b:d8:b9:25:63:db:cc:c8:72:04:00:6c:d1:2c:d0:
         d2:31:a9:53:cc:01:73:72:3f:51:27:87:1f:ab:83:5d:27:cc:
         0e:d4:9b:fb:29:c3:15:f1:9c:99:48:83:4f:f6:a8:15:0c:fa:
         09:6b:26:dd:4e:5a:3b:58:0c:7c:d6:8f:bd:4f:12:09:df:45:
         92:54:1a:cb:33:e4:84:33:87:a2:89:5c:4e:d6:37:fc:3e:e5:
         f8:56:b2:61:ef:0c:7b:05:fe:c3:a6:39:b8:36:ba:22:97:64:
         d3:ea:e1:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGKtaFLUrwZIt4XM3gakQhdGpeGkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwMzE5MDAwMDAwWhcNMjQwNDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMDk1ZmY3MDQ0MDAyZGQwNTdiNzdhM2JhNDc2YzFiODAx
MjUyZDEyMDUyZjU3OGMwZWVkYWIyNzQ1MThjMTM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvw/l6tVRdRDXnrvS2R/jGA90FtqHP+ETGKuDI/j2swxIY
cVvwkC1B5z3yo055Uz0T5M5NXM6vB/4PswojJWsZwX7LmEZlJh9oD0cFklU+aUPc
5ol3fpK02P0UmRUr0qIrPFIDhtmVun5QNCQGGG+47PruKqLHZqcs94s7E71UyzOH
e5D0NXv7Zv1Q9jTdVRcgG+T4Iit6nLcqEJwR24Zc0Rdmxhn+MDVTyqU7jzM+1FMu
6KoV8pgBrJvQ4a69EVbqELQRNRiRJDX0FscC/0E+P7Tc4JdV1lrMIrPGXpDZ1xR0
LJdG3nBMfrn0eKBsey2clbzRdXHcV29hzIPhyLrTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNd8i8KqJgq59nkPjoMHU358AUQAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxYmIwNDU4LTYyNWQtNDg5Mi1hNGUxLWU1NDRiODQ5MjAxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc/+YAwDQYJKoZIhvcNAQELBQADggEBABOi318GNZqSpl3mUfWGl0a0SzWI
sjgvaxkKiEWLw8C5DqjYLmI+tqxzekq1X4z51hc/Y6kv1ci7+KDsG4+CI4NS3cTV
ZuOtjomMlrYYB0UIG6cGP9eqL6v4RfLtLGrv5LoOurbZV2jjgJo/K2mvR7j3Zbt3
ysHPf1xfJZDXPKZMk7vMbVMrF0MwnIQ5ot9GZHsggGvYuSVj28zIcgQAbNEs0NIx
qVPMAXNyP1Enhx+rg10nzA7Um/spwxXxnJlIg0/2qBUM+glrJt1OWjtYDHzWj71P
EgnfRZJUGssz5IQzh6KJXE7WN/w+5fhWsmHvDHsF/sOmObg2uiKXZNPq4Y4=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:36:41 2024 by rpki-client on console-fra.rpki-client.org