Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa
File:                     8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa (raw, json)
Hash identifier:          WqLPmgHWnS0iQesyMSTJXf8lX7ouXxiSeBCjvbWK4YE=
Subject key identifier:   06:9B:AA:8D:BB:10:3E:34:E3:12:C1:26:8A:72:A5:63:E2:34:41:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       313C4CFE048B25D2CD030FCC54617BCB358522C7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        23.254.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Sep 2023 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:3c:4c:fe:04:8b:25:d2:cd:03:0f:cc:54:61:7b:cb:35:85:22:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=1cf6024858f7aaeaa4ea6e649e7ef22f609c940c98b35d570c7149b6db2e7249, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:92:16:b3:37:3e:a3:1c:5b:57:7e:18:65:7b:
                    68:e3:f9:bb:9b:b1:94:20:60:85:51:31:5a:b9:6b:
                    21:d2:05:6a:a6:64:fa:52:a1:aa:23:ce:ca:99:f6:
                    7d:d0:e1:da:37:37:01:e9:ab:7a:72:72:1f:23:3f:
                    cf:70:07:a9:b7:83:89:f8:3f:06:52:19:68:6e:4f:
                    fb:03:1c:c5:53:09:68:e4:81:44:86:20:3b:28:0f:
                    ed:e8:6d:75:56:28:a0:97:78:d9:c1:9d:7c:37:c0:
                    48:a6:7d:28:a1:16:43:04:a0:24:da:82:9d:a6:01:
                    47:3e:27:56:3b:88:ba:5a:88:3c:61:91:74:ec:a5:
                    f7:d7:7b:f1:58:0e:a6:de:4a:f3:e8:a0:03:b2:83:
                    c3:dd:18:44:d8:65:3a:0f:26:63:a3:ea:af:3f:78:
                    87:c0:d3:59:73:db:69:7e:f8:27:6a:68:72:f9:ea:
                    9b:72:d2:99:2d:2d:49:24:b8:68:a1:cb:cf:3e:89:
                    b5:e2:9b:ed:cc:1d:db:b0:3e:6b:b5:34:3c:97:70:
                    d6:3a:51:1f:bf:84:23:62:83:0b:8b:c4:3b:a0:fe:
                    3b:9c:38:07:c8:06:3e:76:4b:c2:74:43:9f:e5:ff:
                    fb:a7:5c:c0:a2:ba:01:63:46:5a:29:1e:77:4f:a2:
                    c4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:9B:AA:8D:BB:10:3E:34:E3:12:C1:26:8A:72:A5:63:E2:34:41:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.254.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         3f:bc:84:27:b6:96:e8:b3:9d:e1:b9:7c:61:98:54:8b:87:68:
         ed:39:d7:04:79:cc:cf:bb:35:fb:ef:b4:4c:93:1f:3d:88:d7:
         33:14:25:76:11:9c:d0:1e:37:78:8f:27:59:19:85:45:8f:1e:
         b9:28:8f:87:e1:ce:c4:2d:bf:93:55:19:65:ee:de:5f:da:13:
         a6:1e:0d:63:22:8b:71:c9:ae:55:0b:c2:fd:e3:e0:7b:94:26:
         96:c3:77:f0:0b:6f:5e:61:a0:bd:6b:10:cd:79:3d:ea:06:3c:
         10:95:28:20:ef:40:ea:7e:7b:7d:c0:cb:7d:3e:43:68:fa:d0:
         70:28:23:48:3f:97:13:12:a0:95:57:f1:8c:55:55:28:c4:c2:
         48:0a:11:c2:58:9e:c1:1b:e8:81:65:aa:18:06:b6:6d:dd:79:
         0b:f0:83:9f:57:d3:9e:f0:c1:4a:5c:24:bb:89:e9:b1:38:77:
         2f:b6:12:ff:51:62:80:68:bd:31:79:2f:5f:cd:8f:8d:d5:8e:
         06:d3:27:da:29:ce:3a:88:85:1f:f5:1e:1d:f6:96:0c:57:d1:
         bb:0b:77:47:5b:90:87:46:ad:00:13:7d:b4:a5:33:de:9e:d2:
         e1:e3:52:7c:04:a0:01:db:b9:91:2c:92:a3:69:70:d3:2c:40:
         e2:c5:cd:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMTxM/gSLJdLNAw/MVGF7yzWFIscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMwOTIyMDAwMDAwWhcNMjMxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxY2Y2MDI0ODU4ZjdhYWVhYTRlYTZlNjQ5ZTdlZjIyZjYw
OWM5NDBjOThiMzVkNTcwYzcxNDliNmRiMmU3MjQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCakhazNz6jHFtXfhhle2jj+bubsZQgYIVRMVq5ayHSBWqm
ZPpSoaojzsqZ9n3Q4do3NwHpq3pych8jP89wB6m3g4n4PwZSGWhuT/sDHMVTCWjk
gUSGIDsoD+3obXVWKKCXeNnBnXw3wEimfSihFkMEoCTagp2mAUc+J1Y7iLpaiDxh
kXTspffXe/FYDqbeSvPooAOyg8PdGETYZToPJmOj6q8/eIfA01lz22l++CdqaHL5
6pty0pktLUkkuGihy88+ibXim+3MHduwPmu1NDyXcNY6UR+/hCNigwuLxDug/juc
OAfIBj52S8J0Q5/l//unXMCiugFjRlopHndPosTVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBpuqjbsQPjTjEsEminKlY+I0QY4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhmZWE4MTNhLWRkOGUtNGM2MC1iNzAxLTc2Y2I1ZjBlNjA3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcX/gAwDQYJKoZIhvcNAQELBQADggEBAD+8hCe2luizneG5fGGYVIuHaO05
1wR5zM+7NfvvtEyTHz2I1zMUJXYRnNAeN3iPJ1kZhUWPHrkoj4fhzsQtv5NVGWXu
3l/aE6YeDWMii3HJrlULwv3j4HuUJpbDd/ALb15hoL1rEM15PeoGPBCVKCDvQOp+
e33Ay30+Q2j60HAoI0g/lxMSoJVX8YxVVSjEwkgKEcJYnsEb6IFlqhgGtm3deQvw
g59X057wwUpcJLuJ6bE4dy+2Ev9RYoBovTF5L1/Nj43VjgbTJ9opzjqIhR/1Hh32
lgxX0bsLd0dbkIdGrQATfbSlM96e0uHjUnwEoAHbuZEskqNpcNMsQOLFzYE=
-----END CERTIFICATE-----