Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa
File:                     f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa (raw, json)
Hash identifier:          9XDozlSMKjL5Cb74GFcRsQMCebjH7XDcTwpaPfkslNE=
Subject key identifier:   1D:47:84:76:C1:85:DC:93:C3:EB:EF:AF:89:61:35:12:0B:0A:41:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AC947B831203EB37FEC844D7E5DA2E926F07871
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa
Signing time:             Tue 05 Nov 2024 00:00:00 +0000
ROA not before:           Tue 05 Nov 2024 00:00:00 +0000
ROA not after:            Tue 10 Dec 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        66.219.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c9:47:b8:31:20:3e:b3:7f:ec:84:4d:7e:5d:a2:e9:26:f0:78:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:00:00 2024 GMT
            Not After : Dec 10 23:59:59 2024 GMT
        Subject: serialNumber=a6b82b08a53bb011d22030381c899d8d18d466d28af6998abf53859b66b16d68, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:57:6a:ae:67:69:53:f2:3b:30:ba:39:10:dc:
                    84:e3:0c:72:d2:f9:68:7f:8e:94:37:4f:12:49:82:
                    e7:dd:5b:d1:7e:40:1a:7b:2b:25:a1:7a:41:3b:f4:
                    ad:db:80:6c:4d:f5:b5:96:e1:1d:06:b5:f5:5b:1c:
                    3d:76:fe:4c:1a:8f:ce:c4:4f:89:19:74:d9:bf:ba:
                    53:0e:ba:89:1b:da:88:a9:95:0a:8b:2b:d3:b4:b2:
                    22:56:a4:96:24:78:52:af:ce:1d:cc:f3:ef:8e:85:
                    84:4f:fe:e5:6e:79:a6:55:4d:20:f2:70:a8:e5:a9:
                    c2:9e:0a:27:7c:b7:a5:50:c2:26:54:75:32:3d:b0:
                    71:78:c6:12:a4:aa:89:8d:fe:5b:e0:b5:05:33:b6:
                    ae:d7:e5:69:aa:1e:b1:b8:ef:81:b9:19:c3:b8:32:
                    3f:3f:fa:67:c4:85:27:93:ac:2d:c7:8d:f9:81:4c:
                    20:34:1a:b7:73:29:c2:50:ea:68:f4:12:98:9a:c8:
                    70:63:f0:19:e9:2e:ce:ba:60:a3:f5:15:3a:15:8b:
                    0f:91:51:d4:ef:3b:e6:34:56:ad:7b:52:63:20:83:
                    c5:c6:d8:e7:25:be:6e:e5:76:36:6e:f8:07:e5:b7:
                    22:c6:84:06:18:67:38:b1:86:44:72:d2:67:8e:95:
                    27:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:47:84:76:C1:85:DC:93:C3:EB:EF:AF:89:61:35:12:0B:0A:41:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.219.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         07:4d:5e:7b:31:65:ca:81:ca:d2:d8:d9:88:d6:6d:77:ef:07:
         10:84:05:6b:55:e3:94:71:28:28:e8:6d:0b:e6:74:e2:d9:66:
         86:ee:23:10:b9:b7:0e:3f:7c:18:08:60:19:6e:62:13:3a:d2:
         66:0e:cd:92:b0:cc:eb:c5:15:bb:4c:3a:91:36:62:53:c3:32:
         83:10:54:d1:2c:86:f2:87:35:3f:cf:c3:57:b7:77:bc:23:fd:
         db:d6:fa:d0:43:7b:8b:7c:a0:b3:1b:91:96:4a:f9:0b:e4:fa:
         42:72:88:73:63:59:af:57:5c:f8:56:32:c0:44:9f:0e:68:ab:
         e5:d0:fd:88:a5:ad:53:97:e7:a1:ac:31:26:88:4c:aa:33:33:
         4b:7b:d5:f9:08:4b:c4:68:f1:49:f7:5a:95:c5:59:7c:e3:8b:
         c4:43:c5:23:41:e4:11:cd:27:4f:d6:c9:6f:0a:d6:12:46:c9:
         b0:b4:d2:64:fb:df:50:b2:b3:8b:83:97:6b:28:be:1a:f0:43:
         61:47:9b:8b:63:58:c5:b9:ca:93:42:90:3a:21:7b:a5:33:2e:
         99:f7:02:18:57:d6:9a:8d:c7:44:8f:35:aa:2d:9f:0d:36:c6:
         4b:de:4e:fd:1f:a7:d0:eb:25:44:ee:d5:4a:f4:69:aa:98:12:
         c0:7d:69:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKslHuDEgPrN/7IRNfl2i6SbweHEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTA1MDAwMDAwWhcNMjQxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNmI4MmIwOGE1M2JiMDExZDIyMDMwMzgxYzg5OWQ4ZDE4
ZDQ2NmQyOGFmNjk5OGFiZjUzODU5YjY2YjE2ZDY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcV2quZ2lT8jswujkQ3ITjDHLS+Wh/jpQ3TxJJgufdW9F+
QBp7KyWhekE79K3bgGxN9bWW4R0GtfVbHD12/kwaj87ET4kZdNm/ulMOuokb2oip
lQqLK9O0siJWpJYkeFKvzh3M8++OhYRP/uVueaZVTSDycKjlqcKeCid8t6VQwiZU
dTI9sHF4xhKkqomN/lvgtQUztq7X5WmqHrG474G5GcO4Mj8/+mfEhSeTrC3HjfmB
TCA0GrdzKcJQ6mj0EpiayHBj8BnpLs66YKP1FToViw+RUdTvO+Y0Vq17UmMgg8XG
2Oclvm7ldjZu+AfltyLGhAYYZzixhkRy0meOlScHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHUeEdsGF3JPD6++viWE1EgsKQVQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2MzhmYzllLWZlNDAtNGVlNC04MTQ2LWU2YmE2NWRkYTEzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVC20AwDQYJKoZIhvcNAQELBQADggEBAAdNXnsxZcqBytLY2YjWbXfvBxCE
BWtV45RxKCjobQvmdOLZZobuIxC5tw4/fBgIYBluYhM60mYOzZKwzOvFFbtMOpE2
YlPDMoMQVNEshvKHNT/Pw1e3d7wj/dvW+tBDe4t8oLMbkZZK+Qvk+kJyiHNjWa9X
XPhWMsBEnw5oq+XQ/YilrVOX56GsMSaITKozM0t71fkIS8Ro8Un3WpXFWXzji8RD
xSNB5BHNJ0/WyW8K1hJGybC00mT731Cys4uDl2sovhrwQ2FHm4tjWMW5ypNCkDoh
e6UzLpn3AhhX1pqNx0SPNaotnw02xkveTv0fp9DrJUTu1Ur0aaqYEsB9afY=
-----END CERTIFICATE-----