Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa
File:                     3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa (raw, json)
Hash identifier:          Ii4Lc8TipyJaTbjdtWNaf4F1QiAoJ4vnPM/j/DCDYrs=
Subject key identifier:   99:ED:51:36:43:DA:DE:2F:59:8E:2E:B5:FC:5D:46:B9:C0:8E:2C:55
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       23B8798C441E01D1DA78DC1A3E5C0663334D7356
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa
Signing time:             Tue 27 Aug 2024 00:00:00 +0000
ROA not before:           Tue 27 Aug 2024 00:00:00 +0000
ROA not after:            Tue 01 Oct 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:b8:79:8c:44:1e:01:d1:da:78:dc:1a:3e:5c:06:63:33:4d:73:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Aug 27 00:00:00 2024 GMT
            Not After : Oct  1 23:59:59 2024 GMT
        Subject: serialNumber=41da3d3719ff66c8772e38dbe687540696c7d330b65f134923a325dc46ad1565, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6c:6a:8c:ff:a3:ea:fa:4b:e7:ba:0c:26:f4:
                    ae:05:88:67:fe:13:b8:96:a0:73:59:d2:61:26:fa:
                    5f:07:31:d2:04:e9:91:d0:09:55:4e:df:7f:67:76:
                    cd:51:34:95:ca:1f:79:87:b7:bc:03:b5:4d:6e:ca:
                    96:b1:fb:62:26:41:05:d9:80:3a:72:62:06:4b:42:
                    c4:4c:d2:f1:2e:b3:ba:21:ac:07:b9:32:07:68:82:
                    65:89:5b:9b:0f:50:b4:af:7c:24:9a:cb:e6:18:bd:
                    c5:7f:a8:81:76:20:f1:97:52:10:65:c6:ab:f3:a8:
                    c0:61:e8:37:a6:ec:6f:1f:14:a1:8d:3a:07:9b:59:
                    4f:24:2e:e9:16:78:0b:f7:15:f4:1e:84:e1:18:28:
                    4c:44:c0:c5:b7:bf:8a:0e:f0:7e:0a:de:e5:b4:56:
                    3b:75:33:d9:1a:7c:85:98:4b:b5:c5:22:fc:6d:a6:
                    a4:f0:02:ab:1c:1b:da:36:f8:1f:ac:f0:b3:0d:44:
                    40:d5:8e:bc:7c:93:b6:9e:c5:f5:3e:0d:2f:ad:30:
                    da:f0:77:f7:01:4a:80:23:86:75:b2:ec:58:60:2b:
                    c4:58:c6:eb:23:17:5d:17:0c:95:bd:ab:bf:fa:c8:
                    67:ac:8f:a3:0b:e5:31:f4:c9:d0:16:df:4f:3f:5c:
                    c0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:ED:51:36:43:DA:DE:2F:59:8E:2E:B5:FC:5D:46:B9:C0:8E:2C:55
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:a6:de:bb:36:18:6a:33:29:46:1c:2f:c5:d6:5c:d3:a8:9a:
         39:f6:b8:8d:98:e5:e2:50:11:3c:73:15:bf:00:b1:4b:c2:ea:
         bc:d1:90:d7:38:df:13:c1:8a:77:54:51:7e:91:48:d2:e4:67:
         0b:d2:1e:52:df:eb:0c:94:38:56:fd:a8:4c:06:35:c4:9f:4f:
         f4:83:98:dd:54:56:ed:8e:6f:10:b7:c0:fb:87:25:3c:43:b7:
         9e:1a:3f:81:cf:b0:ce:cf:52:96:6e:3f:f2:d3:5a:3d:57:4c:
         2a:aa:ec:80:12:88:20:aa:95:ac:2a:80:55:a3:a3:7b:61:99:
         9b:e8:33:68:c0:f1:07:6c:10:36:5c:dc:57:c1:e8:57:dd:fb:
         f3:78:2a:5e:0b:16:1e:04:2a:76:4e:03:94:17:a5:0d:1d:44:
         af:c3:3e:37:82:5e:12:4e:c0:1c:c3:bd:ff:a3:cf:61:ef:2f:
         03:20:2d:a3:1c:64:c6:52:c9:1b:ab:01:85:58:83:a0:54:a6:
         b5:41:31:9c:ee:c4:a0:bf:e6:26:73:99:5c:bf:da:31:d9:16:
         14:60:a7:9e:07:f4:b4:b3:a5:fb:8c:a1:60:b9:ea:97:8e:ba:
         04:3e:3a:88:26:cb:b3:c8:4f:20:0a:d1:4b:1b:f8:5b:6a:68:
         9a:3c:f5:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI7h5jEQeAdHaeNwaPlwGYzNNc1YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQwODI3MDAwMDAwWhcNMjQxMDAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWRhM2QzNzE5ZmY2NmM4NzcyZTM4ZGJlNjg3NTQwNjk2
YzdkMzMwYjY1ZjEzNDkyM2EzMjVkYzQ2YWQxNTY1MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0bGqM/6Pq+kvnugwm9K4FiGf+E7iWoHNZ0mEm+l8HMdIE
6ZHQCVVO339nds1RNJXKH3mHt7wDtU1uypax+2ImQQXZgDpyYgZLQsRM0vEus7oh
rAe5MgdogmWJW5sPULSvfCSay+YYvcV/qIF2IPGXUhBlxqvzqMBh6Dem7G8fFKGN
OgebWU8kLukWeAv3FfQehOEYKExEwMW3v4oO8H4K3uW0Vjt1M9kafIWYS7XFIvxt
pqTwAqscG9o2+B+s8LMNREDVjrx8k7aexfU+DS+tMNrwd/cBSoAjhnWy7FhgK8RY
xusjF10XDJW9q7/6yGesj6ML5TH0ydAW308/XMDRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUme1RNkPa3i9Zji61/F1GucCOLFUwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzNhZDJhZTljLWQ1MDUtNGI1My04YTAzLWMwMDM0NjAyZDQwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX++AwDQYJKoZIhvcNAQELBQADggEBABGm3rs2GGozKUYcL8XWXNOomjn2
uI2Y5eJQETxzFb8AsUvC6rzRkNc43xPBindUUX6RSNLkZwvSHlLf6wyUOFb9qEwG
NcSfT/SDmN1UVu2ObxC3wPuHJTxDt54aP4HPsM7PUpZuP/LTWj1XTCqq7IASiCCq
lawqgFWjo3thmZvoM2jA8QdsEDZc3FfB6Ffd+/N4Kl4LFh4EKnZOA5QXpQ0dRK/D
PjeCXhJOwBzDvf+jz2HvLwMgLaMcZMZSyRurAYVYg6BUprVBMZzuxKC/5iZzmVy/
2jHZFhRgp54H9LSzpfuMoWC56peOugQ+Oogmy7PITyAK0Usb+FtqaJo89eY=
-----END CERTIFICATE-----