Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0500650f-d9b9-4b71-8e3c-7c31446f4a1a.roa
File:                     0500650f-d9b9-4b71-8e3c-7c31446f4a1a.roa (raw, json)
Hash identifier:          MT219IYhTJ4LAYSk49LDDjvQgELsAoxXcOjoB5OJLgY=
Subject key identifier:   C6:94:03:4E:90:92:40:B5:38:F2:8D:5F:B5:18:A7:6B:A4:FE:E2:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       33F5DF64330054718337BB84CDAA2AC51845214A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0500650f-d9b9-4b71-8e3c-7c31446f4a1a.roa
Signing time:             Tue 19 Nov 2024 00:00:00 +0000
ROA not before:           Tue 19 Nov 2024 00:00:00 +0000
ROA not after:            Tue 24 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        3.0.0.0/10 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:f5:df:64:33:00:54:71:83:37:bb:84:cd:aa:2a:c5:18:45:21:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov 19 00:00:00 2024 GMT
            Not After : Dec 24 23:59:59 2024 GMT
        Subject: serialNumber=1fd2428d4f28b6c21cc1185a38d198fff271f39e5843dc4ffb84ad0d537ce16c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:6b:51:33:d6:a3:e8:90:08:f0:a9:78:92:c7:
                    98:2a:32:22:c4:a7:8f:6d:64:57:a8:15:2f:97:05:
                    6a:c8:bb:2d:9a:04:1e:c4:a8:37:8a:b3:b8:8d:d8:
                    11:b3:4d:da:1c:39:65:ba:0c:09:dc:25:99:77:3b:
                    bb:c9:fd:dd:71:28:20:c4:1b:1a:ce:7b:71:35:3a:
                    07:80:85:f5:e8:74:5f:84:a1:87:66:be:7b:af:4e:
                    a3:4a:eb:c0:fd:0c:10:fb:4d:e4:b8:ab:3e:b3:9c:
                    05:50:a9:0a:0d:56:7d:45:87:22:2d:d5:19:a5:82:
                    4f:50:a2:a4:0b:9b:bb:be:a9:71:ec:cb:8f:c0:ee:
                    1a:03:1d:f7:0c:b0:32:cb:e2:e2:1a:03:c4:25:06:
                    e1:50:f0:7f:15:a0:95:75:86:73:e9:53:4e:4e:22:
                    5a:b7:a7:35:d7:4c:a1:d3:2d:28:d3:cb:d0:b2:d6:
                    ea:d5:2f:8d:b3:9d:97:a3:8e:86:5d:4d:dc:79:c7:
                    8b:87:f5:9b:ef:49:ce:e7:65:43:46:ea:28:72:9d:
                    ec:ef:83:08:fa:d8:ea:35:6f:8b:ea:90:8b:71:14:
                    8f:7c:c2:52:72:3f:39:b4:02:b2:79:29:53:ee:d1:
                    f4:6b:36:24:0e:7f:70:29:72:97:e1:7f:b4:a9:86:
                    d9:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:94:03:4E:90:92:40:B5:38:F2:8D:5F:B5:18:A7:6B:A4:FE:E2:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0500650f-d9b9-4b71-8e3c-7c31446f4a1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.0.0.0/10

    Signature Algorithm: sha256WithRSAEncryption
         7e:8c:02:4e:94:ac:f9:5a:04:bd:8c:5f:97:dc:f8:9a:3a:d2:
         44:33:37:cc:63:48:77:ce:55:32:e3:21:86:ff:51:6f:b1:97:
         0b:22:bb:1c:ca:a0:9e:81:e1:0c:af:69:ed:96:62:6c:d1:27:
         ab:2b:58:2b:9a:7b:4d:e1:66:b7:c9:0d:da:49:b4:bc:86:50:
         05:68:9c:b4:7e:25:b6:8e:6d:ae:3b:ef:e2:16:26:d5:cd:7a:
         df:62:ef:04:0e:25:12:15:25:62:f4:a8:f4:e1:62:3a:04:90:
         19:a1:e5:21:c7:b6:dd:d6:97:38:40:b0:ec:ad:1c:db:b6:f5:
         37:f4:05:2f:38:e7:95:cd:e3:47:6f:12:4d:ed:70:40:5d:45:
         ef:99:fd:36:62:9c:1f:f4:37:81:f9:c3:3b:a8:cc:63:d4:32:
         86:ac:60:cb:54:d3:3b:df:b9:3e:bd:e6:16:02:b7:45:c2:08:
         da:36:22:a2:d3:c6:cb:38:59:e2:d6:85:83:ef:44:c1:1c:9c:
         8f:14:3d:a0:27:08:d5:f1:91:7d:b4:db:0a:52:63:e6:c6:e0:
         ee:2d:72:49:14:72:a7:fd:96:fb:ba:e4:b9:cd:57:f4:31:03:
         a8:32:2a:f7:f5:14:c8:ad:fe:70:0a:83:ec:17:68:4c:a1:e4:
         78:a1:a0:b9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUM/XfZDMAVHGDN7uEzaoqxRhFIUowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMTE5MDAwMDAwWhcNMjQxMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZmQyNDI4ZDRmMjhiNmMyMWNjMTE4NWEzOGQxOThmZmYy
NzFmMzllNTg0M2RjNGZmYjg0YWQwZDUzN2NlMTZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDda1Ez1qPokAjwqXiSx5gqMiLEp49tZFeoFS+XBWrIuy2a
BB7EqDeKs7iN2BGzTdocOWW6DAncJZl3O7vJ/d1xKCDEGxrOe3E1OgeAhfXodF+E
oYdmvnuvTqNK68D9DBD7TeS4qz6znAVQqQoNVn1FhyIt1Rmlgk9QoqQLm7u+qXHs
y4/A7hoDHfcMsDLL4uIaA8QlBuFQ8H8VoJV1hnPpU05OIlq3pzXXTKHTLSjTy9Cy
1urVL42znZejjoZdTdx5x4uH9ZvvSc7nZUNG6ihynezvgwj62Oo1b4vqkItxFI98
wlJyPzm0ArJ5KVPu0fRrNiQOf3Apcpfhf7SphtnHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxpQDTpCSQLU48o1ftRina6T+4gIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA1MDA2NTBmLWQ5YjktNGI3MS04ZTNjLTdjMzE0NDZmNGExYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwYDADANBgkqhkiG9w0BAQsFAAOCAQEAfowCTpSs+VoEvYxfl9z4mjrSRDM3
zGNId85VMuMhhv9Rb7GXCyK7HMqgnoHhDK9p7ZZibNEnqytYK5p7TeFmt8kN2km0
vIZQBWictH4lto5trjvv4hYm1c1632LvBA4lEhUlYvSo9OFiOgSQGaHlIce23daX
OECw7K0c27b1N/QFLzjnlc3jR28STe1wQF1F75n9NmKcH/Q3gfnDO6jMY9Qyhqxg
y1TTO9+5Pr3mFgK3RcII2jYiotPGyzhZ4taFg+9EwRycjxQ9oCcI1fGRfbTbClJj
5sbg7i1ySRRyp/2W+7rkuc1X9DEDqDIq9/UUyK3+cAqD7BdoTKHkeKGguQ==
-----END CERTIFICATE-----