Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0c30795-f169-4c8b-92e5-239a523f5289.roa
File:                     d0c30795-f169-4c8b-92e5-239a523f5289.roa (raw, json)
Hash identifier:          CpD/ORNBkoXhknKBTXF2rN5ulli2oS2RNOvubBiZObQ=
Subject key identifier:   4F:8B:53:DD:39:CB:BB:FA:80:6E:E1:A8:16:EA:88:C8:D9:57:6D:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AB12B166C98BEA8F7F4E48939C64C4D2AE3BAE5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0c30795-f169-4c8b-92e5-239a523f5289.roa
Signing time:             Wed 10 Apr 2024 00:00:00 +0000
ROA not before:           Wed 10 Apr 2024 00:00:00 +0000
ROA not after:            Wed 15 May 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        76.223.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 03 May 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:b1:2b:16:6c:98:be:a8:f7:f4:e4:89:39:c6:4c:4d:2a:e3:ba:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 10 00:00:00 2024 GMT
            Not After : May 15 23:59:59 2024 GMT
        Subject: serialNumber=4f807e38fcd606abd21645b90e02f6790ae4b5c82d0d14cd543f540f7c0aad9b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6b:04:b4:de:ec:b2:33:2b:c5:9b:56:4a:15:
                    e8:28:a3:6d:9b:15:d3:c4:59:10:38:4e:43:de:28:
                    96:68:bc:2c:a6:5a:76:9d:8f:b1:e3:9c:5c:4e:31:
                    17:98:4d:6e:9b:ca:aa:7a:f9:4f:15:6f:82:2a:48:
                    0e:bb:79:f4:50:e0:35:3d:23:97:2e:ca:78:55:5e:
                    1d:15:f1:5e:6e:96:00:e0:1b:f8:7e:93:34:38:f0:
                    e8:f0:91:cb:fd:22:fd:5a:d3:fd:6f:2a:6a:06:4a:
                    65:76:14:21:13:d2:ce:82:21:ee:7e:57:0c:fe:ad:
                    01:91:99:80:dd:74:9e:d3:1e:b2:51:bc:d4:e5:5b:
                    91:1b:38:f5:b9:42:f8:4c:db:4d:5e:9a:82:64:cf:
                    54:90:c3:71:90:e9:91:b1:29:63:bc:d4:ca:52:20:
                    d2:84:6f:f1:cd:18:f0:01:45:b4:02:93:3c:89:4f:
                    a9:7e:c4:11:cd:4b:c7:32:4b:f3:c7:be:26:4d:dd:
                    97:2c:c7:c1:53:63:59:e5:37:91:40:81:8a:61:c0:
                    c3:87:94:a3:d7:ea:4e:ac:d4:5a:55:77:ec:ee:25:
                    a7:1c:a4:9e:67:f4:f4:a7:62:e6:50:18:d1:56:c2:
                    15:bf:59:9e:35:02:96:c3:3b:2f:df:6b:b6:02:12:
                    9f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:8B:53:DD:39:CB:BB:FA:80:6E:E1:A8:16:EA:88:C8:D9:57:6D:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0c30795-f169-4c8b-92e5-239a523f5289.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         30:b5:ab:e4:9b:c1:f6:7b:b3:58:98:10:db:45:a7:95:b1:f6:
         89:5d:cf:50:d0:f5:24:c6:b0:94:e3:aa:86:1c:27:8c:52:82:
         39:41:20:c5:37:72:f2:64:88:a5:b1:0d:e5:a6:07:45:ed:52:
         30:c0:d0:16:4a:62:97:30:6b:e4:f5:d7:aa:92:ff:5e:3b:c6:
         50:68:82:49:83:e6:95:22:b2:bd:a5:3b:53:a8:0c:d2:c4:d8:
         6b:b9:9d:ec:aa:86:b0:8f:dd:74:93:cc:7b:6f:7e:11:ec:8b:
         c3:2a:51:3f:29:3a:54:cd:db:33:fb:d1:3b:ad:f8:04:9d:96:
         7f:62:a8:ef:4d:00:06:83:1c:d2:c8:36:75:f1:18:b4:08:f8:
         2a:8a:9a:cc:37:99:63:f0:66:22:9b:f8:68:65:75:7a:c9:72:
         67:9e:33:43:3f:13:f5:0e:35:42:a7:6e:1a:f2:1d:a0:2d:e9:
         3f:63:66:ec:01:73:c7:18:9f:33:e3:c1:e4:ba:f3:52:71:4b:
         ea:30:de:f7:be:9e:73:75:9c:f2:fb:28:12:ab:0f:12:ea:ba:
         c9:ee:b8:6b:8f:ee:af:32:ec:3b:fc:9e:8f:8d:2b:7a:85:59:
         a8:f6:76:7b:bc:24:3d:66:f4:87:38:55:18:52:2d:50:4a:50:
         e3:e1:13:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKrErFmyYvqj39OSJOcZMTSrjuuUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDEwMDAwMDAwWhcNMjQwNTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjgwN2UzOGZjZDYwNmFiZDIxNjQ1YjkwZTAyZjY3OTBh
ZTRiNWM4MmQwZDE0Y2Q1NDNmNTQwZjdjMGFhZDliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIawS03uyyMyvFm1ZKFegoo22bFdPEWRA4TkPeKJZovCym
Wnadj7HjnFxOMReYTW6byqp6+U8Vb4IqSA67efRQ4DU9I5cuynhVXh0V8V5ulgDg
G/h+kzQ48Ojwkcv9Iv1a0/1vKmoGSmV2FCET0s6CIe5+Vwz+rQGRmYDddJ7THrJR
vNTlW5EbOPW5QvhM201emoJkz1SQw3GQ6ZGxKWO81MpSINKEb/HNGPABRbQCkzyJ
T6l+xBHNS8cyS/PHviZN3Zcsx8FTY1nlN5FAgYphwMOHlKPX6k6s1FpVd+zuJacc
pJ5n9PSnYuZQGNFWwhW/WZ41ApbDOy/fa7YCEp8dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT4tT3TnLu/qAbuGoFuqIyNlXbZwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwYzMwNzk1LWYxNjktNGM4Yi05MmU1LTIzOWE1MjNmNTI4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdM3wAwDQYJKoZIhvcNAQELBQADggEBADC1q+SbwfZ7s1iYENtFp5Wx9old
z1DQ9STGsJTjqoYcJ4xSgjlBIMU3cvJkiKWxDeWmB0XtUjDA0BZKYpcwa+T116qS
/147xlBogkmD5pUisr2lO1OoDNLE2Gu5neyqhrCP3XSTzHtvfhHsi8MqUT8pOlTN
2zP70Tut+ASdln9iqO9NAAaDHNLINnXxGLQI+CqKmsw3mWPwZiKb+GhldXrJcmee
M0M/E/UONUKnbhryHaAt6T9jZuwBc8cYnzPjweS681JxS+ow3ve+nnN1nPL7KBKr
DxLqusnuuGuP7q8y7Dv8no+NK3qFWaj2dnu8JD1m9Ic4VRhSLVBKUOPhE2c=
-----END CERTIFICATE-----