Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a740bdf5-4421-4ea8-bb60-33d4cd558809.roa
File:                     a740bdf5-4421-4ea8-bb60-33d4cd558809.roa (raw, json)
Hash identifier:          jm6HmFTbkdDBC3pBd4dV+3K8M2mw+oUkgC5HwlwAEMI=
Subject key identifier:   F1:61:5E:F8:C0:42:37:75:A7:28:82:FE:DE:5C:F4:1C:8C:B9:ED:EE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AF31AC0357C301C078A592BBD942357F6021427
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a740bdf5-4421-4ea8-bb60-33d4cd558809.roa
Signing time:             Fri 26 Apr 2024 00:00:00 +0000
ROA not before:           Fri 26 Apr 2024 00:00:00 +0000
ROA not after:            Fri 31 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        150.247.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 10 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:f3:1a:c0:35:7c:30:1c:07:8a:59:2b:bd:94:23:57:f6:02:14:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 26 00:00:00 2024 GMT
            Not After : May 31 23:59:59 2024 GMT
        Subject: serialNumber=51c4b8b9ba30954365c2ad4e751621285953da70f6aa2444c742112738945f74, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:74:e5:72:6e:af:3c:b1:79:6e:c7:38:7b:d9:
                    9d:19:4e:80:3b:f8:06:f1:ea:7f:28:cd:87:de:6c:
                    5e:69:6f:d9:c7:ee:22:c7:ba:fb:f4:fa:1a:86:59:
                    b3:e1:77:7f:dc:59:27:23:4a:c8:9f:a7:91:95:4e:
                    33:d7:87:ac:ef:f9:45:d3:cc:81:4c:01:c4:4f:ed:
                    b7:a4:16:37:34:e8:56:2e:dc:3b:29:b9:f5:e0:f5:
                    75:5d:42:67:bc:94:77:bb:bc:d2:e9:37:06:2e:cf:
                    49:58:55:97:01:0e:17:1b:d5:39:d3:3f:5b:67:9c:
                    6a:3d:9a:76:2a:b6:8d:d9:e2:2a:27:7d:1c:94:9b:
                    4a:a7:64:2b:fd:a4:0d:a8:02:7c:4b:52:78:16:5f:
                    1b:c2:95:2d:cf:5b:da:fd:b9:a0:b0:1d:ee:97:7a:
                    97:04:f6:7d:c3:d9:fb:ab:e4:37:bb:8e:72:84:06:
                    33:b6:8e:62:1d:a6:bb:cb:d7:a0:00:35:ea:f3:e3:
                    91:6c:ff:78:33:69:9d:c5:0d:9a:89:16:5b:9d:0e:
                    ca:57:84:f0:7f:09:2c:28:3d:2b:ae:99:e3:17:4e:
                    57:bf:15:f8:39:4b:b1:5c:d2:01:c2:d3:0b:9e:2d:
                    73:1e:a2:ae:eb:97:80:fc:e3:3f:21:2d:8e:b8:e7:
                    89:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:61:5E:F8:C0:42:37:75:A7:28:82:FE:DE:5C:F4:1C:8C:B9:ED:EE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a740bdf5-4421-4ea8-bb60-33d4cd558809.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.247.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0a:4d:3a:39:1d:16:ab:21:5d:cd:a3:17:67:c2:63:98:e4:1a:
         0e:57:a0:77:9e:9e:ca:fd:27:46:3d:05:18:02:98:71:e4:25:
         67:4b:91:77:73:70:6f:d9:ba:57:f7:da:90:e5:53:6e:4f:23:
         30:7a:53:ab:79:2b:d2:ff:df:ea:24:08:64:c9:b9:eb:58:e1:
         e7:b3:c5:07:52:40:65:f7:c5:27:82:80:7b:11:f3:6d:48:90:
         93:b7:ec:b4:d7:cb:94:c7:e2:55:66:ec:eb:b3:6a:e1:0a:f2:
         99:14:be:aa:63:ab:b8:9d:88:b6:4a:2f:fa:2f:58:45:f8:b9:
         d4:38:44:42:24:62:f3:a9:c9:42:c5:f7:36:7c:1d:cb:a8:66:
         53:95:40:14:1a:64:96:b8:43:42:94:f6:08:e7:db:5a:55:e9:
         dd:ee:07:7b:27:74:1a:47:55:4b:ca:93:dc:29:35:02:39:01:
         ac:ab:a9:ec:ed:f7:60:e8:b9:46:26:e2:2c:bd:d3:9b:07:31:
         5e:9f:82:ad:ea:4e:44:0f:3d:c1:af:9d:bd:18:a7:f3:29:e2:
         41:bb:e4:cb:ea:44:51:9e:4b:09:82:75:1c:71:f9:94:d0:62:
         24:64:99:0b:d2:7d:55:cc:ac:bb:f1:2d:15:55:fb:be:53:1c:
         a8:dd:71:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUevMawDV8MBwHilkrvZQjV/YCFCcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDI2MDAwMDAwWhcNMjQwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWM0YjhiOWJhMzA5NTQzNjVjMmFkNGU3NTE2MjEyODU5
NTNkYTcwZjZhYTI0NDRjNzQyMTEyNzM4OTQ1Zjc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDddOVybq88sXluxzh72Z0ZToA7+Abx6n8ozYfebF5pb9nH
7iLHuvv0+hqGWbPhd3/cWScjSsifp5GVTjPXh6zv+UXTzIFMAcRP7bekFjc06FYu
3DspufXg9XVdQme8lHe7vNLpNwYuz0lYVZcBDhcb1TnTP1tnnGo9mnYqto3Z4ion
fRyUm0qnZCv9pA2oAnxLUngWXxvClS3PW9r9uaCwHe6XepcE9n3D2fur5De7jnKE
BjO2jmIdprvL16AANerz45Fs/3gzaZ3FDZqJFludDspXhPB/CSwoPSuumeMXTle/
Ffg5S7Fc0gHC0wueLXMeoq7rl4D84z8hLY6454npAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8WFe+MBCN3WnKIL+3lz0HIy57e4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3NDBiZGY1LTQ0MjEtNGVhOC1iYjYwLTMzZDRjZDU1ODgwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASW9yAwDQYJKoZIhvcNAQELBQADggEBAApNOjkdFqshXc2jF2fCY5jkGg5X
oHeensr9J0Y9BRgCmHHkJWdLkXdzcG/Zulf32pDlU25PIzB6U6t5K9L/3+okCGTJ
uetY4eezxQdSQGX3xSeCgHsR821IkJO37LTXy5TH4lVm7OuzauEK8pkUvqpjq7id
iLZKL/ovWEX4udQ4REIkYvOpyULF9zZ8HcuoZlOVQBQaZJa4Q0KU9gjn21pV6d3u
B3sndBpHVUvKk9wpNQI5Aayrqezt92DouUYm4iy905sHMV6fgq3qTkQPPcGvnb0Y
p/Mp4kG75MvqRFGeSwmCdRxx+ZTQYiRkmQvSfVXMrLvxLRVV+75THKjdccs=
-----END CERTIFICATE-----