Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/fbfb4db3-3d0c-4420-b30d-ffe7941c87f5.roa
File:                     fbfb4db3-3d0c-4420-b30d-ffe7941c87f5.roa (raw, json)
Hash identifier:          kHSL9lpVB3U2i0Z9Lik9/7JuVZozB8Q5WPv1SyTMAZ4=
Subject key identifier:   B2:D8:1B:F5:CD:EC:B1:73:0D:12:0F:C3:94:E7:FF:0F:D4:04:8E:56
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       258468C9DE5AE6F5863A5EE402BC9788382FA2B9
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/fbfb4db3-3d0c-4420-b30d-ffe7941c87f5.roa
Signing time:             Wed 13 Nov 2024 00:00:00 +0000
ROA not before:           Wed 13 Nov 2024 00:00:00 +0000
ROA not after:            Wed 18 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:84:68:c9:de:5a:e6:f5:86:3a:5e:e4:02:bc:97:88:38:2f:a2:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Nov 13 00:00:00 2024 GMT
            Not After : Dec 18 23:59:59 2024 GMT
        Subject: serialNumber=8515c4b388f3bbd34a157c64e6e0403286a0397c89a48c55e04abc960dac8df5, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:69:f5:99:b8:52:9f:0d:db:7f:56:93:d8:ca:
                    d3:6c:d6:4e:e1:18:8b:89:6b:22:26:94:72:80:00:
                    1f:f5:29:05:3a:1d:60:40:1a:35:fc:b4:97:a1:23:
                    36:97:14:27:e8:cc:96:1d:03:4a:3b:73:ee:a3:61:
                    71:bc:db:c5:ef:fa:40:26:94:88:90:6d:56:bb:75:
                    24:92:ab:0b:45:9c:e9:91:c7:50:33:2a:e4:19:2f:
                    8d:88:4c:7f:00:b4:bd:b6:27:7b:e1:a0:69:2d:f6:
                    20:0c:28:f7:76:f5:fc:7d:c5:ce:69:33:8a:28:d7:
                    be:47:41:db:d9:df:e4:32:22:0b:d8:16:49:fd:fa:
                    58:3c:c2:4c:e2:6f:b5:b8:42:8b:9e:9a:85:22:e4:
                    b7:79:8b:fc:4f:00:a5:9b:1e:d5:2a:e0:83:74:d2:
                    4a:6d:d7:db:80:60:15:d6:8e:50:14:5b:33:0e:2c:
                    34:03:f5:be:24:0f:e4:5a:fb:82:2d:29:55:43:77:
                    aa:32:aa:c3:3d:37:a2:88:26:98:5e:0f:9c:42:61:
                    93:80:6a:75:2d:1c:1d:ea:0b:ea:12:bd:b1:e1:01:
                    fd:8d:85:25:35:ed:8e:0c:e7:e3:59:d9:cb:6b:42:
                    12:04:e9:d6:82:9e:9f:84:c8:e2:ff:60:cb:81:61:
                    58:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D8:1B:F5:CD:EC:B1:73:0D:12:0F:C3:94:E7:FF:0F:D4:04:8E:56
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/fbfb4db3-3d0c-4420-b30d-ffe7941c87f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:b9:b1:fa:f9:97:73:78:b9:8d:87:de:a7:d9:79:10:bb:db:
         9b:de:0c:01:14:48:4f:54:77:bd:92:48:67:76:3a:b3:39:46:
         6d:39:b8:31:55:f4:a0:43:90:58:ff:d9:8b:29:40:32:c7:87:
         b2:19:bd:c3:08:58:4b:78:c7:b4:62:19:0c:aa:ae:b2:a6:ba:
         7d:02:a1:8a:72:e3:96:17:12:52:d6:b7:08:50:ab:69:d5:02:
         e1:e9:8f:e1:fc:42:b1:72:50:07:af:0e:ab:54:8e:1e:6b:75:
         cf:1b:ac:1e:e7:73:7e:4b:2c:80:3f:d1:d3:bf:db:18:fe:2d:
         59:59:f9:b3:39:94:39:c3:96:d6:67:5a:10:28:5c:cf:d1:aa:
         36:b0:6b:be:61:c6:9c:be:ab:2a:ee:db:47:7c:bf:26:da:0e:
         1e:8e:4c:47:b0:d5:ee:a7:07:b6:a8:d0:85:79:15:1c:a4:90:
         77:e8:09:cd:6a:94:29:4e:58:9a:7f:44:66:17:81:a0:58:af:
         0a:ad:ba:30:88:01:d6:1b:3d:82:f1:15:eb:36:be:56:ed:78:
         76:41:1f:d1:d9:68:a1:72:ce:92:2f:08:6a:9f:90:b7:12:2c:
         99:93:42:25:ab:ed:c1:b3:1b:84:f2:2f:52:f2:52:06:cf:d9:
         1c:e1:9d:15
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJYRoyd5a5vWGOl7kAryXiDgvorkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMTEzMDAwMDAwWhcNMjQxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTE1YzRiMzg4ZjNiYmQzNGExNTdjNjRlNmUwNDAzMjg2
YTAzOTdjODlhNDhjNTVlMDRhYmM5NjBkYWM4ZGY1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8afWZuFKfDdt/VpPYytNs1k7hGIuJayImlHKAAB/1KQU6
HWBAGjX8tJehIzaXFCfozJYdA0o7c+6jYXG828Xv+kAmlIiQbVa7dSSSqwtFnOmR
x1AzKuQZL42ITH8AtL22J3vhoGkt9iAMKPd29fx9xc5pM4oo175HQdvZ3+QyIgvY
Fkn9+lg8wkzib7W4QouemoUi5Ld5i/xPAKWbHtUq4IN00kpt19uAYBXWjlAUWzMO
LDQD9b4kD+Ra+4ItKVVDd6oyqsM9N6KIJpheD5xCYZOAanUtHB3qC+oSvbHhAf2N
hSU17Y4M5+NZ2ctrQhIE6daCnp+EyOL/YMuBYVixAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUstgb9c3ssXMNEg/DlOf/D9QEjlYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2ZiZmI0ZGIzLTNkMGMtNDQyMC1iMzBkLWZmZTc5NDFjODdmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD74DANBgkqhkiG9w0BAQsFAAOCAQEAjrmx+vmXc3i5jYfep9l5ELvb
m94MARRIT1R3vZJIZ3Y6szlGbTm4MVX0oEOQWP/ZiylAMseHshm9wwhYS3jHtGIZ
DKqusqa6fQKhinLjlhcSUta3CFCradUC4emP4fxCsXJQB68Oq1SOHmt1zxusHudz
fkssgD/R07/bGP4tWVn5szmUOcOW1mdaEChcz9GqNrBrvmHGnL6rKu7bR3y/JtoO
Ho5MR7DV7qcHtqjQhXkVHKSQd+gJzWqUKU5Ymn9EZheBoFivCq26MIgB1hs9gvEV
6za+Vu14dkEf0dlooXLOki8Iap+QtxIsmZNCJavtwbMbhPIvUvJSBs/ZHOGdFQ==
-----END CERTIFICATE-----