Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10c5897d-0a1d-4280-ab6b-bc9175ad6835.roa
File:                     10c5897d-0a1d-4280-ab6b-bc9175ad6835.roa (raw, json)
Hash identifier:          hyl6uIPlgXbmf+V/u/cDuYwd/Qn4Xkyb1Hsmz6ymoL8=
Subject key identifier:   20:1F:E6:7C:BC:E4:9D:C1:B6:43:C1:4C:E4:C8:3E:12:11:13:63:22
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0FD044A84BBADC749553A115B5BA2B15B73BD5CE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10c5897d-0a1d-4280-ab6b-bc9175ad6835.roa
Signing time:             Tue 09 Jul 2024 00:00:00 +0000
ROA not before:           Tue 09 Jul 2024 00:00:00 +0000
ROA not after:            Tue 13 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 28 Jul 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d0:44:a8:4b:ba:dc:74:95:53:a1:15:b5:ba:2b:15:b7:3b:d5:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul  9 00:00:00 2024 GMT
            Not After : Aug 13 23:59:59 2024 GMT
        Subject: serialNumber=1ce8ffc0cdd3161a8af9f07d5977beefc37f15f8389dc1cbe668ba3916e0e9f7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:41:a1:e2:f1:23:e4:68:da:c9:d3:47:e1:01:
                    18:6a:1e:19:48:d6:a1:7e:ed:71:70:d7:d5:4b:fe:
                    15:04:b3:a7:b8:d9:a4:bf:b4:b2:fe:32:42:e7:5c:
                    76:5f:6f:73:22:da:07:cb:88:0c:e6:a8:05:42:ba:
                    7e:ee:ad:e0:8f:ba:73:f1:77:3c:42:de:bb:91:48:
                    64:7c:f5:59:5b:ad:d9:dd:2d:a6:ee:ad:2f:e1:78:
                    04:3b:ca:21:b7:f4:19:04:b5:82:14:d9:31:f7:7b:
                    89:67:ea:76:42:6a:c2:d0:8d:9c:ab:cd:7e:d0:0d:
                    ce:f0:d2:e2:86:d8:a4:32:94:98:25:63:ca:eb:c4:
                    9f:a8:26:bf:4d:3e:7e:4d:7e:de:9a:ad:52:46:e8:
                    fe:05:6b:16:69:79:bd:cf:c1:1f:ff:8a:22:ca:83:
                    70:83:67:10:f9:45:e5:3a:eb:fa:8b:4d:ba:1e:ea:
                    18:bd:14:32:f9:5e:5d:f0:12:f5:e2:87:26:ba:ee:
                    70:b9:83:d3:3c:53:03:56:a5:a8:f1:ee:1a:01:e5:
                    07:28:7c:81:48:2d:6e:a7:86:b4:c3:1a:1f:e8:c3:
                    5b:67:f6:b4:96:f2:4f:28:4c:fe:a8:63:66:67:60:
                    de:d3:e0:e6:a7:96:9f:d4:73:1d:48:e5:0b:95:78:
                    84:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:1F:E6:7C:BC:E4:9D:C1:B6:43:C1:4C:E4:C8:3E:12:11:13:63:22
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10c5897d-0a1d-4280-ab6b-bc9175ad6835.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:05:3b:cb:be:ea:f8:ea:76:75:ad:94:fb:6b:3c:ab:7d:e6:
         70:69:8b:52:cc:ee:b0:62:11:39:5a:4c:2c:06:de:0c:cb:fc:
         5f:81:02:c9:6f:9e:8b:0b:c7:85:b1:a2:a2:ca:77:e9:21:38:
         1d:f0:25:5a:03:3d:8a:d8:ba:22:6b:48:b2:5e:69:82:63:22:
         33:2b:b8:3f:90:21:6d:d3:e3:37:5f:2b:87:d5:a9:c7:ba:77:
         51:62:b0:76:00:50:e7:c5:5c:06:01:0d:b8:ab:70:b5:3d:a2:
         81:78:29:7a:a8:99:e0:12:26:97:ec:9f:04:5c:4b:5e:40:7e:
         dd:38:cf:5b:ee:48:94:0f:3a:65:61:e8:02:74:e2:06:1b:af:
         5b:00:12:d5:2b:19:4e:0d:43:b5:aa:64:db:5c:62:57:d5:76:
         3f:66:f6:9a:27:de:2a:67:16:ed:d7:1f:14:ad:7a:d2:d8:2a:
         46:4d:5f:ed:5a:eb:26:a6:e3:80:1e:48:6c:8c:7f:9d:bd:fa:
         34:bc:44:6b:ef:03:0f:45:af:c2:a7:a4:67:7a:1c:56:90:3f:
         e4:95:56:2d:db:41:d7:4b:52:f1:77:c3:5e:d2:05:a8:b6:c1:
         64:88:1b:12:11:ce:91:e9:76:82:44:86:5f:b0:52:ff:fa:51:
         20:61:f9:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD9BEqEu63HSVU6EVtborFbc71c4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNzA5MDAwMDAwWhcNMjQwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxY2U4ZmZjMGNkZDMxNjFhOGFmOWYwN2Q1OTc3YmVlZmMz
N2YxNWY4Mzg5ZGMxY2JlNjY4YmEzOTE2ZTBlOWY3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOQaHi8SPkaNrJ00fhARhqHhlI1qF+7XFw19VL/hUEs6e4
2aS/tLL+MkLnXHZfb3Mi2gfLiAzmqAVCun7ureCPunPxdzxC3ruRSGR89Vlbrdnd
LaburS/heAQ7yiG39BkEtYIU2TH3e4ln6nZCasLQjZyrzX7QDc7w0uKG2KQylJgl
Y8rrxJ+oJr9NPn5Nft6arVJG6P4FaxZpeb3PwR//iiLKg3CDZxD5ReU66/qLTboe
6hi9FDL5Xl3wEvXihya67nC5g9M8UwNWpajx7hoB5QcofIFILW6nhrTDGh/ow1tn
9rSW8k8oTP6oY2ZnYN7T4Oanlp/Ucx1I5QuVeIT/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIB/mfLzkncG2Q8FM5Mg+EhETYyIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEwYzU4OTdkLTBhMWQtNDI4MC1hYjZiLWJjOTE3NWFkNjgzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN+EEwDQYJKoZIhvcNAQELBQADggEBAAoFO8u+6vjqdnWtlPtrPKt95nBp
i1LM7rBiETlaTCwG3gzL/F+BAslvnosLx4WxoqLKd+khOB3wJVoDPYrYuiJrSLJe
aYJjIjMruD+QIW3T4zdfK4fVqce6d1FisHYAUOfFXAYBDbircLU9ooF4KXqomeAS
JpfsnwRcS15Aft04z1vuSJQPOmVh6AJ04gYbr1sAEtUrGU4NQ7WqZNtcYlfVdj9m
9pon3ipnFu3XHxStetLYKkZNX+1a6yam44AeSGyMf529+jS8RGvvAw9Fr8KnpGd6
HFaQP+SVVi3bQddLUvF3w17SBai2wWSIGxIRzpHpdoJEhl+wUv/6USBh+VA=
-----END CERTIFICATE-----