Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/0e389254-682a-49dc-8f48-9e1c009e2b94.roa
File:                     0e389254-682a-49dc-8f48-9e1c009e2b94.roa (raw, json)
Hash identifier:          K96tfTv2RohptZPIH97Z3pdV6Ii/UZ1VMCImQkb7ncw=
Subject key identifier:   BD:84:68:BB:BF:8E:1D:4A:E6:3A:D5:61:F4:03:B1:0B:F0:4B:AB:7A
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       7578CB3638A42DF7BAFA2D6317DDF7D8FCEC0495
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/0e389254-682a-49dc-8f48-9e1c009e2b94.roa
Signing time:             Fri 19 Apr 2024 00:00:00 +0000
ROA not before:           Fri 19 Apr 2024 00:00:00 +0000
ROA not after:            Fri 24 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:9cc0:64c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 04 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:78:cb:36:38:a4:2d:f7:ba:fa:2d:63:17:dd:f7:d8:fc:ec:04:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Apr 19 00:00:00 2024 GMT
            Not After : May 24 23:59:59 2024 GMT
        Subject: serialNumber=02d197c47a9adad1b87d3c82d3ec31e83d3e95dabcae768a2fc6f11087d2cff4, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d7:4b:06:98:de:1e:8f:18:0e:9c:79:3d:34:
                    a1:59:10:1d:33:1c:af:71:e6:e3:0a:f9:40:e7:5b:
                    9b:9f:f1:53:93:16:7b:fc:ea:42:52:fa:4b:06:5b:
                    a1:a1:2e:11:7c:6d:70:1e:0b:d9:74:44:c2:34:83:
                    cf:ef:12:b5:ac:ee:a7:fe:99:65:1e:25:79:f0:f4:
                    c8:9b:0b:48:6f:35:ae:cb:3e:a5:49:20:64:c9:ad:
                    08:6f:aa:93:9c:c4:69:85:21:1e:fb:09:fe:de:4a:
                    8e:0e:91:3f:29:58:76:9c:bc:cc:48:0e:28:cb:44:
                    0f:f7:34:17:dd:ac:80:51:6b:ac:b1:13:d1:4f:f3:
                    07:55:0d:35:f3:1c:5e:b4:28:d7:60:a4:ba:31:f4:
                    df:3c:61:7e:29:95:70:1e:4c:da:c9:63:47:bc:bd:
                    5c:19:fa:57:77:c2:c6:55:b8:d3:1e:fe:30:cc:56:
                    ab:a0:76:34:3e:37:15:59:5e:10:05:e4:0e:cc:fa:
                    6a:40:ca:fa:e1:86:94:78:26:10:e7:63:3d:0c:05:
                    0a:34:ce:6e:f5:00:fb:be:04:34:57:8b:79:01:be:
                    d9:00:09:b8:6b:3d:4a:75:41:54:b8:f4:69:99:c1:
                    bd:d2:9d:4b:45:06:47:15:15:f4:e7:20:bc:0c:db:
                    ce:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:84:68:BB:BF:8E:1D:4A:E6:3A:D5:61:F4:03:B1:0B:F0:4B:AB:7A
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/0e389254-682a-49dc-8f48-9e1c009e2b94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:64c::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:f3:a3:6e:d3:14:10:49:11:c3:0e:7a:ff:75:f5:ee:e5:21:
         76:9b:ae:3a:53:6d:36:73:43:6a:a6:ed:e4:bc:90:5c:9c:5d:
         4e:cb:a8:42:2b:84:17:f7:90:6e:9d:4b:d8:f0:b9:84:cf:59:
         f6:10:77:33:75:e8:67:71:6f:8e:00:6d:fa:4a:58:9a:47:99:
         87:1f:b1:89:80:bd:3e:ab:7f:44:21:b8:86:96:f8:55:11:68:
         ee:f8:08:ab:a9:2e:69:cf:ac:ed:a5:66:ee:d4:18:59:f1:c3:
         42:4e:17:9f:ab:1f:6c:62:44:72:87:b4:c8:36:81:60:8f:44:
         f7:30:61:86:1b:9c:d9:a3:b4:d8:76:dc:70:db:5e:8f:4f:35:
         8c:67:31:a9:3a:f1:0a:0f:49:79:b4:78:9c:30:b8:5d:ec:46:
         8e:4b:08:00:b1:ab:a5:0e:02:0d:5b:09:32:d1:65:5e:09:64:
         47:5a:7b:64:84:f1:b4:b3:c9:39:60:08:62:d3:97:5e:ec:0e:
         be:29:b6:73:a7:8a:09:51:38:4a:b4:8a:60:58:75:ff:fb:59:
         d7:12:e0:9e:7b:08:69:98:e3:78:81:eb:97:87:22:b2:c1:f8:
         2d:cc:ca:c7:ba:54:2e:5a:95:c2:02:a4:ee:33:e1:db:cd:24:
         f6:c8:d4:6c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUdXjLNjikLfe6+i1jF9332PzsBJUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjQwNDE5MDAwMDAwWhcNMjQwNTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMmQxOTdjNDdhOWFkYWQxYjg3ZDNjODJkM2VjMzFlODNk
M2U5NWRhYmNhZTc2OGEyZmM2ZjExMDg3ZDJjZmY0MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb10sGmN4ejxgOnHk9NKFZEB0zHK9x5uMK+UDnW5uf8VOT
Fnv86kJS+ksGW6GhLhF8bXAeC9l0RMI0g8/vErWs7qf+mWUeJXnw9MibC0hvNa7L
PqVJIGTJrQhvqpOcxGmFIR77Cf7eSo4OkT8pWHacvMxIDijLRA/3NBfdrIBRa6yx
E9FP8wdVDTXzHF60KNdgpLox9N88YX4plXAeTNrJY0e8vVwZ+ld3wsZVuNMe/jDM
VqugdjQ+NxVZXhAF5A7M+mpAyvrhhpR4JhDnYz0MBQo0zm71APu+BDRXi3kBvtkA
CbhrPUp1QVS49GmZwb3SnUtFBkcVFfTnILwM285DAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUvYRou7+OHUrmOtVh9AOxC/BLq3owHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzBlMzg5MjU0LTY4MmEtNDlkYy04ZjQ4LTllMWMwMDllMmI5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzABkwwDQYJKoZIhvcNAQELBQADggEBAEvzo27TFBBJEcMOev919e7l
IXabrjpTbTZzQ2qm7eS8kFycXU7LqEIrhBf3kG6dS9jwuYTPWfYQdzN16Gdxb44A
bfpKWJpHmYcfsYmAvT6rf0QhuIaW+FURaO74CKupLmnPrO2lZu7UGFnxw0JOF5+r
H2xiRHKHtMg2gWCPRPcwYYYbnNmjtNh23HDbXo9PNYxnMak68QoPSXm0eJwwuF3s
Ro5LCACxq6UOAg1bCTLRZV4JZEdae2SE8bSzyTlgCGLTl17sDr4ptnOniglROEq0
imBYdf/7WdcS4J57CGmY43iB65eHIrLB+C3Myse6VC5alcICpO4z4dvNJPbI1Gw=
-----END CERTIFICATE-----