Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e7a769f6-8dd5-4179-a653-99ec82616621.roa
File:                     e7a769f6-8dd5-4179-a653-99ec82616621.roa (raw, json)
Hash identifier:          nWJ0B6Y/t7/fd+rwEYrVfvMwTNuHLAj3A0m7Dt/QHFU=
Subject key identifier:   E9:62:4B:F2:A7:CF:1C:3B:BC:82:E6:53:90:3F:D7:3B:A1:76:3D:CD
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3FF7CB821CDE31DF57814AF59050BCF7E55F7AFC
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e7a769f6-8dd5-4179-a653-99ec82616621.roa
Signing time:             Thu 14 Nov 2024 00:00:00 +0000
ROA not before:           Thu 14 Nov 2024 00:00:00 +0000
ROA not after:            Thu 19 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f7:cb:82:1c:de:31:df:57:81:4a:f5:90:50:bc:f7:e5:5f:7a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Nov 14 00:00:00 2024 GMT
            Not After : Dec 19 23:59:59 2024 GMT
        Subject: serialNumber=4402d736424e2b9e6f6eb8d46665b07cfc0151259e6e9d222fd8d9b19fd44fcf, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3b:b4:71:21:d0:63:52:c9:22:d5:4e:25:db:
                    2e:2f:cb:54:d3:9c:35:5f:c1:80:72:fc:4c:0f:c2:
                    4c:ef:83:7b:db:2c:0b:e7:e9:66:b8:9d:9e:d8:2a:
                    f0:f2:68:47:a9:db:06:db:9d:7f:03:8b:8e:04:a7:
                    3c:d5:5b:8b:97:95:bc:bd:97:ab:5e:f5:0c:b3:11:
                    be:b3:b8:b7:c6:0a:9e:52:69:63:d6:d6:76:2c:02:
                    f8:01:4b:ce:5a:14:12:de:35:c8:0f:b6:86:fd:5d:
                    e7:ce:d2:4c:48:30:3f:a4:8b:f8:9b:08:62:fd:7c:
                    de:f7:97:cc:32:65:64:1a:1b:51:df:69:f2:c0:a1:
                    07:ec:ef:d5:84:af:77:f6:a1:e3:19:96:52:d8:d4:
                    f9:aa:a1:d9:e1:39:9c:73:f8:43:b4:b3:58:9d:0f:
                    7d:27:91:02:c3:bb:20:63:11:eb:ed:7c:f5:14:a6:
                    74:97:d2:7b:08:ef:04:4f:5a:1e:58:01:c7:e9:42:
                    3c:f0:70:62:93:c8:09:2b:ce:90:1a:1f:c8:6f:22:
                    47:23:2a:e2:c2:49:6b:42:d2:9e:13:39:0b:51:4a:
                    91:15:65:1f:50:dd:4f:88:b2:74:18:79:d7:64:4e:
                    b4:13:c6:4e:15:e6:a2:d5:d0:0c:6a:51:08:47:7c:
                    c9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:62:4B:F2:A7:CF:1C:3B:BC:82:E6:53:90:3F:D7:3B:A1:76:3D:CD
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e7a769f6-8dd5-4179-a653-99ec82616621.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e800::/40

    Signature Algorithm: sha256WithRSAEncryption
         72:63:df:2c:9e:ed:02:60:1b:15:dc:f6:df:8d:7a:8d:ca:0c:
         34:68:63:d0:7d:d9:20:22:64:f8:0e:17:ac:13:5e:7d:ee:3d:
         8d:3f:2d:e2:3c:4e:17:a7:e4:55:13:2e:15:f8:a4:26:92:0e:
         7e:e4:04:71:71:f6:e3:1a:88:a3:76:ca:50:ac:ba:3a:d2:b7:
         e4:a8:5f:df:93:3d:78:7f:6e:4d:d1:8d:dc:13:de:a1:4f:76:
         d9:9a:c6:68:71:9d:4f:a0:ee:2f:50:91:80:b3:7f:80:96:96:
         e2:83:06:2e:7b:73:b4:cd:c9:ee:c2:db:50:c5:36:57:2d:11:
         90:5f:16:d8:49:ef:b0:fb:ef:04:55:e3:4e:d2:83:ab:71:fd:
         1d:19:aa:8a:18:66:1a:d8:d9:87:02:e5:a3:e6:f4:38:81:dd:
         d8:3c:b2:eb:34:29:60:b4:6a:c8:5e:b6:dd:a0:06:a0:a6:8c:
         d6:b0:4d:30:93:cf:a8:26:66:fb:38:70:9e:a2:c2:a7:1a:53:
         ae:e8:76:64:f6:cb:25:11:60:6f:1a:6a:46:5b:1b:96:14:91:
         56:9c:4a:fe:29:bc:9f:0b:22:2c:33:1a:51:af:1a:ed:dc:83:
         b2:c9:6b:32:a9:7d:7d:09:4f:14:58:5e:05:39:c1:05:09:b5:
         c7:a3:6d:b8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUP/fLghzeMd9XgUr1kFC89+VfevwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMTE0MDAwMDAwWhcNMjQxMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDAyZDczNjQyNGUyYjllNmY2ZWI4ZDQ2NjY1YjA3Y2Zj
MDE1MTI1OWU2ZTlkMjIyZmQ4ZDliMTlmZDQ0ZmNmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqO7RxIdBjUski1U4l2y4vy1TTnDVfwYBy/EwPwkzvg3vb
LAvn6Wa4nZ7YKvDyaEep2wbbnX8Di44EpzzVW4uXlby9l6te9QyzEb6zuLfGCp5S
aWPW1nYsAvgBS85aFBLeNcgPtob9XefO0kxIMD+ki/ibCGL9fN73l8wyZWQaG1Hf
afLAoQfs79WEr3f2oeMZllLY1PmqodnhOZxz+EO0s1idD30nkQLDuyBjEevtfPUU
pnSX0nsI7wRPWh5YAcfpQjzwcGKTyAkrzpAaH8hvIkcjKuLCSWtC0p4TOQtRSpEV
ZR9Q3U+IsnQYeddkTrQTxk4V5qLV0AxqUQhHfMndAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU6WJL8qfPHDu8guZTkD/XO6F2Pc0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2U3YTc2OWY2LThkZDUtNDE3OS1hNjUzLTk5ZWM4MjYxNjYyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76DANBgkqhkiG9w0BAQsFAAOCAQEAcmPfLJ7tAmAbFdz23416jcoM
NGhj0H3ZICJk+A4XrBNefe49jT8t4jxOF6fkVRMuFfikJpIOfuQEcXH24xqIo3bK
UKy6OtK35Khf35M9eH9uTdGN3BPeoU922ZrGaHGdT6DuL1CRgLN/gJaW4oMGLntz
tM3J7sLbUMU2Vy0RkF8W2EnvsPvvBFXjTtKDq3H9HRmqihhmGtjZhwLlo+b0OIHd
2Dyy6zQpYLRqyF623aAGoKaM1rBNMJPPqCZm+zhwnqLCpxpTruh2ZPbLJRFgbxpq
RlsblhSRVpxK/im8nwsiLDMaUa8a7dyDsslrMql9fQlPFFheBTnBBQm1x6NtuA==
-----END CERTIFICATE-----