Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6110a89-0d32-4f4c-b83d-5860fc9480de.roa
File:                     c6110a89-0d32-4f4c-b83d-5860fc9480de.roa (raw, json)
Hash identifier:          e096LdvvvX5if/M1XW+4+QNju9rgaxOwkjSxQeajS14=
Subject key identifier:   0F:F5:E2:FA:11:56:D4:A1:36:06:E9:00:16:88:C6:64:A6:2F:CA:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10E94D87973CF46D05F284C8CA09185AB2DCDA8B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6110a89-0d32-4f4c-b83d-5860fc9480de.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f00:5000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 10 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:e9:4d:87:97:3c:f4:6d:05:f2:84:c8:ca:09:18:5a:b2:dc:da:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=6173d318838e99d4ce386e66728d7d42b69187c36e8929a285ae0c5ce95b15a4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:90:31:77:9b:f5:2a:da:63:e6:b0:8a:50:
                    d1:21:80:0c:fc:f2:a8:51:86:53:aa:56:3b:d4:7d:
                    28:6f:ab:ec:3c:e3:54:26:37:f8:70:54:53:4a:59:
                    a2:5e:63:5c:33:ad:32:7f:7e:0a:f9:8f:17:67:aa:
                    1e:9f:bb:c7:de:76:5b:fe:1a:69:e1:cb:ba:ad:c3:
                    ec:9c:e8:60:f6:a5:cb:41:e1:71:e3:2e:8b:e0:d5:
                    fa:6e:63:cd:53:16:cb:c5:43:e0:21:5d:56:09:64:
                    fb:13:09:81:b6:f7:5e:6d:cf:6b:34:97:51:12:e0:
                    2f:fe:2e:d7:33:52:db:d2:c8:f0:c6:3e:93:18:48:
                    76:f6:d9:6e:81:b9:90:e5:23:35:d3:38:bd:d4:d6:
                    ef:73:c6:6b:4e:08:92:cf:92:98:e1:b0:6e:6b:28:
                    70:74:99:64:9d:57:25:87:31:51:cc:a0:e5:ea:6b:
                    87:3f:fd:cf:99:26:5f:e1:99:6b:76:f5:e3:57:95:
                    36:1e:de:d8:8e:78:27:21:37:59:77:be:14:70:f0:
                    a5:83:24:37:5d:ff:08:d7:67:b0:ab:3f:45:74:23:
                    63:51:5e:b3:6e:5f:c8:0e:a6:9b:a1:35:12:e7:90:
                    fa:51:4f:51:fc:76:da:2e:61:3c:6d:83:0f:8a:b3:
                    00:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F5:E2:FA:11:56:D4:A1:36:06:E9:00:16:88:C6:64:A6:2F:CA:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6110a89-0d32-4f4c-b83d-5860fc9480de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:43:e3:be:38:04:d7:b9:90:1c:a9:6f:32:6e:2b:9c:c4:ab:
         a4:3b:90:c6:4b:db:dc:91:18:4d:43:10:b5:10:d6:38:38:2e:
         a5:2a:25:4c:ea:43:3b:81:88:82:4f:89:36:b3:62:33:0e:c0:
         64:fc:3a:66:a0:82:e2:37:83:eb:5d:4f:5d:72:7b:ef:cc:71:
         5a:cc:f9:7b:f2:ed:97:e9:25:cf:e0:97:9b:de:a4:2f:d7:ed:
         5b:95:69:a0:2e:98:37:f1:00:05:de:54:91:e6:4d:d8:41:e0:
         17:45:02:05:7e:3b:ec:bf:f9:99:e4:7f:ca:71:00:4e:e7:9b:
         c2:2a:ad:61:1d:37:d7:31:4b:c9:15:4b:7b:e2:c9:e8:92:e7:
         65:60:bd:26:d0:1f:64:1f:2a:77:88:30:4f:0e:33:5b:07:8c:
         38:96:e6:b0:15:be:df:59:18:0f:d9:b5:81:9b:8d:8d:f4:0f:
         81:4d:6e:ea:81:0a:71:1e:91:f0:1a:06:57:8d:41:a9:45:1f:
         90:89:47:09:db:59:aa:be:e2:65:f4:03:bb:e3:22:d4:f8:3a:
         52:21:eb:64:08:91:76:cd:6c:fc:f3:f9:1a:6b:56:7e:e2:b9:
         5d:0b:57:ee:28:52:d6:9b:f1:1d:7d:bf:2c:25:90:be:c0:57:
         d2:4e:40:c3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUEOlNh5c89G0F8oTIygkYWrLc2oswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTczZDMxODgzOGU5OWQ0Y2UzODZlNjY3MjhkN2Q0MmI2
OTE4N2MzNmU4OTI5YTI4NWFlMGM1Y2U5NWIxNWE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpupAxd5v1Ktpj5rCKUNEhgAz88qhRhlOqVjvUfShvq+w8
41QmN/hwVFNKWaJeY1wzrTJ/fgr5jxdnqh6fu8fedlv+Gmnhy7qtw+yc6GD2pctB
4XHjLovg1fpuY81TFsvFQ+AhXVYJZPsTCYG2915tz2s0l1ES4C/+LtczUtvSyPDG
PpMYSHb22W6BuZDlIzXTOL3U1u9zxmtOCJLPkpjhsG5rKHB0mWSdVyWHMVHMoOXq
a4c//c+ZJl/hmWt29eNXlTYe3tiOeCchN1l3vhRw8KWDJDdd/wjXZ7CrP0V0I2NR
XrNuX8gOppuhNRLnkPpRT1H8dtouYTxtgw+KswCVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUD/Xi+hFW1KE2BukAFojGZKYvyoQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M2MTEwYTg5LTBkMzItNGY0Yy1iODNkLTU4NjBmYzk0ODBkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8AUDANBgkqhkiG9w0BAQsFAAOCAQEAGUPjvjgE17mQHKlvMm4rnMSr
pDuQxkvb3JEYTUMQtRDWODgupSolTOpDO4GIgk+JNrNiMw7AZPw6ZqCC4jeD611P
XXJ778xxWsz5e/Ltl+klz+CXm96kL9ftW5VpoC6YN/EABd5UkeZN2EHgF0UCBX47
7L/5meR/ynEATuebwiqtYR031zFLyRVLe+LJ6JLnZWC9JtAfZB8qd4gwTw4zWweM
OJbmsBW+31kYD9m1gZuNjfQPgU1u6oEKcR6R8BoGV41BqUUfkIlHCdtZqr7iZfQD
u+Mi1Pg6UiHrZAiRds1s/PP5GmtWfuK5XQtX7ihS1pvxHX2/LCWQvsBX0k5Aww==
-----END CERTIFICATE-----