Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a24419c6-a138-4fd2-8875-01dce0af0bc1.roa
File:                     a24419c6-a138-4fd2-8875-01dce0af0bc1.roa (raw, json)
Hash identifier:          k69rK6PlNfOE/kFkkZCH8GS+AmuTNHqpZ/BE3O+8WK8=
Subject key identifier:   9D:33:B7:7C:E4:92:55:9A:28:D2:98:87:A5:64:D5:A0:60:55:18:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C34AA54A91D0B1D61E5C253C7688B5647979599
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a24419c6-a138-4fd2-8875-01dce0af0bc1.roa
Signing time:             Tue 16 Apr 2024 00:00:00 +0000
ROA not before:           Tue 16 Apr 2024 00:00:00 +0000
ROA not after:            Tue 21 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.32.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 26 Apr 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:34:aa:54:a9:1d:0b:1d:61:e5:c2:53:c7:68:8b:56:47:97:95:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 16 00:00:00 2024 GMT
            Not After : May 21 23:59:59 2024 GMT
        Subject: serialNumber=944f0bd83576ae59610936cf139f87ad7c8c9a7e9faf17d88e870084b3104930, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:31:e2:96:e9:f5:ce:90:2f:86:45:87:7e:d8:
                    53:60:d3:58:9d:06:8d:b6:ca:79:83:3e:d0:6e:77:
                    00:62:c7:da:df:79:56:e9:da:bd:2d:3d:1a:ba:0e:
                    85:4e:dd:3d:d9:de:a3:7a:51:a4:c3:12:ba:70:39:
                    8a:60:66:65:58:96:b2:4c:8c:af:a4:69:8e:b0:1b:
                    b8:31:d0:55:51:85:05:52:e7:2f:76:e9:62:b4:f2:
                    f7:2b:c4:ca:61:62:50:cc:3a:f9:08:02:2a:68:1c:
                    64:35:12:9a:0b:d8:92:6a:91:28:c1:f4:90:ed:a8:
                    61:72:db:11:68:3b:b7:67:ea:ab:36:1d:c3:5f:65:
                    ef:88:b8:5f:9e:4d:a5:89:55:81:2b:d6:59:10:19:
                    c4:4f:0f:ab:ac:f1:96:96:fa:5b:b6:fd:a0:84:9c:
                    fc:f4:aa:72:e4:e4:f6:99:f1:bc:fa:14:87:15:ee:
                    97:46:94:2d:b8:77:bd:2e:89:5b:d0:58:b1:51:8a:
                    e0:e9:0e:01:59:f6:56:f4:18:cc:8b:7f:be:7f:fb:
                    9b:23:4b:70:7e:f2:8f:e5:a3:2d:99:04:77:65:04:
                    2b:a1:a7:e0:6e:89:16:b7:b6:62:a3:7e:eb:be:d5:
                    f9:b1:f4:40:49:ff:d4:9f:3e:2e:38:38:81:2f:76:
                    25:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:33:B7:7C:E4:92:55:9A:28:D2:98:87:A5:64:D5:A0:60:55:18:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a24419c6-a138-4fd2-8875-01dce0af0bc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         aa:58:f2:ce:ba:24:47:78:6a:a8:c4:5d:cf:dc:fd:b6:39:48:
         0c:75:1f:bb:43:28:da:34:f5:3b:25:ca:0c:34:99:41:fd:9d:
         ee:ae:c8:2a:0c:75:9d:f0:0b:e6:64:a5:97:0e:81:9f:bf:1a:
         7b:20:39:ab:5f:90:aa:53:d6:99:2b:05:c2:c0:9c:29:81:69:
         f6:9b:dd:36:87:4f:94:56:54:fd:22:82:49:e3:1e:b7:68:0b:
         fe:12:1a:07:e1:93:5f:67:60:f2:b3:09:bf:4d:e6:5d:e0:47:
         ff:26:bb:7a:bc:46:bc:76:fc:33:85:22:db:10:37:eb:59:5b:
         c4:93:f0:4c:e5:5d:64:a4:1d:ac:e4:85:69:33:b8:12:ab:6c:
         0c:13:b5:2c:e2:6d:69:7c:e2:94:f4:0a:ee:b0:b0:5b:b3:fe:
         5d:48:19:fc:51:2d:83:d8:57:ed:52:85:7a:89:9c:16:1f:2f:
         71:c0:64:94:96:7c:f2:53:1d:1c:bc:59:db:82:b6:cd:14:ac:
         df:11:3d:db:c4:7d:26:cc:97:a2:63:f5:ad:e6:c8:f3:96:fd:
         44:80:c0:c6:e9:1f:ab:93:96:65:06:21:ff:06:57:7b:8f:7c:
         4d:bb:c0:5f:89:1f:d4:56:6d:fb:69:db:04:88:06:bf:48:af:
         0c:20:25:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHDSqVKkdCx1h5cJTx2iLVkeXlZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE2MDAwMDAwWhcNMjQwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDRmMGJkODM1NzZhZTU5NjEwOTM2Y2YxMzlmODdhZDdj
OGM5YTdlOWZhZjE3ZDg4ZTg3MDA4NGIzMTA0OTMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDyMeKW6fXOkC+GRYd+2FNg01idBo22ynmDPtBudwBix9rf
eVbp2r0tPRq6DoVO3T3Z3qN6UaTDErpwOYpgZmVYlrJMjK+kaY6wG7gx0FVRhQVS
5y926WK08vcrxMphYlDMOvkIAipoHGQ1EpoL2JJqkSjB9JDtqGFy2xFoO7dn6qs2
HcNfZe+IuF+eTaWJVYEr1lkQGcRPD6us8ZaW+lu2/aCEnPz0qnLk5PaZ8bz6FIcV
7pdGlC24d70uiVvQWLFRiuDpDgFZ9lb0GMyLf75/+5sjS3B+8o/loy2ZBHdlBCuh
p+BuiRa3tmKjfuu+1fmx9EBJ/9SfPi44OIEvdiWlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnTO3fOSSVZoo0piHpWTVoGBVGCYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyNDQxOWM2LWExMzgtNGZkMi04ODc1LTAxZGNlMGFmMGJjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjliAwDQYJKoZIhvcNAQELBQADggEBAKpY8s66JEd4aqjEXc/c/bY5SAx1
H7tDKNo09Tslygw0mUH9ne6uyCoMdZ3wC+ZkpZcOgZ+/GnsgOatfkKpT1pkrBcLA
nCmBafab3TaHT5RWVP0igknjHrdoC/4SGgfhk19nYPKzCb9N5l3gR/8mu3q8Rrx2
/DOFItsQN+tZW8ST8EzlXWSkHazkhWkzuBKrbAwTtSzibWl84pT0Cu6wsFuz/l1I
GfxRLYPYV+1ShXqJnBYfL3HAZJSWfPJTHRy8WduCts0UrN8RPdvEfSbMl6Jj9a3m
yPOW/USAwMbpH6uTlmUGIf8GV3uPfE27wF+JH9RWbftp2wSIBr9IrwwgJdA=
-----END CERTIFICATE-----