Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffb5c531-407d-444e-95b8-a49b80cd6e6c.roa
File:                     ffb5c531-407d-444e-95b8-a49b80cd6e6c.roa (raw, json)
Hash identifier:          2VInWMWbgr+q7JKV8LL166V927al0eqFSbTHmg4R5tU=
Subject key identifier:   19:76:3D:52:CA:D2:6B:EE:6C:AC:62:F4:16:FD:D1:C2:D5:9A:6C:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       618CFDC552B2E1E607AC74D4C8AF4282402EB8B1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffb5c531-407d-444e-95b8-a49b80cd6e6c.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     701
IP address blocks:        139.56.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 10 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8c:fd:c5:52:b2:e1:e6:07:ac:74:d4:c8:af:42:82:40:2e:b8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=5749b4ac792c230ef0458054012850d9eb0d7c5ed79f10336f8e2a7158e0714b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5c:49:ee:57:95:cd:79:9f:57:ba:6d:46:f0:
                    c5:f7:ff:6c:98:09:54:38:13:a1:b0:8f:8b:3a:85:
                    f8:af:71:d6:9e:60:92:be:a2:d6:eb:e4:39:ff:f8:
                    da:c3:ae:77:ec:4a:97:10:45:39:df:4d:e5:4c:cb:
                    b3:2b:8e:5e:28:94:c6:a1:15:fb:7f:d8:64:2a:11:
                    8a:f6:fa:68:e4:ab:b2:e2:a4:4d:93:c7:b1:8b:02:
                    60:cd:b9:1e:21:c3:3b:dd:ef:70:5d:a7:2b:12:9e:
                    69:66:43:45:d2:3f:aa:67:fd:75:b6:c2:fe:60:1d:
                    b1:c7:c2:75:a3:9a:60:cf:f2:e6:45:35:60:06:51:
                    65:f6:c2:d1:af:17:b9:82:a2:56:85:f8:d6:59:75:
                    b3:18:59:e1:20:04:6c:63:75:91:ac:c2:f8:cb:71:
                    fe:3b:54:9e:d0:c7:e9:81:6b:50:13:0e:04:69:06:
                    6f:c2:c0:17:73:39:e6:db:09:6d:ce:df:01:ec:07:
                    7d:18:97:b1:60:23:6e:f5:a7:88:d7:f9:fd:5e:19:
                    8a:51:e6:1c:15:b1:02:1b:e2:81:57:99:e1:b5:a0:
                    e3:50:e6:c7:c6:82:05:ff:b6:2c:3b:f6:45:84:53:
                    ef:86:8e:17:81:38:8f:60:10:dd:a8:ab:b2:cc:9d:
                    b6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:76:3D:52:CA:D2:6B:EE:6C:AC:62:F4:16:FD:D1:C2:D5:9A:6C:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffb5c531-407d-444e-95b8-a49b80cd6e6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d8:9c:a8:c5:88:fa:a5:82:d3:36:28:6d:ed:59:08:6a:d0:
         02:db:49:5f:47:14:e1:5a:c9:1d:67:a6:31:ef:76:47:34:64:
         d3:62:7f:93:58:3d:cd:25:60:cc:5d:b7:29:0d:98:9e:89:6b:
         5e:40:49:a3:da:19:c5:ea:63:11:a3:c4:be:d4:ee:41:d6:3a:
         0b:f4:52:5c:fd:52:9f:3c:73:c9:22:fe:3d:16:89:3c:dc:d1:
         ca:c2:15:08:ed:38:e2:0b:3f:97:01:77:41:02:bf:59:bb:cc:
         21:c2:b8:91:a7:21:29:2c:c9:38:2f:0e:93:0f:38:5e:f3:31:
         e2:52:5d:de:5a:70:ab:3f:42:f7:87:81:48:48:78:0c:20:77:
         c3:71:db:11:b8:5e:f4:d8:68:97:f4:f5:7b:e8:63:59:88:8d:
         83:47:67:57:a5:3b:78:2e:16:a7:44:7e:54:f9:d6:96:76:8a:
         dd:f3:ae:7e:9b:55:33:cc:ca:ba:54:1b:5f:62:21:6a:f4:1b:
         b1:0d:c5:31:5b:35:0c:32:c5:02:a9:64:e9:16:29:a0:96:83:
         ef:66:36:d2:1c:97:8b:2b:5a:52:3a:b8:20:41:ba:58:ac:c0:
         27:83:0f:9b:31:53:be:08:45:39:ef:da:30:2b:f0:81:70:82:
         bb:81:1e:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYYz9xVKy4eYHrHTUyK9CgkAuuLEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzQ5YjRhYzc5MmMyMzBlZjA0NTgwNTQwMTI4NTBkOWVi
MGQ3YzVlZDc5ZjEwMzM2ZjhlMmE3MTU4ZTA3MTRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJXEnuV5XNeZ9Xum1G8MX3/2yYCVQ4E6Gwj4s6hfivcdae
YJK+otbr5Dn/+NrDrnfsSpcQRTnfTeVMy7Mrjl4olMahFft/2GQqEYr2+mjkq7Li
pE2Tx7GLAmDNuR4hwzvd73BdpysSnmlmQ0XSP6pn/XW2wv5gHbHHwnWjmmDP8uZF
NWAGUWX2wtGvF7mColaF+NZZdbMYWeEgBGxjdZGswvjLcf47VJ7Qx+mBa1ATDgRp
Bm/CwBdzOebbCW3O3wHsB30Yl7FgI271p4jX+f1eGYpR5hwVsQIb4oFXmeG1oONQ
5sfGggX/tiw79kWEU++GjheBOI9gEN2oq7LMnbazAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGXY9UsrSa+5srGL0Fv3RwtWabKQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZmYjVjNTMxLTQwN2QtNDQ0ZS05NWI4LWE0OWI4MGNkNmU2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACLOAEwDQYJKoZIhvcNAQELBQADggEBADzYnKjFiPqlgtM2KG3tWQhq0ALb
SV9HFOFayR1npjHvdkc0ZNNif5NYPc0lYMxdtykNmJ6Ja15ASaPaGcXqYxGjxL7U
7kHWOgv0Ulz9Up88c8ki/j0WiTzc0crCFQjtOOILP5cBd0ECv1m7zCHCuJGnISks
yTgvDpMPOF7zMeJSXd5acKs/QveHgUhIeAwgd8Nx2xG4XvTYaJf09XvoY1mIjYNH
Z1elO3guFqdEflT51pZ2it3zrn6bVTPMyrpUG19iIWr0G7ENxTFbNQwyxQKpZOkW
KaCWg+9mNtIcl4srWlI6uCBBuliswCeDD5sxU74IRTnv2jAr8IFwgruBHsI=
-----END CERTIFICATE-----