Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/20eac0c1-044c-4d7c-96cc-5e378621a09e.roa
File:                     20eac0c1-044c-4d7c-96cc-5e378621a09e.roa (raw, json)
Hash identifier:          JjSgGGZp5+HrnsbXDPTV7XcGLxCn2FGMcEp1eHC/F3g=
Subject key identifier:   03:6D:49:D4:F6:E4:D9:18:AA:20:68:7C:D7:24:CF:E3:1A:11:D7:64
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       42D4D3F1F8092C785E0A9A8CEB467E6FD514C6FA
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/20eac0c1-044c-4d7c-96cc-5e378621a09e.roa
Signing time:             Tue 12 Nov 2024 00:00:00 +0000
ROA not before:           Tue 12 Nov 2024 00:00:00 +0000
ROA not after:            Tue 17 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:a900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:d4:d3:f1:f8:09:2c:78:5e:0a:9a:8c:eb:46:7e:6f:d5:14:c6:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Nov 12 00:00:00 2024 GMT
            Not After : Dec 17 23:59:59 2024 GMT
        Subject: serialNumber=3e735a2358173f31719a18fafe7eb65d3a1ffac202d0a71a283eee014b141928, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e1:ef:26:dc:ba:e7:ca:cb:2b:79:f5:f8:3a:
                    04:6a:3e:7d:04:39:85:fa:ae:c2:52:a5:41:15:80:
                    91:2a:d0:11:0e:8d:a0:aa:92:70:62:70:9f:83:61:
                    6a:22:0c:98:c1:d4:81:12:42:d0:83:1a:c8:2e:1f:
                    27:ed:88:88:43:bd:d3:1d:a4:bc:c1:92:46:57:e9:
                    e5:1f:87:ef:a7:86:82:5a:27:e7:2a:63:a8:9f:1b:
                    35:ee:24:86:3e:5b:ec:17:37:d8:b3:0f:f9:e3:f6:
                    21:f4:a1:c9:cb:d4:ab:7f:4f:7a:f6:6a:1b:11:42:
                    4e:ec:1c:a6:1c:5b:e4:7c:58:7c:1f:92:d6:18:07:
                    38:82:e1:78:2b:a8:c0:45:ad:e6:12:bf:29:37:4e:
                    46:c6:55:c1:10:5a:c6:e4:d5:4a:6b:80:c3:e0:ad:
                    1d:91:df:01:54:5c:c6:f4:0b:53:9f:33:05:6f:7d:
                    85:0c:58:34:3b:3a:90:5e:65:f5:1b:bc:df:96:6d:
                    47:6e:13:f4:f5:e8:9b:7a:ae:75:16:fd:be:2b:ae:
                    3c:cc:b5:4f:00:0b:ed:60:48:d8:89:ff:09:e5:b4:
                    3c:99:38:2b:4d:77:5f:ee:40:2c:b3:bf:72:da:45:
                    60:98:2a:c1:73:c5:86:fa:4d:ce:69:0a:d3:3d:9d:
                    cc:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:6D:49:D4:F6:E4:D9:18:AA:20:68:7C:D7:24:CF:E3:1A:11:D7:64
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/20eac0c1-044c-4d7c-96cc-5e378621a09e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:a900::/40

    Signature Algorithm: sha256WithRSAEncryption
         b0:4c:b0:8e:43:09:7c:2b:db:3f:eb:4c:fb:1a:23:63:7c:17:
         3b:7e:34:2f:ab:6d:9a:87:6f:4e:32:9c:f5:57:24:74:ce:ac:
         ca:6b:86:e6:5a:87:ed:6c:4b:b2:b2:86:37:db:6d:3f:75:58:
         88:c9:98:0b:c7:09:83:47:a1:5f:18:15:b2:7c:d8:aa:32:7a:
         10:34:7f:7e:1c:2a:db:7b:cb:48:64:b0:16:f1:8e:d9:88:e4:
         4e:b5:6a:97:68:fe:17:cc:37:63:92:54:ec:98:40:1b:7b:22:
         3e:93:ea:10:14:60:2a:3c:8d:53:aa:61:9a:35:8f:4e:99:23:
         a9:4d:c3:71:55:b9:56:15:fa:4f:2e:87:ce:46:f8:f4:03:66:
         cd:e9:38:ff:30:37:5b:78:25:39:30:de:a8:c9:7e:b4:8b:4f:
         50:8c:66:33:01:f1:fe:f0:cb:03:f9:4c:e5:19:c8:a8:04:1d:
         36:ef:6b:dc:77:8c:91:4f:d6:0f:3c:47:b2:e3:c2:7b:e0:df:
         53:78:d1:fb:82:b9:1f:da:69:96:57:1c:8f:b6:67:37:c6:b0:
         85:10:c7:d9:27:6d:ee:d2:71:98:fd:63:5e:16:5a:28:c4:13:
         0a:f4:e7:5c:43:f9:a9:17:a8:db:51:22:99:79:d0:b4:83:1c:
         52:ab:5e:00
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQtTT8fgJLHheCpqM60Z+b9UUxvowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjQxMTEyMDAwMDAwWhcNMjQxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTczNWEyMzU4MTczZjMxNzE5YTE4ZmFmZTdlYjY1ZDNh
MWZmYWMyMDJkMGE3MWEyODNlZWUwMTRiMTQxOTI4MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDg4e8m3LrnyssrefX4OgRqPn0EOYX6rsJSpUEVgJEq0BEO
jaCqknBicJ+DYWoiDJjB1IESQtCDGsguHyftiIhDvdMdpLzBkkZX6eUfh++nhoJa
J+cqY6ifGzXuJIY+W+wXN9izD/nj9iH0ocnL1Kt/T3r2ahsRQk7sHKYcW+R8WHwf
ktYYBziC4XgrqMBFreYSvyk3TkbGVcEQWsbk1UprgMPgrR2R3wFUXMb0C1OfMwVv
fYUMWDQ7OpBeZfUbvN+WbUduE/T16Jt6rnUW/b4rrjzMtU8AC+1gSNiJ/wnltDyZ
OCtNd1/uQCyzv3LaRWCYKsFzxYb6Tc5pCtM9ncw3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUA21J1Pbk2RiqIGh81yTP4xoR12QwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzIwZWFjMGMxLTA0NGMtNGQ3Yy05NmNjLTVlMzc4NjIxYTA5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAJAAqTANBgkqhkiG9w0BAQsFAAOCAQEAsEywjkMJfCvbP+tM+xojY3wX
O340L6ttmodvTjKc9VckdM6symuG5lqH7WxLsrKGN9ttP3VYiMmYC8cJg0ehXxgV
snzYqjJ6EDR/fhwq23vLSGSwFvGO2YjkTrVql2j+F8w3Y5JU7JhAG3siPpPqEBRg
KjyNU6phmjWPTpkjqU3DcVW5VhX6Ty6Hzkb49ANmzek4/zA3W3glOTDeqMl+tItP
UIxmMwHx/vDLA/lM5RnIqAQdNu9r3HeMkU/WDzxHsuPCe+DfU3jR+4K5H9ppllcc
j7ZnN8awhRDH2Sdt7tJxmP1jXhZaKMQTCvTnXEP5qReo21EimXnQtIMcUqteAA==
-----END CERTIFICATE-----