Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa
File:                     4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa (raw, json)
Hash identifier:          1XwJcLh8Ae5ZlWMW91p8I/Wxt4tQux4ZlVZxaYn3ehA=
Subject key identifier:   2B:F1:E6:8A:E6:1B:92:CE:35:A3:6E:CE:C9:EA:7E:29:60:5A:07:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DEFAA1795F2692339BB5AE760815B7BD97372AB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa
Signing time:             Tue 16 Apr 2024 00:00:00 +0000
ROA not before:           Tue 16 Apr 2024 00:00:00 +0000
ROA not after:            Tue 21 May 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        68.217.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 03 May 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ef:aa:17:95:f2:69:23:39:bb:5a:e7:60:81:5b:7b:d9:73:72:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 16 00:00:00 2024 GMT
            Not After : May 21 23:59:59 2024 GMT
        Subject: serialNumber=169d3d208f69a9a6cf00886654b17398e46553d4189a54f136825f174190d6b1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1a:e0:15:ac:e5:80:40:71:44:0e:40:90:92:
                    03:5a:86:b0:96:11:26:8b:a8:bc:5e:af:82:f6:18:
                    e8:b8:1a:92:8f:d5:48:45:21:80:c3:7e:59:7e:9b:
                    7e:c4:bf:59:a3:ae:3b:8d:6b:89:0b:24:26:53:48:
                    a9:79:cc:30:c9:ac:99:4e:ba:c4:c1:7f:29:27:a2:
                    9a:70:79:94:43:e9:74:a6:20:55:05:be:86:ef:82:
                    70:96:5d:d3:d4:cd:45:5d:d4:f1:c7:3b:10:0f:bf:
                    b1:b5:a3:0a:38:8c:8a:00:28:6a:5d:53:03:f8:bf:
                    35:ea:27:74:41:00:32:e9:7d:25:f1:6f:7b:5c:b4:
                    a6:0a:fa:06:df:a6:bd:4b:16:95:30:19:f0:17:be:
                    e0:37:7e:da:f5:0b:6a:ce:b0:3b:bd:06:89:2a:80:
                    63:a2:3a:4b:76:40:fe:50:4f:62:8d:52:53:f6:dc:
                    18:b6:86:9d:fb:5c:14:4d:b8:21:9d:a7:7f:66:00:
                    8d:81:11:65:64:7c:1b:d5:60:6b:d5:d5:ed:ec:4d:
                    ef:eb:b1:7f:23:7a:40:de:af:a3:91:34:60:c6:86:
                    15:85:d5:f5:34:2b:5f:ca:7d:3b:8c:80:d3:7e:cb:
                    15:fe:67:e4:55:9d:7a:85:ca:04:10:6f:d3:4d:8c:
                    70:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F1:E6:8A:E6:1B:92:CE:35:A3:6E:CE:C9:EA:7E:29:60:5A:07:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.217.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         93:48:e0:f7:ec:3d:2b:62:1f:5b:ea:c9:b1:b4:f6:15:ae:81:
         61:ce:48:66:72:19:4b:15:42:62:24:b9:dc:f5:8b:96:51:97:
         40:e6:ad:85:9f:95:5b:d5:52:bc:9c:c9:4e:11:75:f6:f7:b0:
         82:93:07:ca:73:ec:7e:56:86:13:3e:4b:f4:4a:7d:94:20:b7:
         c2:73:a4:be:30:69:88:9b:d0:00:19:e1:9c:6c:c0:1a:eb:b3:
         7e:09:bc:c0:8e:d4:fc:76:6d:aa:e0:db:c7:74:8d:4d:e1:c0:
         6e:e7:6f:fb:39:d4:43:29:73:bb:50:ad:89:fd:d6:0c:1a:da:
         3b:67:82:bf:2d:f5:b2:41:ea:5c:72:b8:1a:67:d5:5f:60:af:
         47:b5:bd:3c:f3:d8:cd:35:b4:4a:5e:d2:90:21:e8:16:e6:a6:
         35:13:22:ef:6c:c0:72:41:20:fa:14:bd:66:87:87:61:98:ec:
         9f:27:84:33:12:2e:51:28:2d:6b:c6:43:42:a7:a8:c1:28:60:
         c1:9e:43:d1:f4:9b:07:9e:ee:f8:5e:72:a1:5e:c0:15:86:12:
         65:df:b4:aa:6d:83:0e:a9:89:a5:e4:9e:64:c1:b4:6e:40:8d:
         03:b9:08:f5:56:ab:35:ef:e5:06:85:e9:f3:cf:52:5b:b1:be:
         24:e6:3c:42
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfe+qF5XyaSM5u1rnYIFbe9lzcqswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE2MDAwMDAwWhcNMjQwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjlkM2QyMDhmNjlhOWE2Y2YwMDg4NjY1NGIxNzM5OGU0
NjU1M2Q0MTg5YTU0ZjEzNjgyNWYxNzQxOTBkNmIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClGuAVrOWAQHFEDkCQkgNahrCWESaLqLxer4L2GOi4GpKP
1UhFIYDDfll+m37Ev1mjrjuNa4kLJCZTSKl5zDDJrJlOusTBfyknoppweZRD6XSm
IFUFvobvgnCWXdPUzUVd1PHHOxAPv7G1owo4jIoAKGpdUwP4vzXqJ3RBADLpfSXx
b3tctKYK+gbfpr1LFpUwGfAXvuA3ftr1C2rOsDu9BokqgGOiOkt2QP5QT2KNUlP2
3Bi2hp37XBRNuCGdp39mAI2BEWVkfBvVYGvV1e3sTe/rsX8jekDer6ORNGDGhhWF
1fU0K1/KfTuMgNN+yxX+Z+RVnXqFygQQb9NNjHCdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUK/HmiuYbks41o27Oyep+KWBaByUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyODdiN2E4LTFmZGYtNDQyNi05YTAzLTA1OGI0ZDhjMzViZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBE2TANBgkqhkiG9w0BAQsFAAOCAQEAk0jg9+w9K2IfW+rJsbT2Fa6BYc5I
ZnIZSxVCYiS53PWLllGXQOathZ+VW9VSvJzJThF19vewgpMHynPsflaGEz5L9Ep9
lCC3wnOkvjBpiJvQABnhnGzAGuuzfgm8wI7U/HZtquDbx3SNTeHAbudv+znUQylz
u1Ctif3WDBraO2eCvy31skHqXHK4GmfVX2CvR7W9PPPYzTW0Sl7SkCHoFuamNRMi
72zAckEg+hS9ZoeHYZjsnyeEMxIuUSgta8ZDQqeowShgwZ5D0fSbB57u+F5yoV7A
FYYSZd+0qm2DDqmJpeSeZMG0bkCNA7kI9VarNe/lBoXp889SW7G+JOY8Qg==
-----END CERTIFICATE-----