Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1d2c06d-5355-465b-8d51-dfef82b5d000.roa
File:                     c1d2c06d-5355-465b-8d51-dfef82b5d000.roa (raw, json)
Hash identifier:          L6Hrcas5EpqG50cRAE0HRaqkHHkfdb3X3gU7I9qO1i8=
Subject key identifier:   37:7B:80:F6:07:23:55:3E:14:DE:67:5C:FC:D0:BC:6C:66:86:CD:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       65B5993414F3EF4D0DA3DA27270198A4182F698F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1d2c06d-5355-465b-8d51-dfef82b5d000.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        161.99.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Sep 2023 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:b5:99:34:14:f3:ef:4d:0d:a3:da:27:27:01:98:a4:18:2f:69:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=c0957ed147622ba239df51da55256ce92a75ba236fdba822c4457cc09cfcf163, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:2d:ab:98:6c:d4:a3:f6:3d:5b:9f:0a:e9:bb:
                    d3:a3:72:56:25:02:08:72:56:90:be:d2:ae:ac:11:
                    64:be:46:90:e3:a4:b7:85:23:7b:c1:d0:bc:43:31:
                    a2:38:c8:4b:58:f3:82:02:e9:5d:91:a5:9e:16:d0:
                    53:a8:f3:f4:0e:a6:d7:8b:af:83:d4:19:49:19:51:
                    03:4d:46:3b:2c:ca:f2:14:88:f0:78:52:98:ea:52:
                    90:d1:0f:e3:d8:aa:a7:7b:dd:d3:dd:31:df:81:9c:
                    f6:91:94:b9:24:8f:9f:8c:9b:ca:8b:6a:c2:ac:b0:
                    46:4c:03:ce:a4:b1:a0:0f:d3:ed:3c:75:83:c8:89:
                    3e:9f:aa:ca:6f:09:b8:c4:bb:90:da:0e:b1:3c:61:
                    55:5e:9c:7b:3c:8a:23:6c:4b:9e:d4:be:c2:df:83:
                    dd:81:e4:f8:c7:41:f4:9e:b7:d5:2a:b0:7f:50:6c:
                    25:f3:f3:1b:d9:0c:2f:d2:3f:27:78:1a:ed:a0:3a:
                    98:e0:97:de:66:88:9f:37:df:a9:05:2e:2f:b5:24:
                    7f:b3:7b:57:1c:90:36:3a:14:f1:5e:2d:6f:d6:65:
                    f6:94:b2:41:c8:92:25:74:77:d1:e7:ad:ae:33:d7:
                    f1:ac:71:8e:18:00:ec:11:3a:96:38:17:f8:b9:9f:
                    eb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:7B:80:F6:07:23:55:3E:14:DE:67:5C:FC:D0:BC:6C:66:86:CD:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1d2c06d-5355-465b-8d51-dfef82b5d000.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.99.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a9:5a:a6:6f:75:c2:5a:4f:57:59:53:2f:a4:f7:11:17:d8:a1:
         c7:86:30:89:b8:07:d8:24:59:ae:0b:cb:66:e9:7c:8a:1b:34:
         31:3e:51:8d:cf:ff:05:80:ca:95:6e:1a:5c:ac:08:ea:e8:42:
         77:00:46:66:6f:de:de:49:90:ec:02:15:a2:26:45:55:7b:96:
         13:43:81:92:53:ea:f8:25:bc:79:67:55:7e:ad:74:23:0d:75:
         6e:10:7d:a7:52:c2:3d:03:80:67:4d:ce:b0:c8:fb:80:1e:a7:
         41:80:21:6c:a2:44:d4:d8:d5:a5:f7:f2:cf:21:be:50:73:1d:
         00:c9:c7:fc:42:0f:86:1f:1f:d7:95:93:1d:64:90:dc:f6:69:
         f9:25:ad:8d:6c:f9:99:65:6d:34:82:be:41:7c:70:0c:c1:6a:
         5f:78:6a:f7:ed:ae:03:4c:61:c0:d9:69:8e:ca:20:07:ee:2f:
         8d:00:3b:a6:4a:03:aa:ed:cb:6a:ab:bb:13:40:dc:0b:89:7a:
         0d:e9:44:a3:4c:6a:71:99:97:3a:e6:92:5e:ce:95:a7:d8:69:
         c2:bb:9f:47:0f:ed:24:ad:e8:97:8a:eb:c9:c8:55:a5:b8:82:
         a6:69:95:e6:6d:e2:fb:e1:93:8f:3c:4b:a5:d6:63:6c:e7:17:
         87:c7:fc:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZbWZNBTz700No9onJwGYpBgvaY8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMwOTIyMDAwMDAwWhcNMjMxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDk1N2VkMTQ3NjIyYmEyMzlkZjUxZGE1NTI1NmNlOTJh
NzViYTIzNmZkYmE4MjJjNDQ1N2NjMDljZmNmMTYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhLauYbNSj9j1bnwrpu9OjclYlAghyVpC+0q6sEWS+RpDj
pLeFI3vB0LxDMaI4yEtY84IC6V2RpZ4W0FOo8/QOpteLr4PUGUkZUQNNRjssyvIU
iPB4UpjqUpDRD+PYqqd73dPdMd+BnPaRlLkkj5+Mm8qLasKssEZMA86ksaAP0+08
dYPIiT6fqspvCbjEu5DaDrE8YVVenHs8iiNsS57UvsLfg92B5PjHQfSet9UqsH9Q
bCXz8xvZDC/SPyd4Gu2gOpjgl95miJ8336kFLi+1JH+ze1cckDY6FPFeLW/WZfaU
skHIkiV0d9Hnra4z1/GscY4YAOwROpY4F/i5n+uNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN3uA9gcjVT4U3mdc/NC8bGaGzVEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxZDJjMDZkLTUzNTUtNDY1Yi04ZDUxLWRmZWY4MmI1ZDAwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAehY4AwDQYJKoZIhvcNAQELBQADggEBAKlapm91wlpPV1lTL6T3ERfYoceG
MIm4B9gkWa4Ly2bpfIobNDE+UY3P/wWAypVuGlysCOroQncARmZv3t5JkOwCFaIm
RVV7lhNDgZJT6vglvHlnVX6tdCMNdW4QfadSwj0DgGdNzrDI+4Aep0GAIWyiRNTY
1aX38s8hvlBzHQDJx/xCD4YfH9eVkx1kkNz2afklrY1s+ZllbTSCvkF8cAzBal94
avftrgNMYcDZaY7KIAfuL40AO6ZKA6rty2qruxNA3AuJeg3pRKNManGZlzrmkl7O
lafYacK7n0cP7SSt6JeK68nIVaW4gqZpleZt4vvhk488S6XWY2znF4fH/Lk=
-----END CERTIFICATE-----