Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4ec4711-a29c-4222-b040-ab79022ab487.roa
File:                     f4ec4711-a29c-4222-b040-ab79022ab487.roa (raw, json)
Hash identifier:          hDj6+UiEiaHsP0qkQbYz0W4VHUIpjNXApcxNa3HUAAg=
Subject key identifier:   CC:03:67:11:91:1A:C0:89:13:38:7C:79:DE:53:DB:7B:D9:DB:BE:15
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       524B5F329C7414D88CB0680963266B2DD093DDFF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4ec4711-a29c-4222-b040-ab79022ab487.roa
Signing time:             Tue 12 Nov 2024 00:00:00 +0000
ROA not before:           Tue 12 Nov 2024 00:00:00 +0000
ROA not after:            Tue 17 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        56.99.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 26 Nov 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:4b:5f:32:9c:74:14:d8:8c:b0:68:09:63:26:6b:2d:d0:93:dd:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:00:00 2024 GMT
            Not After : Dec 17 23:59:59 2024 GMT
        Subject: serialNumber=016077d06c9417d387085c32baaf66a60fe52d28052f643d2baafd5d98b2379a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0b:85:ce:d9:58:05:41:30:13:98:89:60:a3:
                    4a:e2:87:5b:63:fb:95:e8:5e:25:50:a9:0e:34:eb:
                    90:2c:4f:fa:04:a3:36:b1:ba:13:31:3e:0c:55:86:
                    d8:d9:eb:06:d5:d8:7c:b9:0e:c7:c8:53:ae:f2:9a:
                    8a:f7:8f:60:59:c3:ef:d4:0b:b7:32:11:b6:00:bf:
                    79:97:4c:4b:95:ab:ea:6d:eb:86:34:0c:b5:16:02:
                    60:25:16:9b:62:fb:a2:d5:86:13:49:1d:9b:51:8c:
                    ce:6c:83:95:67:9a:e3:e2:2e:de:d8:39:76:97:66:
                    ec:ae:af:b9:0b:20:dd:14:12:37:1f:7b:c7:4c:21:
                    91:5e:19:d7:66:3c:a7:e9:61:80:f8:d5:43:36:f6:
                    95:ae:3e:1a:d1:16:12:f9:f6:af:12:b3:c8:cc:3d:
                    4b:d5:43:3f:c5:2c:76:ba:23:43:1f:93:91:54:48:
                    81:5c:8f:67:d0:9a:fe:f7:c6:9d:71:54:ec:ab:81:
                    f3:36:86:31:e4:bf:ad:7f:4a:68:93:6c:54:ff:cb:
                    25:11:bb:08:30:4d:a8:ad:58:a9:0b:e6:b9:3e:bc:
                    6b:9b:c0:63:15:75:3e:7b:6a:61:df:22:c0:37:85:
                    eb:4c:4b:74:4c:6b:ae:b0:23:a4:6d:5a:16:20:92:
                    cd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:03:67:11:91:1A:C0:89:13:38:7C:79:DE:53:DB:7B:D9:DB:BE:15
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4ec4711-a29c-4222-b040-ab79022ab487.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.99.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ac:92:5e:cd:58:a8:15:6d:f2:c0:90:8b:92:98:c8:a9:38:b5:
         4a:14:3b:1a:3a:f6:81:19:60:f0:9d:0e:16:9d:de:5e:38:36:
         33:81:e9:52:dd:32:2f:f6:15:1b:5b:56:56:00:2c:70:80:17:
         22:96:54:99:21:80:46:38:79:55:d7:7d:b3:41:42:68:06:06:
         e6:95:27:91:09:a0:8a:86:b7:84:ac:ab:c7:45:33:99:86:eb:
         8e:1b:d9:19:76:1e:8f:e0:27:23:3e:e7:ca:ec:96:b2:4b:ff:
         c4:88:ee:13:fb:f8:43:67:e5:9f:3f:03:69:37:86:b8:8b:8a:
         ec:b4:a0:82:84:85:c0:87:b2:db:2d:31:f4:21:d8:aa:f4:cc:
         d6:8e:7c:f9:08:ad:76:e4:b7:fc:83:9e:0b:de:a3:bf:8c:a1:
         9d:93:0c:dd:48:79:de:e8:3f:1b:19:df:44:63:66:ad:f1:33:
         2a:6b:04:3c:d4:a3:98:dd:b5:16:14:c4:b2:1e:e5:e9:87:29:
         e2:18:a7:0d:10:52:3e:d5:44:f8:3c:4d:14:ff:7e:58:19:bd:
         01:fa:31:02:48:ee:35:a2:00:6c:43:5f:6e:f0:a6:be:2a:07:
         88:93:9a:a6:ce:af:1a:c2:e5:17:95:04:ba:1c:4b:26:35:20:
         f5:21:c6:93
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUktfMpx0FNiMsGgJYyZrLdCT3f8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTEyMDAwMDAwWhcNMjQxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMTYwNzdkMDZjOTQxN2QzODcwODVjMzJiYWFmNjZhNjBm
ZTUyZDI4MDUyZjY0M2QyYmFhZmQ1ZDk4YjIzNzlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIC4XO2VgFQTATmIlgo0rih1tj+5XoXiVQqQ4065AsT/oE
ozaxuhMxPgxVhtjZ6wbV2Hy5DsfIU67ymor3j2BZw+/UC7cyEbYAv3mXTEuVq+pt
64Y0DLUWAmAlFpti+6LVhhNJHZtRjM5sg5VnmuPiLt7YOXaXZuyur7kLIN0UEjcf
e8dMIZFeGddmPKfpYYD41UM29pWuPhrRFhL59q8Ss8jMPUvVQz/FLHa6I0Mfk5FU
SIFcj2fQmv73xp1xVOyrgfM2hjHkv61/SmiTbFT/yyURuwgwTaitWKkL5rk+vGub
wGMVdT57amHfIsA3hetMS3RMa66wI6RtWhYgks39AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzANnEZEawIkTOHx53lPbe9nbvhUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y0ZWM0NzExLWEyOWMtNDIyMi1iMDQwLWFiNzkwMjJhYjQ4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YzANBgkqhkiG9w0BAQsFAAOCAQEArJJezVioFW3ywJCLkpjIqTi1ShQ7
Gjr2gRlg8J0OFp3eXjg2M4HpUt0yL/YVG1tWVgAscIAXIpZUmSGARjh5Vdd9s0FC
aAYG5pUnkQmgioa3hKyrx0UzmYbrjhvZGXYej+AnIz7nyuyWskv/xIjuE/v4Q2fl
nz8DaTeGuIuK7LSggoSFwIey2y0x9CHYqvTM1o58+QitduS3/IOeC96jv4yhnZMM
3Uh53ug/GxnfRGNmrfEzKmsEPNSjmN21FhTEsh7l6Ycp4hinDRBSPtVE+DxNFP9+
WBm9AfoxAkjuNaIAbENfbvCmvioHiJOaps6vGsLlF5UEuhxLJjUg9SHGkw==
-----END CERTIFICATE-----