Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa
File:                     d845b310-ed3d-4505-8597-970be13c03af.roa (raw, json)
Hash identifier:          5OHicPu0TTaCUo62FXSUWAYCeEyf4QUUD5rNELgmdVA=
Subject key identifier:   06:9D:9F:C9:CD:C7:3F:03:5A:D8:AC:13:7E:39:18:1A:87:5A:85:99
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D581923D9647DC0FBF534AE9F05C689EDD7EE32
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        156.4.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Sep 2023 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:58:19:23:d9:64:7d:c0:fb:f5:34:ae:9f:05:c6:89:ed:d7:ee:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=fd7d3828cfd28424dd31b77e9e3cac34deb6e574b3aaab3c0e8db5f5aa751d24, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b9:b6:62:04:25:a6:1f:65:aa:c3:84:3d:64:
                    3a:03:72:01:3c:41:7b:14:4b:c1:93:8f:3e:de:5d:
                    60:1a:b0:72:5d:25:50:3e:24:72:ee:2f:73:c8:4a:
                    37:b5:57:c5:b2:cf:82:ae:2a:87:71:df:3e:b6:42:
                    ee:2a:9b:c4:d2:d6:c0:3e:c5:fc:85:65:cd:d9:b3:
                    fa:8f:da:8d:0f:df:b3:a5:2f:43:79:c3:a2:71:d9:
                    52:b7:c7:fd:69:06:c2:ba:0c:ba:aa:37:92:39:af:
                    65:5b:4c:1e:6e:ef:62:d2:89:39:4c:be:9a:f3:3e:
                    16:a8:13:d7:1c:c1:f1:3b:2e:18:ea:c0:b7:a6:d8:
                    d6:5b:50:da:62:53:71:f1:59:8e:93:d2:61:26:89:
                    aa:b9:4f:6e:f4:40:fb:b7:bb:9d:4f:4f:03:75:3e:
                    ae:8e:7c:fe:0a:79:ac:f5:fe:f0:49:a3:63:7d:b0:
                    cf:cb:90:d6:15:9d:72:b3:60:5d:33:8f:d6:77:c4:
                    95:c8:20:aa:f9:22:fa:1c:48:54:52:f9:21:61:21:
                    66:b8:db:96:a2:a8:79:68:81:01:8b:fd:83:25:c9:
                    91:51:c7:5d:3a:c1:ce:d2:bd:6c:e2:c1:40:47:76:
                    5b:53:c9:2b:5e:2a:02:32:9c:a8:ad:1d:de:f9:ff:
                    ad:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:9D:9F:C9:CD:C7:3F:03:5A:D8:AC:13:7E:39:18:1A:87:5A:85:99
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.4.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         39:65:67:0e:db:18:e7:3f:da:cb:d0:93:26:b3:3a:4d:ab:8a:
         dd:0f:3f:b2:b9:fc:88:a9:49:f5:bf:10:48:45:22:e6:a5:32:
         ba:75:f3:8a:bc:cd:11:52:47:5c:bf:62:53:2e:3f:fa:37:f8:
         fd:f2:95:05:75:3d:db:d5:d1:9f:ed:67:34:b4:be:45:a1:16:
         3d:2f:cd:f7:55:1e:a6:05:6e:e2:ef:b6:49:17:62:aa:83:9c:
         1d:ab:b0:55:69:4b:70:59:5a:87:b4:8d:29:df:57:26:9f:76:
         08:e9:e3:32:8e:16:45:5d:15:3f:d7:a9:af:79:af:c3:4f:13:
         b8:42:a2:9c:05:6b:cf:90:53:90:b3:1a:f3:88:62:1d:de:69:
         22:e8:33:94:96:03:76:c2:1f:7b:cc:20:3b:02:3c:0a:b4:fa:
         3c:b5:b6:d8:70:cc:f1:13:52:08:7a:57:3f:1a:e1:fb:8a:cc:
         25:6c:77:42:67:e7:25:6c:b6:50:00:27:ce:93:a2:e8:8d:e8:
         0f:ab:dd:e5:e3:05:99:ca:6b:75:d0:d7:a0:9c:bd:59:0a:43:
         0d:11:8c:c3:24:44:1a:b9:94:5b:48:43:80:26:05:3b:ac:6c:
         07:de:af:3e:cd:df:57:68:fa:19:e1:72:25:3f:61:dc:b4:61:
         26:13:aa:d5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDVgZI9lkfcD79TSunwXGie3X7jIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMwOTIyMDAwMDAwWhcNMjMxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDdkMzgyOGNmZDI4NDI0ZGQzMWI3N2U5ZTNjYWMzNGRl
YjZlNTc0YjNhYWFiM2MwZThkYjVmNWFhNzUxZDI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6ubZiBCWmH2Wqw4Q9ZDoDcgE8QXsUS8GTjz7eXWAasHJd
JVA+JHLuL3PISje1V8Wyz4KuKodx3z62Qu4qm8TS1sA+xfyFZc3Zs/qP2o0P37Ol
L0N5w6Jx2VK3x/1pBsK6DLqqN5I5r2VbTB5u72LSiTlMvprzPhaoE9ccwfE7Lhjq
wLem2NZbUNpiU3HxWY6T0mEmiaq5T270QPu3u51PTwN1Pq6OfP4Keaz1/vBJo2N9
sM/LkNYVnXKzYF0zj9Z3xJXIIKr5IvocSFRS+SFhIWa425aiqHlogQGL/YMlyZFR
x106wc7SvWziwUBHdltTySteKgIynKitHd75/62jAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUBp2fyc3HPwNa2KwTfjkYGodahZkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4NDViMzEwLWVkM2QtNDUwNS04NTk3LTk3MGJlMTNjMDNhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwGcBDANBgkqhkiG9w0BAQsFAAOCAQEAOWVnDtsY5z/ay9CTJrM6TauK3Q8/
srn8iKlJ9b8QSEUi5qUyunXzirzNEVJHXL9iUy4/+jf4/fKVBXU929XRn+1nNLS+
RaEWPS/N91UepgVu4u+2SRdiqoOcHauwVWlLcFlah7SNKd9XJp92COnjMo4WRV0V
P9epr3mvw08TuEKinAVrz5BTkLMa84hiHd5pIugzlJYDdsIfe8wgOwI8CrT6PLW2
2HDM8RNSCHpXPxrh+4rMJWx3QmfnJWy2UAAnzpOi6I3oD6vd5eMFmcprddDXoJy9
WQpDDRGMwyREGrmUW0hDgCYFO6xsB96vPs3fV2j6GeFyJT9h3LRhJhOq1Q==
-----END CERTIFICATE-----
Generated at Fri Sep 22 19:21:58 2023 by rpki-client on console-ams.rpki-client.org