Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c97cba-7083-48f3-8280-ad90bc3bee59.roa
File:                     b3c97cba-7083-48f3-8280-ad90bc3bee59.roa (raw, json)
Hash identifier:          /Mx+1cDNi0kzv9eGygXafkfYgkCACP6qBXVfhlsmwkg=
Subject key identifier:   39:1F:71:B3:77:7C:93:50:53:ED:DD:A0:78:D8:23:E7:E3:BE:05:6B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4879B45D210F23EED4EF4FC423A9BFCC380D456A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c97cba-7083-48f3-8280-ad90bc3bee59.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        192.10.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Sep 2023 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:79:b4:5d:21:0f:23:ee:d4:ef:4f:c4:23:a9:bf:cc:38:0d:45:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=ee7036d6428c6c60506691ea3da9f72642067d06a936c17fc07e7814ca94f673, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:68:98:da:c1:3d:79:c6:40:ea:5d:9b:ff:82:
                    16:54:4b:bb:ac:cd:c5:c0:52:77:77:ac:1c:ce:22:
                    51:cc:48:c8:21:e0:40:e3:df:34:04:7e:eb:29:64:
                    2f:e5:59:86:2c:96:1a:06:2c:73:33:9b:6e:e7:f3:
                    af:c7:1f:ae:0b:0b:8b:4d:ac:75:68:41:05:d0:bd:
                    b4:34:61:d5:71:8f:f1:68:b5:f7:c1:19:04:77:5e:
                    b9:39:3a:18:28:e6:69:07:2f:57:fd:78:af:e1:2f:
                    3f:cc:b0:02:0f:c7:15:59:07:a4:62:36:59:ed:ff:
                    0e:be:9d:e7:09:e6:30:e8:5e:36:e6:01:56:cb:0b:
                    e5:49:04:85:74:4d:ff:20:ed:08:15:98:53:cb:8d:
                    f3:41:10:47:5a:fa:d8:01:de:c9:d2:47:40:16:50:
                    54:6e:41:ba:32:b5:3f:25:9f:96:27:fe:e8:dd:57:
                    50:b4:43:bd:cf:e5:b1:15:48:1c:40:52:50:e9:ac:
                    13:00:c1:7f:c8:29:f5:2e:10:5e:dd:f7:fc:b7:ce:
                    d3:a1:4d:61:70:7a:ed:a2:7b:c7:ce:c6:04:44:ae:
                    50:49:b3:55:d0:69:0f:ef:ed:65:aa:cc:ef:dc:b8:
                    80:f2:52:a9:db:0d:6e:ba:a7:3d:7a:81:74:1e:78:
                    2f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1F:71:B3:77:7C:93:50:53:ED:DD:A0:78:D8:23:E7:E3:BE:05:6B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c97cba-7083-48f3-8280-ad90bc3bee59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ae:df:ce:ca:8b:77:c4:78:aa:83:8f:0a:26:1e:5e:b9:32:dc:
         6a:3a:17:2b:9f:47:77:50:d6:cf:f7:85:8e:ff:39:3f:bd:e0:
         a7:fc:5c:30:77:6e:7d:c6:a6:16:61:64:e8:63:7b:b3:c8:04:
         05:1e:ba:7c:cb:7f:f4:be:bc:10:ee:fd:7f:d7:ab:2b:bb:d6:
         a0:3b:85:10:cb:93:dc:75:69:19:b6:49:fd:b0:97:3f:70:e4:
         27:58:e5:78:be:1f:52:88:5b:54:3e:3d:f9:3d:49:d7:84:d3:
         e7:3e:a9:9d:7e:b8:c4:20:e6:2d:dd:2a:78:97:63:07:d4:fe:
         a5:e4:a3:4c:f9:4a:cb:f4:e5:9f:71:5d:03:c8:3d:51:d1:4e:
         7d:fe:1b:30:cf:01:5c:fa:9e:b6:2e:4b:cb:5e:03:fb:85:2a:
         ea:e6:93:82:9b:ce:0d:c9:3f:ef:57:ff:4f:c4:51:7b:8b:72:
         3a:6e:26:60:72:ee:b4:66:7a:90:f1:a7:ee:7f:20:fb:87:19:
         67:f0:50:d9:ee:e8:41:cd:4e:4f:d5:0a:91:cb:1e:e6:da:40:
         4f:f0:16:bf:14:df:f7:8e:23:46:01:6c:71:63:02:48:44:c9:
         b5:77:1a:f1:29:ac:7f:ae:c4:49:d7:0d:6e:ef:90:d3:6a:ca:
         ec:3f:32:92
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSHm0XSEPI+7U70/EI6m/zDgNRWowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMwOTIyMDAwMDAwWhcNMjMxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTcwMzZkNjQyOGM2YzYwNTA2NjkxZWEzZGE5ZjcyNjQy
MDY3ZDA2YTkzNmMxN2ZjMDdlNzgxNGNhOTRmNjczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQaJjawT15xkDqXZv/ghZUS7uszcXAUnd3rBzOIlHMSMgh
4EDj3zQEfuspZC/lWYYslhoGLHMzm27n86/HH64LC4tNrHVoQQXQvbQ0YdVxj/Fo
tffBGQR3Xrk5Ohgo5mkHL1f9eK/hLz/MsAIPxxVZB6RiNlnt/w6+necJ5jDoXjbm
AVbLC+VJBIV0Tf8g7QgVmFPLjfNBEEda+tgB3snSR0AWUFRuQboytT8ln5Yn/ujd
V1C0Q73P5bEVSBxAUlDprBMAwX/IKfUuEF7d9/y3ztOhTWFweu2ie8fOxgRErlBJ
s1XQaQ/v7WWqzO/cuIDyUqnbDW66pz16gXQeeC/TAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOR9xs3d8k1BT7d2geNgj5+O+BWswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzYzk3Y2JhLTcwODMtNDhmMy04MjgwLWFkOTBiYzNiZWU1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDACjANBgkqhkiG9w0BAQsFAAOCAQEArt/Oyot3xHiqg48KJh5euTLcajoX
K59Hd1DWz/eFjv85P73gp/xcMHdufcamFmFk6GN7s8gEBR66fMt/9L68EO79f9er
K7vWoDuFEMuT3HVpGbZJ/bCXP3DkJ1jleL4fUohbVD49+T1J14TT5z6pnX64xCDm
Ld0qeJdjB9T+peSjTPlKy/Tln3FdA8g9UdFOff4bMM8BXPqeti5Ly14D+4Uq6uaT
gpvODck/71f/T8RRe4tyOm4mYHLutGZ6kPGn7n8g+4cZZ/BQ2e7oQc1OT9UKkcse
5tpAT/AWvxTf944jRgFscWMCSETJtXca8Smsf67ESdcNbu+Q02rK7D8ykg==
-----END CERTIFICATE-----