Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8565160-197a-4008-b4b2-a00776aa71ff.roa
File:                     d8565160-197a-4008-b4b2-a00776aa71ff.roa (raw, json)
Hash identifier:          MjFrf9dxb6lJ5bDBol79w8TQh0+laiWHvGc+HahJYso=
Subject key identifier:   E6:20:D9:E8:16:97:6E:FE:AE:EC:D6:E5:E5:14:57:22:E6:7B:9F:06
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30DCE9C72F047BA843CC0030CF565C45623A8485
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8565160-197a-4008-b4b2-a00776aa71ff.roa
Signing time:             Tue 05 Nov 2024 00:00:00 +0000
ROA not before:           Tue 05 Nov 2024 00:00:00 +0000
ROA not after:            Tue 10 Dec 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        71.141.128.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:dc:e9:c7:2f:04:7b:a8:43:cc:00:30:cf:56:5c:45:62:3a:84:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:00:00 2024 GMT
            Not After : Dec 10 23:59:59 2024 GMT
        Subject: serialNumber=37a5638b655c32b449da0793b48c75fddcbcdc0b04b0f3cfbb34fe979fe6267e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b1:09:e3:91:9d:e2:00:02:f4:2d:e0:46:72:
                    45:77:ca:1b:47:bc:b1:6d:38:af:9f:86:98:03:76:
                    7d:f8:8d:52:8f:33:fd:16:b5:ab:9e:19:c6:bf:5a:
                    8a:e4:38:62:f3:04:aa:a5:7d:f7:2d:fa:f4:02:14:
                    83:9c:2b:32:65:bf:b9:bd:34:b5:a1:56:64:76:ba:
                    5e:2c:55:05:df:2b:74:59:90:de:59:f4:db:01:5f:
                    e9:37:98:6c:40:f8:19:ab:c3:53:9e:72:a0:e4:93:
                    1d:5d:d4:b5:60:a2:74:06:ac:67:b4:0a:61:01:60:
                    51:78:15:7c:e4:0d:94:60:08:c6:fe:ce:33:0e:9c:
                    28:13:43:1a:3f:27:54:87:5b:eb:8c:34:e7:37:d3:
                    b1:63:fb:9f:97:29:8a:0d:8c:66:8a:35:88:18:cc:
                    9f:7a:27:51:e6:9c:d8:22:de:7f:e9:0b:7b:d9:86:
                    a4:04:ab:72:6c:51:98:32:3c:96:4b:16:0f:bf:bf:
                    03:9c:d0:72:a0:85:76:b9:ef:ac:12:5f:25:25:7f:
                    c3:46:74:f2:12:90:ad:57:49:ca:4b:37:1a:5f:99:
                    ac:90:83:9e:21:41:32:7a:56:19:c1:2f:1e:b5:46:
                    1c:be:1c:4b:f4:00:e0:fc:d2:ac:57:3d:51:00:bd:
                    fb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:20:D9:E8:16:97:6E:FE:AE:EC:D6:E5:E5:14:57:22:E6:7B:9F:06
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8565160-197a-4008-b4b2-a00776aa71ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.141.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         94:d6:0b:5a:f8:80:d3:1f:6d:4e:6b:24:f4:73:51:06:bc:14:
         26:4f:1e:20:f1:e2:88:f9:a8:d1:ad:82:5a:8d:20:13:37:88:
         f3:ae:76:7a:50:b3:e3:ba:38:55:45:c2:0d:33:bc:37:56:8f:
         73:7a:b1:00:eb:cb:fe:71:0f:ae:54:c4:fa:d0:66:b6:30:e9:
         36:28:d9:88:6a:1a:d3:13:07:da:84:d6:d2:40:9b:42:03:ff:
         92:ff:7c:44:1d:05:74:40:2e:9c:48:76:b9:5f:62:de:4c:9d:
         4e:dd:1c:db:7b:23:c6:27:66:55:70:f7:b2:61:d6:4c:c1:0b:
         d6:6f:fa:f9:91:3c:47:54:d8:34:92:1e:b5:7c:ad:7b:03:84:
         77:1d:60:97:bd:23:84:4f:fd:32:36:91:00:2e:ae:82:28:84:
         80:f8:6f:c4:e4:2e:3f:cf:6d:a7:ab:9f:7e:0b:f4:d8:a8:67:
         85:64:20:be:43:0e:18:87:c2:65:01:e2:5f:09:50:d4:8d:71:
         b3:ce:4d:f2:7b:45:21:d2:63:45:e9:24:c4:81:e2:4d:80:12:
         1f:9c:9c:a2:77:0f:6d:64:24:08:7a:86:f9:71:b9:e0:7b:e9:
         b4:ab:34:e6:c1:22:27:7a:17:6f:88:32:62:6d:ea:52:d7:64:
         d2:1b:e4:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMNzpxy8Ee6hDzAAwz1ZcRWI6hIUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTA1MDAwMDAwWhcNMjQxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2E1NjM4YjY1NWMzMmI0NDlkYTA3OTNiNDhjNzVmZGRj
YmNkYzBiMDRiMGYzY2ZiYjM0ZmU5NzlmZTYyNjdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQsQnjkZ3iAAL0LeBGckV3yhtHvLFtOK+fhpgDdn34jVKP
M/0WtaueGca/WorkOGLzBKqlffct+vQCFIOcKzJlv7m9NLWhVmR2ul4sVQXfK3RZ
kN5Z9NsBX+k3mGxA+Bmrw1OecqDkkx1d1LVgonQGrGe0CmEBYFF4FXzkDZRgCMb+
zjMOnCgTQxo/J1SHW+uMNOc307Fj+5+XKYoNjGaKNYgYzJ96J1HmnNgi3n/pC3vZ
hqQEq3JsUZgyPJZLFg+/vwOc0HKghXa576wSXyUlf8NGdPISkK1XScpLNxpfmayQ
g54hQTJ6VhnBLx61Rhy+HEv0AOD80qxXPVEAvfvDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5iDZ6BaXbv6u7Nbl5RRXIuZ7nwYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4NTY1MTYwLTE5N2EtNDAwOC1iNGIyLWEwMDc3NmFhNzFmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZHjYAwDQYJKoZIhvcNAQELBQADggEBAJTWC1r4gNMfbU5rJPRzUQa8FCZP
HiDx4oj5qNGtglqNIBM3iPOudnpQs+O6OFVFwg0zvDdWj3N6sQDry/5xD65UxPrQ
ZrYw6TYo2YhqGtMTB9qE1tJAm0ID/5L/fEQdBXRALpxIdrlfYt5MnU7dHNt7I8Yn
ZlVw97Jh1kzBC9Zv+vmRPEdU2DSSHrV8rXsDhHcdYJe9I4RP/TI2kQAuroIohID4
b8TkLj/Pbaern34L9NioZ4VkIL5DDhiHwmUB4l8JUNSNcbPOTfJ7RSHSY0XpJMSB
4k2AEh+cnKJ3D21kJAh6hvlxueB76bSrNObBIid6F2+IMmJt6lLXZNIb5K8=
-----END CERTIFICATE-----