Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab21c5f9-ce84-4471-a364-da93073d3430.roa
File:                     ab21c5f9-ce84-4471-a364-da93073d3430.roa (raw, json)
Hash identifier:          TiDv9MUKOPWIrZ0vioinYh8romaP5+sr03e2CHuZWes=
Subject key identifier:   91:76:8B:A7:68:4F:88:0D:0D:F8:34:AA:B5:F2:D9:BC:B7:5B:CB:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       E73BE8510F9CC21E3E67D7DD4306551B59819D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab21c5f9-ce84-4471-a364-da93073d3430.roa
Signing time:             Thu 18 Apr 2024 00:00:00 +0000
ROA not before:           Thu 18 Apr 2024 00:00:00 +0000
ROA not after:            Thu 23 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        199.35.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 04 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e7:3b:e8:51:0f:9c:c2:1e:3e:67:d7:dd:43:06:55:1b:59:81:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 18 00:00:00 2024 GMT
            Not After : May 23 23:59:59 2024 GMT
        Subject: serialNumber=57036bbebedebcb3c0fe04035d8a671265841406d1aade0d0c7ef0c672c91ec6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7a:b7:42:5a:2c:87:3a:ef:57:6b:c2:47:da:
                    e2:6d:e9:e5:54:4d:8b:5c:63:12:1f:1e:0c:63:56:
                    44:42:f0:f2:5f:7e:ec:47:f8:8a:23:36:26:13:54:
                    33:8f:6d:9e:c7:28:3c:82:38:8c:65:be:7f:1c:e2:
                    62:27:71:11:15:44:36:1f:d2:b6:cd:45:68:85:f4:
                    fd:49:a5:05:b9:13:47:21:7e:6e:70:8c:9d:db:54:
                    62:3a:09:cb:38:5d:7e:41:42:47:03:1e:34:4f:45:
                    5a:90:c3:5b:3f:55:9a:e1:52:4e:29:eb:61:6b:f4:
                    d4:b7:f1:e5:e8:ca:0d:5e:55:a5:99:b5:1d:61:89:
                    ef:56:32:62:26:07:8f:57:89:43:8d:6c:94:18:50:
                    be:c4:52:d7:1b:ea:76:5d:cf:62:1c:79:ba:73:72:
                    d6:48:81:bb:6e:3f:24:0e:cd:f3:32:97:d1:2e:1f:
                    fe:08:aa:48:b1:92:48:5a:93:60:e3:16:a1:d9:8f:
                    80:8a:95:ef:68:48:4c:16:f0:21:a3:0d:18:29:c9:
                    1b:f9:69:0f:50:e3:a3:ae:91:22:87:5b:cb:d7:c2:
                    8c:09:66:d0:67:fd:e1:ff:3c:d9:88:a7:2e:8c:d2:
                    89:01:d6:20:ab:88:7a:67:49:c6:6c:5b:b2:75:42:
                    61:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:76:8B:A7:68:4F:88:0D:0D:F8:34:AA:B5:F2:D9:BC:B7:5B:CB:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab21c5f9-ce84-4471-a364-da93073d3430.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.35.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         97:78:06:c0:bb:cd:9f:68:cc:06:98:55:d7:7c:f1:e6:db:4f:
         d1:2c:53:0b:d4:fa:e5:71:bc:c2:09:85:f6:f4:19:fe:98:13:
         90:87:cb:84:8b:4a:43:83:0b:49:94:ce:cd:b5:e2:0b:e2:85:
         ea:75:4e:a1:3b:4f:73:7e:17:b8:c4:51:24:9f:59:6a:7c:ec:
         52:1b:e6:e6:91:96:8a:36:4e:f9:1f:d0:3f:81:da:73:1b:f4:
         c1:3d:61:b8:3b:64:bf:45:4d:f7:bc:73:68:45:59:36:9c:e8:
         05:72:b1:b5:a7:81:a6:d9:eb:d3:86:c8:6b:51:12:c9:8a:b0:
         71:c0:6a:7c:3f:58:2c:4e:bd:1b:d3:61:5b:ec:96:8f:ca:6b:
         a5:3a:e3:58:d7:c8:86:7b:17:ef:f4:01:e0:ea:d7:fd:b7:4c:
         69:4d:43:b4:44:c4:11:f0:48:42:91:c7:4e:b9:b4:00:2d:81:
         23:63:24:98:26:09:ad:81:b8:55:8a:13:83:e2:47:21:f5:a0:
         bc:36:ff:af:ed:9b:7b:b4:17:e5:61:03:e0:33:3c:a3:61:bb:
         c7:b2:e2:7d:42:bd:d9:49:13:82:f0:d0:31:1f:83:fb:ef:ad:
         d1:6e:51:d6:d7:79:33:02:80:58:ce:ac:94:c6:c5:6d:93:8c:
         f9:cb:51:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAOc76FEPnMIePmfX3UMGVRtZgZ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE4MDAwMDAwWhcNMjQwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzAzNmJiZWJlZGViY2IzYzBmZTA0MDM1ZDhhNjcxMjY1
ODQxNDA2ZDFhYWRlMGQwYzdlZjBjNjcyYzkxZWM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKerdCWiyHOu9Xa8JH2uJt6eVUTYtcYxIfHgxjVkRC8PJf
fuxH+IojNiYTVDOPbZ7HKDyCOIxlvn8c4mIncREVRDYf0rbNRWiF9P1JpQW5E0ch
fm5wjJ3bVGI6Ccs4XX5BQkcDHjRPRVqQw1s/VZrhUk4p62Fr9NS38eXoyg1eVaWZ
tR1hie9WMmImB49XiUONbJQYUL7EUtcb6nZdz2IcebpzctZIgbtuPyQOzfMyl9Eu
H/4Iqkixkkhak2DjFqHZj4CKle9oSEwW8CGjDRgpyRv5aQ9Q46OukSKHW8vXwowJ
ZtBn/eH/PNmIpy6M0okB1iCriHpnScZsW7J1QmGZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkXaLp2hPiA0N+DSqtfLZvLdby5MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiMjFjNWY5LWNlODQtNDQ3MS1hMzY0LWRhOTMwNzNkMzQzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXHI0AwDQYJKoZIhvcNAQELBQADggEBAJd4BsC7zZ9ozAaYVdd88ebbT9Es
UwvU+uVxvMIJhfb0Gf6YE5CHy4SLSkODC0mUzs214gvihep1TqE7T3N+F7jEUSSf
WWp87FIb5uaRloo2Tvkf0D+B2nMb9ME9Ybg7ZL9FTfe8c2hFWTac6AVysbWngabZ
69OGyGtREsmKsHHAanw/WCxOvRvTYVvslo/Ka6U641jXyIZ7F+/0AeDq1/23TGlN
Q7RExBHwSEKRx065tAAtgSNjJJgmCa2BuFWKE4PiRyH1oLw2/6/tm3u0F+VhA+Az
PKNhu8ey4n1CvdlJE4Lw0DEfg/vvrdFuUdbXeTMCgFjOrJTGxW2TjPnLUYc=
-----END CERTIFICATE-----