Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72e9bed0-026a-40f1-b056-a9972614d53b.roa
File:                     72e9bed0-026a-40f1-b056-a9972614d53b.roa (raw, json)
Hash identifier:          UKh2ir19I7KraZjF+V06P9BWh1EiHOb8da8tuKrA+a8=
Subject key identifier:   D2:C9:3B:5C:6F:EF:8F:C5:27:09:50:C5:0D:DC:4C:2E:75:8C:4A:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71937C630483A9DAF6F5D7AACD8E13C17DABE4A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72e9bed0-026a-40f1-b056-a9972614d53b.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        16.53.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 10 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:93:7c:63:04:83:a9:da:f6:f5:d7:aa:cd:8e:13:c1:7d:ab:e4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=e2b0191739a3c52a3bd067b307ef2bc05f51da5294f1d1bf4039ff478a627754, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e6:9a:e5:8e:c0:e8:40:0b:53:d7:2d:a5:4e:
                    ee:9c:f6:cf:3b:ca:95:f8:26:3d:b0:f6:e3:ab:3d:
                    03:00:95:97:73:0f:95:b9:e3:27:2c:02:b6:7e:64:
                    76:65:c6:ed:9a:a3:60:00:c1:22:58:db:ee:c1:dc:
                    23:99:3d:35:93:02:3a:fe:d8:9f:1a:b3:5c:be:1f:
                    e1:3a:26:b1:d6:a0:07:9a:a3:b2:df:de:89:93:10:
                    a8:d7:92:7d:1b:a3:bb:5c:8b:07:8a:cc:4e:eb:87:
                    93:28:53:b1:30:be:d4:31:07:90:36:e8:5a:96:8e:
                    eb:75:16:95:1f:0e:81:3b:76:41:4e:f0:f5:d8:e6:
                    d9:1b:12:8c:67:fa:3d:42:77:ff:e1:d7:b9:04:b3:
                    fd:26:2d:f6:a7:a1:fd:9c:bb:3e:36:3b:30:4c:c1:
                    f9:94:da:6e:8a:4b:0e:19:68:43:73:17:fa:46:39:
                    39:ab:9c:8f:a8:a2:1a:62:99:1f:f3:17:bf:e5:8d:
                    45:28:f2:f2:90:4c:fd:df:72:61:2f:d0:da:de:82:
                    36:93:eb:58:32:ae:a4:af:23:8b:bf:95:bf:3b:0b:
                    67:81:b0:d8:62:42:78:34:9f:63:e0:53:9f:6b:00:
                    39:1a:52:af:74:ef:ce:fa:4b:f5:41:0f:a6:02:c3:
                    be:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C9:3B:5C:6F:EF:8F:C5:27:09:50:C5:0D:DC:4C:2E:75:8C:4A:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72e9bed0-026a-40f1-b056-a9972614d53b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:d4:dc:78:2d:34:b8:36:ca:ba:1b:fc:0b:6e:f0:17:de:b1:
         64:11:f4:6c:1c:60:c0:2e:fa:19:2f:1a:ef:d0:b6:d1:1b:f4:
         a1:e0:3b:bc:33:46:ab:55:6d:d1:1c:c5:a0:63:f7:1a:14:12:
         3a:7b:dc:b5:29:2f:6f:7d:ab:33:0b:32:9f:9e:31:dd:71:8d:
         34:40:ac:9c:9b:3d:64:1f:27:b6:dc:27:67:7f:73:a8:5b:9d:
         83:09:9d:d9:7a:58:14:cf:2b:42:4e:cd:76:6c:18:cb:d6:55:
         f4:4a:78:e0:06:13:17:f9:4c:98:c7:5c:51:34:32:ac:c5:12:
         9a:1a:61:4e:32:0e:eb:e4:a0:94:81:26:cd:e6:22:29:7a:f6:
         1e:30:12:dc:52:64:07:74:73:e2:8a:5c:31:b7:da:fe:0f:4d:
         67:d3:e4:41:32:99:3b:e6:75:87:43:82:2b:42:9b:eb:7b:b9:
         e0:c4:cb:05:13:b1:3f:fe:a0:2a:0b:4e:ab:1f:0c:cb:0e:ff:
         bc:32:d4:c3:d4:c8:20:5a:61:7d:95:dd:b3:c2:45:ad:28:50:
         a5:04:97:2c:cc:60:9a:98:4b:e0:0a:d2:92:f6:f1:f1:09:f9:
         d6:e2:af:58:88:0a:8d:8f:d9:f5:d1:3e:5d:a1:1b:8e:88:a3:
         0d:c0:d7:4a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcZN8YwSDqdr29deqzY4TwX2r5KAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmIwMTkxNzM5YTNjNTJhM2JkMDY3YjMwN2VmMmJjMDVm
NTFkYTUyOTRmMWQxYmY0MDM5ZmY0NzhhNjI3NzU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF5prljsDoQAtT1y2lTu6c9s87ypX4Jj2w9uOrPQMAlZdz
D5W54ycsArZ+ZHZlxu2ao2AAwSJY2+7B3COZPTWTAjr+2J8as1y+H+E6JrHWoAea
o7Lf3omTEKjXkn0bo7tciweKzE7rh5MoU7EwvtQxB5A26FqWjut1FpUfDoE7dkFO
8PXY5tkbEoxn+j1Cd//h17kEs/0mLfanof2cuz42OzBMwfmU2m6KSw4ZaENzF/pG
OTmrnI+oohpimR/zF7/ljUUo8vKQTP3fcmEv0NregjaT61gyrqSvI4u/lb87C2eB
sNhiQng0n2PgU59rADkaUq907876S/VBD6YCw76rAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0sk7XG/vj8UnCVDFDdxMLnWMSpAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcyZTliZWQwLTAyNmEtNDBmMS1iMDU2LWE5OTcyNjE0ZDUzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNTANBgkqhkiG9w0BAQsFAAOCAQEAiNTceC00uDbKuhv8C27wF96xZBH0
bBxgwC76GS8a79C20Rv0oeA7vDNGq1Vt0RzFoGP3GhQSOnvctSkvb32rMwsyn54x
3XGNNECsnJs9ZB8nttwnZ39zqFudgwmd2XpYFM8rQk7NdmwYy9ZV9Ep44AYTF/lM
mMdcUTQyrMUSmhphTjIO6+SglIEmzeYiKXr2HjAS3FJkB3Rz4opcMbfa/g9NZ9Pk
QTKZO+Z1h0OCK0Kb63u54MTLBROxP/6gKgtOqx8Myw7/vDLUw9TIIFphfZXds8JF
rShQpQSXLMxgmphL4ArSkvbx8Qn51uKvWIgKjY/Z9dE+XaEbjoijDcDXSg==
-----END CERTIFICATE-----