Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2522f75-0635-4530-a445-619eab7c98fc.roa
File:                     f2522f75-0635-4530-a445-619eab7c98fc.roa (raw, json)
Hash identifier:          FswLyJnZ9Xu8KqmyE8xdOmblypUjEOEPgSD0DzIpDCg=
Subject key identifier:   FF:78:2C:4A:FA:A6:AD:E2:E8:3F:5F:A1:37:EA:03:9C:35:3A:3F:BD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       38159EED3DEF24A8CEA48F6EC3DBDBDB8BF223FA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2522f75-0635-4530-a445-619eab7c98fc.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        45.57.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 03 May 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:15:9e:ed:3d:ef:24:a8:ce:a4:8f:6e:c3:db:db:db:8b:f2:23:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=37e885f14965d67b0b60aab2d2207c660a6b584d75b8ad3e5fec262756fd7c69, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:89:c1:39:5d:00:12:7d:0e:e4:05:f3:3c:40:
                    db:38:18:0e:97:d7:16:61:72:b8:bc:b9:0c:c4:bc:
                    d5:8d:dc:6b:2d:b1:36:e4:28:62:bb:2e:36:a1:f2:
                    38:b4:89:f5:fa:31:af:54:db:14:7a:5b:58:f9:5d:
                    c9:83:80:ba:15:8d:3f:77:38:d9:f1:82:95:9e:98:
                    1e:91:b8:ef:7e:ce:1a:76:28:f8:b4:f1:15:ee:ca:
                    4d:eb:d0:13:3c:e6:ec:97:12:cc:92:46:9a:07:bb:
                    dc:cd:c9:ba:20:64:bb:38:09:93:2f:86:f4:6e:15:
                    51:52:48:dd:7e:bb:03:9f:de:b9:6e:b2:c7:2a:fd:
                    28:8d:88:7c:3e:05:8f:48:a6:1f:3e:35:ba:45:1a:
                    d6:f9:17:b0:1e:68:30:20:c2:5a:be:b7:54:8c:b3:
                    9e:c0:3d:8f:8c:7a:5e:bc:9c:67:a6:f5:6d:f5:5c:
                    9b:96:74:b6:d1:48:08:1d:80:ea:fd:0d:0a:77:59:
                    75:92:06:3d:38:4a:64:90:ed:97:11:5e:7f:8b:54:
                    c2:67:60:27:0b:c6:63:e5:a1:6e:c7:db:f2:3b:a1:
                    1d:11:28:5f:df:8b:19:23:36:12:56:05:87:e1:76:
                    7e:4f:30:d0:c5:30:71:06:9c:04:4a:53:68:64:9c:
                    29:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:78:2C:4A:FA:A6:AD:E2:E8:3F:5F:A1:37:EA:03:9C:35:3A:3F:BD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2522f75-0635-4530-a445-619eab7c98fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.57.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         44:26:94:e5:45:dd:c9:83:78:72:d1:71:9f:31:65:01:8d:c9:
         54:70:a1:02:e8:d8:fb:cb:ff:9a:02:49:22:17:bf:b3:ea:37:
         cc:f2:47:1e:9d:b5:e7:84:87:39:43:f7:d7:00:b6:d9:5b:51:
         2d:44:bc:03:7d:96:b2:3a:cc:44:2d:6e:36:ab:dd:01:b4:7c:
         1a:6f:7e:47:28:3b:99:02:c7:4c:04:d9:4e:b7:74:45:33:b7:
         f1:d0:d7:cf:75:e4:95:3a:c7:8d:6f:b8:d8:98:75:be:fb:64:
         a3:69:cf:aa:88:0a:8d:ae:74:21:bd:05:86:95:ff:01:31:9e:
         1f:87:e2:97:7e:d4:d0:6a:1d:b1:44:dd:7c:f4:6f:0b:26:d0:
         6b:5c:84:97:12:18:fa:fa:24:0b:bc:42:30:a2:b7:c3:9f:55:
         88:65:3f:3b:f3:70:b7:c8:c8:87:f9:5d:11:13:4f:f2:4e:4e:
         29:b7:4a:0f:d8:2d:8a:e9:ef:9f:fa:83:54:70:22:f5:74:eb:
         45:cd:97:d5:e7:db:f8:0a:10:2e:c7:3c:97:65:8b:cc:97:de:
         4a:b3:e4:4b:0a:0b:9a:d0:f7:11:67:1c:ae:26:61:8a:c8:4d:
         f8:f9:91:b2:9a:91:b1:fc:f9:04:78:8c:30:99:c3:b7:91:87:
         af:c2:5e:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOBWe7T3vJKjOpI9uw9vb24vyI/owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2U4ODVmMTQ5NjVkNjdiMGI2MGFhYjJkMjIwN2M2NjBh
NmI1ODRkNzViOGFkM2U1ZmVjMjYyNzU2ZmQ3YzY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCricE5XQASfQ7kBfM8QNs4GA6X1xZhcri8uQzEvNWN3Gst
sTbkKGK7Ljah8ji0ifX6Ma9U2xR6W1j5XcmDgLoVjT93ONnxgpWemB6RuO9+zhp2
KPi08RXuyk3r0BM85uyXEsySRpoHu9zNybogZLs4CZMvhvRuFVFSSN1+uwOf3rlu
sscq/SiNiHw+BY9Iph8+NbpFGtb5F7AeaDAgwlq+t1SMs57APY+Mel68nGem9W31
XJuWdLbRSAgdgOr9DQp3WXWSBj04SmSQ7ZcRXn+LVMJnYCcLxmPloW7H2/I7oR0R
KF/fixkjNhJWBYfhdn5PMNDFMHEGnARKU2hknCkNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/3gsSvqmreLoP1+hN+oDnDU6P70wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyNTIyZjc1LTA2MzUtNDUzMC1hNDQ1LTYxOWVhYjdjOThmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBActOYAwDQYJKoZIhvcNAQELBQADggEBAEQmlOVF3cmDeHLRcZ8xZQGNyVRw
oQLo2PvL/5oCSSIXv7PqN8zyRx6dteeEhzlD99cAttlbUS1EvAN9lrI6zEQtbjar
3QG0fBpvfkcoO5kCx0wE2U63dEUzt/HQ18915JU6x41vuNiYdb77ZKNpz6qICo2u
dCG9BYaV/wExnh+H4pd+1NBqHbFE3Xz0bwsm0GtchJcSGPr6JAu8QjCit8OfVYhl
PzvzcLfIyIf5XRETT/JOTim3Sg/YLYrp75/6g1RwIvV060XNl9Xn2/gKEC7HPJdl
i8yX3kqz5EsKC5rQ9xFnHK4mYYrITfj5kbKakbH8+QR4jDCZw7eRh6/CXn4=
-----END CERTIFICATE-----