Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b81d1162-84be-4f6b-a765-21bcb51463bf.roa
File:                     b81d1162-84be-4f6b-a765-21bcb51463bf.roa (raw, json)
Hash identifier:          Viddlnk6Jx4Z65daa+hNqlID6YPP+/KzsGkcck2wGh0=
Subject key identifier:   A3:37:F8:83:33:FB:5C:E3:83:73:81:32:BC:CD:FE:9B:29:AE:26:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63DB4CF350972DD95893D210E66DEBADD07B42DF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b81d1162-84be-4f6b-a765-21bcb51463bf.roa
Signing time:             Tue 05 Nov 2024 00:00:00 +0000
ROA not before:           Tue 05 Nov 2024 00:00:00 +0000
ROA not after:            Tue 10 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        75.47.0.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:db:4c:f3:50:97:2d:d9:58:93:d2:10:e6:6d:eb:ad:d0:7b:42:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:00:00 2024 GMT
            Not After : Dec 10 23:59:59 2024 GMT
        Subject: serialNumber=0ca0619c27790dbbbaf478c3dad96b10ad97b4758a7d896133d19baf15b4c8d2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:df:32:81:e0:79:d4:f1:0f:cb:69:03:d0:32:
                    d9:13:4e:c3:d2:ab:bc:24:7e:80:5a:52:42:94:28:
                    06:b3:cc:89:1a:ec:d4:40:69:6c:9b:2f:c0:ac:b8:
                    4a:ff:de:36:68:cf:17:84:c0:d2:b3:f7:71:d2:e8:
                    5c:e7:3c:18:e7:f1:9d:9a:ae:f4:bd:c0:ff:5e:fc:
                    54:bc:6a:3d:7d:8f:b1:40:65:1a:1b:ac:98:ad:52:
                    a9:fc:c6:60:40:b2:b9:67:9e:a0:a7:07:c1:c8:42:
                    f9:9c:ec:c9:be:03:84:74:93:dd:28:2d:ed:6e:9d:
                    1e:8f:35:52:a7:cc:af:fb:fe:8b:6a:c8:cd:21:a5:
                    2e:e7:49:0d:15:11:dd:36:e3:53:b2:5f:42:29:5e:
                    f1:fe:4c:15:c6:0d:20:c5:a7:2b:82:8b:f6:e1:1d:
                    81:9e:77:ec:3d:a4:5c:39:76:7a:42:24:f0:82:53:
                    13:49:f3:2f:f9:30:86:e9:1e:d3:2b:48:0f:62:a2:
                    d5:19:2e:6b:53:57:33:52:b3:71:ad:ea:4a:32:1c:
                    3d:4d:cf:63:d2:40:dc:54:ac:b5:e4:95:58:fd:91:
                    41:5a:29:eb:05:4e:cc:46:55:04:3d:f2:ec:43:1c:
                    1c:71:ad:71:d0:85:61:ba:f8:ae:dc:17:f0:a6:fe:
                    62:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:37:F8:83:33:FB:5C:E3:83:73:81:32:BC:CD:FE:9B:29:AE:26:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b81d1162-84be-4f6b-a765-21bcb51463bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.47.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         60:ee:4b:7d:6e:fc:55:ab:13:29:47:e6:d5:2a:6c:a8:1f:65:
         3b:3b:71:97:9e:5d:70:19:ca:29:1a:04:83:c4:65:5b:67:05:
         5b:65:9d:47:de:7d:73:60:3a:fe:66:db:3a:b9:1a:f3:1c:15:
         cf:fd:13:45:2b:c6:60:f2:3f:a0:f5:79:60:45:ac:39:43:50:
         5c:9f:4d:61:9f:c5:47:af:94:62:5d:82:af:76:60:af:76:32:
         f0:a1:22:28:69:91:8b:4c:eb:bf:12:fe:83:86:d2:2e:04:ff:
         ec:bb:8e:be:d9:56:50:ab:dc:cf:99:70:0c:75:d3:06:d4:ce:
         33:a6:53:f5:cd:15:12:9b:7f:12:d6:0b:b2:1c:4a:6c:bf:eb:
         56:0f:71:22:f3:76:58:ae:24:90:15:e2:61:49:9b:1b:24:c9:
         f5:17:9c:f2:11:6b:d6:23:c7:72:16:46:7d:cf:a2:0f:97:c1:
         00:04:a4:39:32:be:de:2e:c6:00:62:f8:b4:fb:e2:d6:1c:fe:
         ba:2c:09:1f:8f:46:36:9b:56:4c:06:f4:a4:e8:4d:a0:d1:50:
         b9:2c:cc:49:29:f8:19:98:91:b6:cd:47:2d:c2:ca:8c:2d:e9:
         f4:cb:bb:df:16:a3:fb:28:a0:41:bd:dd:d6:8d:a8:4c:c3:da:
         a1:82:c0:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY9tM81CXLdlYk9IQ5m3rrdB7Qt8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTA1MDAwMDAwWhcNMjQxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwY2EwNjE5YzI3NzkwZGJiYmFmNDc4YzNkYWQ5NmIxMGFk
OTdiNDc1OGE3ZDg5NjEzM2QxOWJhZjE1YjRjOGQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq3zKB4HnU8Q/LaQPQMtkTTsPSq7wkfoBaUkKUKAazzIka
7NRAaWybL8CsuEr/3jZozxeEwNKz93HS6FznPBjn8Z2arvS9wP9e/FS8aj19j7FA
ZRobrJitUqn8xmBAsrlnnqCnB8HIQvmc7Mm+A4R0k90oLe1unR6PNVKnzK/7/otq
yM0hpS7nSQ0VEd0241OyX0IpXvH+TBXGDSDFpyuCi/bhHYGed+w9pFw5dnpCJPCC
UxNJ8y/5MIbpHtMrSA9iotUZLmtTVzNSs3Gt6koyHD1Nz2PSQNxUrLXklVj9kUFa
KesFTsxGVQQ98uxDHBxxrXHQhWG6+K7cF/Cm/mJJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUozf4gzP7XOODc4EyvM3+mymuJogwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4MWQxMTYyLTg0YmUtNGY2Yi1hNzY1LTIxYmNiNTE0NjNiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZLLwAwDQYJKoZIhvcNAQELBQADggEBAGDuS31u/FWrEylH5tUqbKgfZTs7
cZeeXXAZyikaBIPEZVtnBVtlnUfefXNgOv5m2zq5GvMcFc/9E0UrxmDyP6D1eWBF
rDlDUFyfTWGfxUevlGJdgq92YK92MvChIihpkYtM678S/oOG0i4E/+y7jr7ZVlCr
3M+ZcAx10wbUzjOmU/XNFRKbfxLWC7IcSmy/61YPcSLzdliuJJAV4mFJmxskyfUX
nPIRa9Yjx3IWRn3Pog+XwQAEpDkyvt4uxgBi+LT74tYc/rosCR+PRjabVkwG9KTo
TaDRULkszEkp+BmYkbbNRy3Cyowt6fTLu98Wo/sooEG93daNqEzD2qGCwFY=
-----END CERTIFICATE-----