Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3674612a-1422-4966-891b-952abad30de9.roa
File:                     3674612a-1422-4966-891b-952abad30de9.roa (raw, json)
Hash identifier:          DkGa4x9GnXcpIhk21cmRLclQEF6CADoEBZ54F6pCsAk=
Subject key identifier:   C4:13:30:B1:00:48:C0:B9:DC:92:03:E1:1E:93:AA:BA:59:BC:70:B4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4FC175A3D81BEFD137C4B443737A1C488DF9FA28
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3674612a-1422-4966-891b-952abad30de9.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        136.2.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 10 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:c1:75:a3:d8:1b:ef:d1:37:c4:b4:43:73:7a:1c:48:8d:f9:fa:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=51668989610990db229dc16a9d722a01a38194ffe6a0e23d599c71f2940617d2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:79:7e:d1:7a:a9:bb:8b:ef:d2:dd:29:2a:97:
                    00:56:78:9f:08:d5:38:b7:16:6d:2e:e3:e5:07:c3:
                    bc:1d:1d:68:ba:67:48:15:11:11:69:73:a9:44:cf:
                    94:91:ac:33:ea:d9:b5:a7:44:e0:10:20:50:64:99:
                    28:aa:f0:f7:2b:b2:cc:c8:91:8a:7b:e8:e4:fe:fe:
                    9f:4a:5c:b4:1a:21:84:92:22:8e:34:27:f8:ce:82:
                    f5:5a:8c:f1:6e:9b:4f:12:61:80:6b:d8:26:7b:64:
                    76:b2:f5:0b:65:a6:e2:ee:7f:43:f8:78:d3:4e:d3:
                    6c:63:cd:b6:fe:30:01:89:3b:4f:53:13:83:c7:5a:
                    fe:92:8d:c1:6a:e3:93:ff:7e:d0:aa:c7:13:47:19:
                    30:89:70:9d:5b:52:bc:56:5e:82:65:3d:c3:c2:d2:
                    29:7d:ec:2e:23:49:72:0f:3f:f0:26:78:ce:6b:67:
                    0c:ae:1b:55:d7:a9:44:f8:9c:1c:f5:7b:d7:f5:18:
                    a1:a0:c3:be:9b:8a:95:6c:88:7b:ae:9c:09:18:6f:
                    4c:18:26:44:91:1e:c2:50:25:9c:8f:59:fe:99:4d:
                    43:25:d1:ca:89:e0:31:ed:af:ec:2b:07:df:c6:25:
                    4f:88:5f:a1:6f:62:e6:c1:da:0b:d4:65:f6:d0:e7:
                    0d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:13:30:B1:00:48:C0:B9:DC:92:03:E1:1E:93:AA:BA:59:BC:70:B4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3674612a-1422-4966-891b-952abad30de9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.2.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:cf:aa:65:92:5d:8d:17:67:91:3c:2a:7c:b1:1d:6b:2f:d1:
         9e:84:db:b5:5a:00:44:df:21:e1:90:11:44:72:2a:34:80:e6:
         ee:02:3a:3b:a8:d4:81:c8:5c:48:51:4d:86:10:5f:01:e5:59:
         b4:e4:f0:41:23:40:c2:1f:4b:d9:79:c5:22:57:1a:a5:e1:40:
         fd:34:d2:ff:81:4d:cc:5a:50:d3:d3:d9:0b:bf:25:87:20:4c:
         f1:71:98:4a:1b:fe:74:f0:7a:b8:f5:b3:52:56:d2:39:13:df:
         9c:f3:f8:bf:16:ea:82:22:4e:85:aa:33:30:52:ef:3f:0b:b9:
         1e:9d:bf:bc:29:c9:c7:01:e8:4f:b2:38:3a:95:78:fb:7f:0e:
         7e:c5:46:71:c4:14:44:8a:43:ea:92:ac:c3:b9:50:5c:a5:60:
         83:e2:ce:c9:93:41:a1:a5:44:1d:39:55:4f:cd:38:53:10:d8:
         1d:07:8b:5a:0f:68:47:c4:6f:fe:90:60:a3:cf:b0:ae:f5:28:
         88:48:a3:91:fd:d8:e2:cf:b4:5d:12:59:7c:f6:c0:94:b8:20:
         4f:c5:95:79:83:c3:7a:69:7f:07:b4:25:73:ef:65:5c:04:3d:
         e7:a9:32:37:b1:f3:9b:1b:86:2a:2d:de:3d:92:20:1d:03:ea:
         ce:b1:30:d5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUT8F1o9gb79E3xLRDc3ocSI35+igwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTY2ODk4OTYxMDk5MGRiMjI5ZGMxNmE5ZDcyMmEwMWEz
ODE5NGZmZTZhMGUyM2Q1OTljNzFmMjk0MDYxN2QyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqeX7Reqm7i+/S3SkqlwBWeJ8I1Ti3Fm0u4+UHw7wdHWi6
Z0gVERFpc6lEz5SRrDPq2bWnROAQIFBkmSiq8PcrsszIkYp76OT+/p9KXLQaIYSS
Io40J/jOgvVajPFum08SYYBr2CZ7ZHay9QtlpuLuf0P4eNNO02xjzbb+MAGJO09T
E4PHWv6SjcFq45P/ftCqxxNHGTCJcJ1bUrxWXoJlPcPC0il97C4jSXIPP/AmeM5r
ZwyuG1XXqUT4nBz1e9f1GKGgw76bipVsiHuunAkYb0wYJkSRHsJQJZyPWf6ZTUMl
0cqJ4DHtr+wrB9/GJU+IX6FvYubB2gvUZfbQ5w03AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxBMwsQBIwLnckgPhHpOqulm8cLQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM2NzQ2MTJhLTE0MjItNDk2Ni04OTFiLTk1MmFiYWQzMGRlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIAjANBgkqhkiG9w0BAQsFAAOCAQEAPM+qZZJdjRdnkTwqfLEday/RnoTb
tVoARN8h4ZARRHIqNIDm7gI6O6jUgchcSFFNhhBfAeVZtOTwQSNAwh9L2XnFIlca
peFA/TTS/4FNzFpQ09PZC78lhyBM8XGYShv+dPB6uPWzUlbSORPfnPP4vxbqgiJO
haozMFLvPwu5Hp2/vCnJxwHoT7I4OpV4+38OfsVGccQURIpD6pKsw7lQXKVgg+LO
yZNBoaVEHTlVT804UxDYHQeLWg9oR8Rv/pBgo8+wrvUoiEijkf3Y4s+0XRJZfPbA
lLggT8WVeYPDeml/B7Qlc+9lXAQ956kyN7HzmxuGKi3ePZIgHQPqzrEw1Q==
-----END CERTIFICATE-----