Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b1eae43-0942-4239-94c6-a530231bc334.roa
File:                     5b1eae43-0942-4239-94c6-a530231bc334.roa (raw, json)
Hash identifier:          AjtlVw+C6GNQu4JEt9Snlr6dKALEp4rfgxge8Xw6SzE=
Subject key identifier:   8D:D2:74:A9:A3:39:A4:3E:41:8B:D2:E8:E9:F7:53:5C:CA:C9:0C:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       682D8AF67B5BCFEDFF8D707E256F239E9D09FCD7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b1eae43-0942-4239-94c6-a530231bc334.roa
Signing time:             Fri 26 Apr 2024 00:00:00 +0000
ROA not before:           Fri 26 Apr 2024 00:00:00 +0000
ROA not after:            Fri 31 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        13.152.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 04 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:2d:8a:f6:7b:5b:cf:ed:ff:8d:70:7e:25:6f:23:9e:9d:09:fc:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 26 00:00:00 2024 GMT
            Not After : May 31 23:59:59 2024 GMT
        Subject: serialNumber=094067e4907dcb6154945d3ae69ae3ad02ce9be3a401ea8144d6579bb2a6068c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9e:7e:7d:42:87:37:1e:e6:36:33:f1:7c:31:
                    3d:19:b3:a5:56:ac:7d:12:92:d0:fa:92:fa:b7:9e:
                    e8:ec:58:b0:21:a8:36:2a:04:18:6a:28:38:d4:a8:
                    2f:52:c5:e7:fb:23:70:27:18:55:b9:1b:2a:9e:75:
                    21:a5:fd:89:2f:bc:af:17:84:c3:5e:6a:e9:29:79:
                    4f:e9:37:28:bd:3e:46:1d:23:b4:0c:f7:86:0f:04:
                    d0:dd:da:ba:93:af:14:09:c9:f8:6a:6c:72:f8:7d:
                    72:c0:69:1d:c8:ee:16:e1:e4:f4:a1:f3:c1:72:0c:
                    cb:d9:6f:ef:ec:d0:0f:c7:99:b8:80:fb:13:b7:1c:
                    a9:31:43:69:ce:e4:d5:0e:3a:4a:36:17:9d:11:5f:
                    8e:49:3f:e7:9f:07:67:f1:6d:38:b6:84:c6:fe:e8:
                    bc:4a:69:ab:7e:a3:cb:8d:82:e4:45:1a:12:bb:f2:
                    7f:46:12:e1:cb:bd:f7:f4:21:39:5c:25:38:14:8b:
                    89:dc:8e:88:20:df:3f:71:a8:31:fe:38:55:be:6f:
                    e8:c0:39:4d:a4:08:49:33:ce:1a:d4:c8:29:f1:79:
                    7b:49:29:bb:c2:18:92:83:fa:54:c2:c2:7f:2f:c9:
                    67:ba:d9:89:e8:b3:63:bd:ca:e4:5c:15:91:f6:8d:
                    9c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D2:74:A9:A3:39:A4:3E:41:8B:D2:E8:E9:F7:53:5C:CA:C9:0C:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b1eae43-0942-4239-94c6-a530231bc334.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.152.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         75:57:4c:7c:ff:5e:37:73:5f:ec:bc:c5:5c:54:f5:a9:1b:3b:
         77:3a:6a:3f:e1:cd:07:ea:75:54:dd:9a:08:22:bc:81:34:6b:
         3c:fb:42:f7:91:be:d0:8b:1f:82:61:dc:5d:3a:7b:6c:69:af:
         b5:17:46:69:ac:88:42:34:df:2b:19:43:56:b3:6d:6c:a3:ee:
         73:33:e3:70:bf:a6:17:cc:b9:76:26:ad:a0:7f:c3:86:46:38:
         fb:30:14:1c:89:37:f3:6a:c5:d2:07:42:59:d8:d4:92:e4:07:
         d0:a5:2f:33:a6:fe:30:62:bd:50:86:a9:11:3e:32:ba:20:8f:
         f9:5b:79:0c:ae:a2:a3:f9:ca:c6:5f:61:5f:a0:87:73:ed:b1:
         23:fd:c8:80:a9:87:1b:3f:ed:31:88:20:ef:d4:0a:23:a9:2c:
         ee:d8:f0:6c:79:be:af:db:21:19:07:3e:e7:8f:e7:cd:dd:a0:
         64:e9:75:e6:a3:11:4c:c5:af:97:cd:f5:0f:7e:16:08:80:e5:
         ab:bf:6a:e7:04:a8:62:d8:f5:fb:67:e4:f4:df:54:c1:bf:27:
         91:c5:cc:dd:25:74:28:1d:1d:7d:c8:fa:25:45:24:85:77:3a:
         d8:5f:9e:07:f3:cf:1c:65:c7:0d:63:f8:b4:4b:70:45:a4:4c:
         11:41:91:d6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaC2K9ntbz+3/jXB+JW8jnp0J/NcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDI2MDAwMDAwWhcNMjQwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwOTQwNjdlNDkwN2RjYjYxNTQ5NDVkM2FlNjlhZTNhZDAy
Y2U5YmUzYTQwMWVhODE0NGQ2NTc5YmIyYTYwNjhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUnn59Qoc3HuY2M/F8MT0Zs6VWrH0SktD6kvq3nujsWLAh
qDYqBBhqKDjUqC9Sxef7I3AnGFW5GyqedSGl/YkvvK8XhMNeaukpeU/pNyi9PkYd
I7QM94YPBNDd2rqTrxQJyfhqbHL4fXLAaR3I7hbh5PSh88FyDMvZb+/s0A/HmbiA
+xO3HKkxQ2nO5NUOOko2F50RX45JP+efB2fxbTi2hMb+6LxKaat+o8uNguRFGhK7
8n9GEuHLvff0ITlcJTgUi4ncjogg3z9xqDH+OFW+b+jAOU2kCEkzzhrUyCnxeXtJ
KbvCGJKD+lTCwn8vyWe62Ynos2O9yuRcFZH2jZzLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjdJ0qaM5pD5Bi9Lo6fdTXMrJDL8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzViMWVhZTQzLTA5NDItNDIzOS05NGM2LWE1MzAyMzFiYzMzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwANmDANBgkqhkiG9w0BAQsFAAOCAQEAdVdMfP9eN3Nf7LzFXFT1qRs7dzpq
P+HNB+p1VN2aCCK8gTRrPPtC95G+0IsfgmHcXTp7bGmvtRdGaayIQjTfKxlDVrNt
bKPuczPjcL+mF8y5diatoH/DhkY4+zAUHIk382rF0gdCWdjUkuQH0KUvM6b+MGK9
UIapET4yuiCP+Vt5DK6io/nKxl9hX6CHc+2xI/3IgKmHGz/tMYgg79QKI6ks7tjw
bHm+r9shGQc+54/nzd2gZOl15qMRTMWvl831D34WCIDlq79q5wSoYtj1+2fk9N9U
wb8nkcXM3SV0KB0dfcj6JUUkhXc62F+eB/PPHGXHDWP4tEtwRaRMEUGR1g==
-----END CERTIFICATE-----