Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa
File:                     d4a21000-3e1d-4970-8585-41d9313167de.roa (raw, json)
Hash identifier:          N9YiD51IUAKQ9CKi+xTSgT2CQB64DxjR5gxqujIiY9A=
Subject key identifier:   71:C0:32:2F:1A:5B:66:DE:7A:EB:71:2E:A4:61:2D:7E:BB:48:15:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       375C806C7E32D88636525F0B7353CFBF2D951951
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa
Signing time:             Tue 29 Aug 2023 00:00:00 +0000
ROA not before:           Tue 29 Aug 2023 00:00:00 +0000
ROA not after:            Tue 03 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 30 Aug 2023 12:12:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:5c:80:6c:7e:32:d8:86:36:52:5f:0b:73:53:cf:bf:2d:95:19:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 29 00:00:00 2023 GMT
            Not After : Oct  3 23:59:59 2023 GMT
        Subject: serialNumber=3985e918009db77adf35b4c677f25b7b5b21804dfb43292e6cca6a906a5e8107, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:62:0d:06:25:4b:3d:d5:41:a5:df:db:59:b7:
                    85:3f:b7:52:0f:cb:a8:c9:e5:f7:97:4c:dc:54:81:
                    af:19:ed:71:5a:48:a2:21:e0:46:4f:2f:2c:07:26:
                    12:25:d8:81:93:69:35:10:b3:2d:2a:12:a8:84:2d:
                    01:f5:6c:91:25:83:2a:b6:6d:8c:d4:a1:5f:eb:3e:
                    58:42:94:b8:bb:5f:a1:ac:d6:43:fe:b4:8a:77:68:
                    1e:e8:8f:51:4f:1b:2c:85:9b:1d:aa:22:1e:89:0e:
                    1b:d8:f1:a0:85:63:e2:6d:43:ee:5e:be:85:83:17:
                    57:21:77:85:8d:a7:a8:56:19:eb:79:62:50:04:0c:
                    e8:08:29:21:35:d0:e5:38:8d:c5:42:e4:eb:a1:44:
                    5b:c4:93:2b:0c:c0:b2:8e:de:6f:38:f2:62:7e:a0:
                    e3:b7:93:85:41:4a:31:c1:56:a3:f3:22:4a:12:e5:
                    fc:5b:0e:51:5e:7e:d3:03:48:3d:0a:4d:d7:18:58:
                    3b:45:f7:71:05:71:59:12:17:1d:5c:43:f7:b7:7e:
                    49:e4:8e:d7:76:ec:36:f2:d7:d1:6b:12:2e:94:44:
                    70:66:0b:98:5b:4c:b7:37:1f:76:f8:c6:b8:16:3a:
                    d3:8d:d1:f3:2b:1f:75:b7:03:70:e4:78:4a:fb:54:
                    49:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C0:32:2F:1A:5B:66:DE:7A:EB:71:2E:A4:61:2D:7E:BB:48:15:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:f5:c0:11:a0:ce:e3:a9:33:38:47:ca:2f:a1:aa:47:44:47:
         c4:9a:07:3a:cd:1e:96:d8:a7:4d:99:29:c1:e1:39:b5:ca:f9:
         b6:1d:f4:86:6e:16:ca:d8:03:1b:ef:2b:c9:4a:89:e8:6a:dd:
         d2:a4:57:b8:29:84:25:8b:78:94:fe:96:81:69:a3:d7:33:da:
         14:8d:7b:3d:6a:f7:b5:39:97:94:c3:5c:93:8f:55:76:7e:16:
         38:f2:dd:2d:15:0f:03:8b:4c:a2:82:1b:3d:62:4c:f9:6a:dc:
         f8:82:0e:bb:0a:d1:4c:c7:23:ad:58:d8:f1:79:92:f7:9d:8a:
         7e:82:ea:85:12:fc:ed:a2:d1:04:64:ee:42:14:a4:2b:2c:03:
         73:98:91:19:c1:86:72:b3:a0:1c:1e:7b:89:0f:c9:46:e6:f6:
         b9:1e:97:cb:f4:1f:4f:ef:8c:0d:b6:9c:86:78:45:65:c9:c7:
         71:ef:0a:6b:37:b6:c1:66:ca:61:e5:36:9f:f6:12:cb:a9:f0:
         4a:af:9b:2a:98:27:2f:2b:e1:8c:5c:18:ac:7b:50:05:70:d9:
         04:6b:89:5f:4b:e5:65:51:1c:21:ac:01:9b:91:1a:d4:bb:7a:
         30:ca:28:1f:f4:bf:74:be:53:9b:2b:05:fe:66:8b:2c:1b:51:
         f2:6c:34:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN1yAbH4y2IY2Ul8Lc1PPvy2VGVEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMwODI5MDAwMDAwWhcNMjMxMDAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTg1ZTkxODAwOWRiNzdhZGYzNWI0YzY3N2YyNWI3YjVi
MjE4MDRkZmI0MzI5MmU2Y2NhNmE5MDZhNWU4MTA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgYg0GJUs91UGl39tZt4U/t1IPy6jJ5feXTNxUga8Z7XFa
SKIh4EZPLywHJhIl2IGTaTUQsy0qEqiELQH1bJElgyq2bYzUoV/rPlhClLi7X6Gs
1kP+tIp3aB7oj1FPGyyFmx2qIh6JDhvY8aCFY+JtQ+5evoWDF1chd4WNp6hWGet5
YlAEDOgIKSE10OU4jcVC5OuhRFvEkysMwLKO3m848mJ+oOO3k4VBSjHBVqPzIkoS
5fxbDlFeftMDSD0KTdcYWDtF93EFcVkSFx1cQ/e3fknkjtd27Dby19FrEi6URHBm
C5hbTLc3H3b4xrgWOtON0fMrH3W3A3DkeEr7VEmTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUccAyLxpbZt5663EupGEtfrtIFaQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0YTIxMDAwLTNlMWQtNDk3MC04NTg1LTQxZDkzMTMxNjdkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYwwDQYJKoZIhvcNAQELBQADggEBAAj1wBGgzuOpMzhHyi+hqkdER8Sa
BzrNHpbYp02ZKcHhObXK+bYd9IZuFsrYAxvvK8lKiehq3dKkV7gphCWLeJT+loFp
o9cz2hSNez1q97U5l5TDXJOPVXZ+Fjjy3S0VDwOLTKKCGz1iTPlq3PiCDrsK0UzH
I61Y2PF5kvedin6C6oUS/O2i0QRk7kIUpCssA3OYkRnBhnKzoBwee4kPyUbm9rke
l8v0H0/vjA22nIZ4RWXJx3HvCms3tsFmymHlNp/2Esup8EqvmyqYJy8r4YxcGKx7
UAVw2QRriV9L5WVRHCGsAZuRGtS7ejDKKB/0v3S+U5srBf5miywbUfJsNO8=
-----END CERTIFICATE-----
Generated at Tue Aug 29 00:34:13 2023 by rpki-client on console-fra.rpki-client.org