Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9e487e47-66d6-41c1-9978-ba008ae33ba2.roa
File:                     9e487e47-66d6-41c1-9978-ba008ae33ba2.roa (download)
Hash identifier:          e5BuhLeSD3eGjpeLJfy83ufwNN+sJlsBr1ISVTcmW1A=
Subject key identifier:   8C:FF:87:EB:1C:FA:59:C1:13:D1:F8:FF:C7:99:9B:A0:DA:4A:4F:65
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       240E0CAAC044C92F4E1114BAA5122E083B7C3293
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9e487e47-66d6-41c1-9978-ba008ae33ba2.roa
ROA valid until:          Sat 28 Jan 2023 23:59:59 +0000
asID:                     400098
IP address blocks:
    1: 199.36.120.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:0e:0c:aa:c0:44:c9:2f:4e:11:14:ba:a5:12:2e:08:3b:7c:32:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Jan 25 00:00:00 2023 GMT
            Not After : Jan 28 23:59:59 2023 GMT
        Subject: serialNumber=26a5f16eed48d339716d4dd674f1a81cc473986afbbbee69e321129a8180ef4c, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:04:1a:ef:25:cb:0b:83:9e:6a:77:20:6f:2e:
                    a1:6e:6a:68:c5:1e:85:a3:99:b5:c8:a2:ef:a4:d8:
                    42:9e:6f:6b:01:d2:70:0c:1a:dd:ae:30:fd:91:f3:
                    d0:50:3e:b5:0f:f5:da:de:66:82:40:bd:2d:c6:61:
                    72:24:7b:e4:6e:11:6b:2f:98:58:b3:0e:a4:6f:28:
                    53:65:61:4d:cc:ec:a9:7a:ae:39:b3:a6:9a:1c:89:
                    c1:e9:9d:8b:2b:d7:ef:ae:f5:2b:17:20:84:05:51:
                    27:7d:d9:72:e1:7d:99:7e:e7:cb:31:02:2e:8d:4f:
                    63:c6:45:af:6f:84:4a:fc:82:22:4c:4a:24:56:d1:
                    43:93:20:b1:90:95:60:68:76:d0:3c:09:39:3b:bd:
                    8c:e8:04:ec:fa:1a:d7:93:aa:1c:06:63:00:5a:f4:
                    3e:aa:8a:6f:84:20:03:65:c0:dc:1e:5e:d7:cf:b8:
                    43:db:b6:7d:4d:04:a4:d5:87:bd:ff:ce:10:36:a4:
                    67:83:39:d2:6f:49:ca:0a:68:6b:9c:42:16:40:a6:
                    3c:7d:53:87:e1:81:7f:21:15:85:24:d6:c5:8f:2f:
                    cd:bd:ce:9d:2f:3c:d2:cc:ce:5a:55:23:b7:f4:e0:
                    db:43:99:15:51:32:bb:17:b6:9b:2f:5e:a3:e2:ce:
                    9e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                8C:FF:87:EB:1C:FA:59:C1:13:D1:F8:FF:C7:99:9B:A0:DA:4A:4F:65
            X509v3 Authority Key Identifier: 
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/9e487e47-66d6-41c1-9978-ba008ae33ba2.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:a3:53:9f:d4:43:bb:a0:9d:ff:43:a2:54:dd:cb:0f:31:87:
         32:58:09:bb:90:98:43:d2:ba:92:2e:a4:a3:69:bd:f4:52:a9:
         88:22:62:f2:cd:22:3a:7a:f7:10:01:dd:2d:5f:8f:bc:fe:1a:
         5f:55:e2:ea:2d:21:2f:11:00:43:24:91:47:18:1a:a7:f7:8c:
         2a:b3:c8:f4:b9:08:cb:a1:66:81:30:ed:43:f0:38:79:5e:3b:
         18:36:5d:7d:34:f2:69:ae:54:85:a3:fb:7f:15:03:b9:6d:34:
         92:57:33:19:8d:60:ce:85:a2:fd:ea:30:9a:8b:11:7c:67:e8:
         71:44:12:68:85:63:ca:51:a8:cf:36:ce:fe:09:75:58:a5:00:
         e5:4b:58:aa:1e:1c:40:d4:98:14:58:ce:a2:1c:89:c3:d3:f6:
         fa:73:82:51:1f:88:ad:ec:45:7d:98:d0:5b:94:b1:7b:be:6b:
         c9:9b:b9:04:66:9b:1d:bf:87:64:4b:8f:40:64:94:eb:76:6a:
         1c:e7:40:e8:a2:51:4c:6a:d7:95:93:c5:cb:db:8f:12:a7:ff:
         bb:88:c4:28:a9:1b:7e:bf:40:e4:25:c2:34:8f:92:77:59:7c:
         57:77:14:58:44:d1:19:28:c0:31:a4:46:b3:44:8c:53:d6:e1:
         13:ee:99:2c
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUJA4MqsBEyS9OERS6pRIuCDt8MpMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMTI1MDAwMDAwWhcNMjMwMTI4MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMjZhNWYxNmVlZDQ4ZDMzOTcxNmQ0ZGQ2NzRmMWE4MWNj
NDczOTg2YWZiYmJlZTY5ZTMyMTEyOWE4MTgwZWY0YzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKUEGu8lywuDnmp3IG8uoW5qaMUehaOZtcii76TYQp5vawHScAwa
3a4w/ZHz0FA+tQ/12t5mgkC9LcZhciR75G4Ray+YWLMOpG8oU2VhTczsqXquObOm
mhyJwemdiyvX7671KxcghAVRJ33ZcuF9mX7nyzECLo1PY8ZFr2+ESvyCIkxKJFbR
Q5MgsZCVYGh20DwJOTu9jOgE7Poa15OqHAZjAFr0PqqKb4QgA2XA3B5e18+4Q9u2
fU0EpNWHvf/OEDakZ4M50m9Jygpoa5xCFkCmPH1Th+GBfyEVhSTWxY8vzb3OnS88
0szOWlUjt/Tg20OZFVEyuxe2my9eo+LOnmECAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBSM/4frHPpZwRPR+P/HmZug2kpPZTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvOWU0ODdlNDctNjZkNi00MWMxLTk5NzgtYmEwMDhhZTMzYmEyLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALOjU5/UQ7ugnf9D
olTdyw8xhzJYCbuQmEPSupIupKNpvfRSqYgiYvLNIjp69xAB3S1fj7z+Gl9V4uot
IS8RAEMkkUcYGqf3jCqzyPS5CMuhZoEw7UPwOHleOxg2XX008mmuVIWj+38VA7lt
NJJXMxmNYM6Fov3qMJqLEXxn6HFEEmiFY8pRqM82zv4JdVilAOVLWKoeHEDUmBRY
zqIcicPT9vpzglEfiK3sRX2Y0FuUsXu+a8mbuQRmmx2/h2RLj0BklOt2ahznQOii
UUxq15WTxcvbjxKn/7uIxCipG36/QOQlwjSPkndZfFd3FFhE0RkowDGkRrNEjFPW
4RPumSw=
-----END CERTIFICATE-----
Generated at Wed Jan 25 12:15:32 2023 by rpki-client.