Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/19961e7b-21a5-4f0d-afbb-3c582eb8407f.roa
File:                     19961e7b-21a5-4f0d-afbb-3c582eb8407f.roa (raw, json)
Hash identifier:          vtmfKxDgzrt1Bsn4BYH/giPa+ANb8vR0YcdN166eySY=
Subject key identifier:   DB:57:C6:FD:5A:44:DB:04:FD:29:07:23:FE:A1:64:1C:E9:CC:E1:B9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0165DD9921F848EC6FF3EE9EA830EA362AB28B28
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/19961e7b-21a5-4f0d-afbb-3c582eb8407f.roa
Signing time:             Fri 05 Apr 2024 00:00:00 +0000
ROA not before:           Fri 05 Apr 2024 00:00:00 +0000
ROA not after:            Fri 10 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        15.181.0.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Apr 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:65:dd:99:21:f8:48:ec:6f:f3:ee:9e:a8:30:ea:36:2a:b2:8b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  5 00:00:00 2024 GMT
            Not After : May 10 23:59:59 2024 GMT
        Subject: serialNumber=93041d25c8759130a8db34476bd203eaa58c1681792263ef03af16f7ae8e0d05, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9f:99:b0:b9:f7:04:d0:4e:f4:31:eb:dd:27:
                    34:56:d3:f9:32:07:ed:68:8b:2e:8b:6a:2c:34:31:
                    33:06:43:a4:15:fb:b7:e2:90:d9:c6:9e:de:ca:60:
                    95:22:a0:b3:17:9e:bc:e0:c3:12:03:df:21:60:af:
                    b3:e9:0a:8b:f2:64:38:1f:9f:df:43:60:8d:af:96:
                    de:72:68:5d:1d:a4:75:e7:6c:65:96:ba:af:b5:4b:
                    f6:e9:c3:67:05:2b:64:0b:5f:a6:da:bf:23:6c:0d:
                    dd:f0:06:61:b6:6f:8d:c7:47:e8:cf:04:a1:6d:14:
                    a7:c0:ad:ec:84:49:58:68:97:9f:23:37:57:22:19:
                    cc:f8:34:1f:6d:d9:f4:80:5c:76:8f:8c:d0:2a:c3:
                    cd:96:ba:29:84:5c:5b:79:c5:34:6e:fc:20:43:34:
                    78:ee:89:50:1a:24:0c:44:09:87:be:5d:be:bf:61:
                    f1:bb:5a:1c:d9:25:46:0d:c0:1d:66:93:dc:8e:56:
                    15:4e:c6:55:47:fa:b8:a2:a3:d3:b2:d1:ce:25:57:
                    7c:db:79:01:cc:8c:5c:a7:9b:38:0c:3e:e1:0f:f6:
                    f2:65:84:2e:99:3a:17:fd:42:74:49:23:a6:9a:54:
                    1c:14:c4:46:df:e8:4c:17:1f:52:2c:15:0b:5b:c1:
                    6f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:57:C6:FD:5A:44:DB:04:FD:29:07:23:FE:A1:64:1C:E9:CC:E1:B9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/19961e7b-21a5-4f0d-afbb-3c582eb8407f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.181.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0b:4c:74:c8:e0:7b:1f:54:d1:c3:88:24:49:50:8f:a8:73:cf:
         a7:59:79:17:13:d9:e2:0c:f7:04:87:59:63:a4:ee:24:de:12:
         4f:44:a6:53:60:7d:41:cd:72:29:da:37:b7:f6:be:88:ba:2c:
         56:28:a5:f5:f6:c3:cf:4d:0c:27:4b:c6:8f:79:28:c1:02:ed:
         85:75:1c:13:84:33:f6:32:67:49:7a:d8:45:24:ca:2b:ca:41:
         4c:e0:eb:6f:67:f5:ca:0d:60:58:f5:68:11:76:91:9f:ab:3f:
         07:cc:b9:04:4a:45:21:be:1a:cc:24:15:af:f2:f8:85:80:f9:
         9f:26:2a:bb:66:bd:2b:8b:d2:02:a3:5e:04:66:7d:92:cf:77:
         14:89:4d:54:15:b6:e3:7b:cd:70:78:cc:28:9f:8e:53:e3:51:
         13:68:c0:88:c5:e8:ff:99:c5:d4:ee:c2:0d:cb:b8:95:09:6c:
         be:04:4a:76:19:82:75:63:32:84:6d:67:16:f8:d9:86:84:72:
         0d:36:e3:c9:e3:19:2b:a2:48:56:e0:b3:e1:d8:5f:8e:45:9c:
         fb:1e:cd:81:1b:98:b8:bf:c7:c3:0d:12:34:2f:1c:da:5c:42:
         cd:9f:31:29:99:fe:98:25:f2:94:61:fa:22:64:97:5c:5e:38:
         cf:51:df:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAWXdmSH4SOxv8+6eqDDqNiqyiygwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNDA1MDAwMDAwWhcNMjQwNTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzA0MWQyNWM4NzU5MTMwYThkYjM0NDc2YmQyMDNlYWE1
OGMxNjgxNzkyMjYzZWYwM2FmMTZmN2FlOGUwZDA1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvn5mwufcE0E70MevdJzRW0/kyB+1oiy6Laiw0MTMGQ6QV
+7fikNnGnt7KYJUioLMXnrzgwxID3yFgr7PpCovyZDgfn99DYI2vlt5yaF0dpHXn
bGWWuq+1S/bpw2cFK2QLX6bavyNsDd3wBmG2b43HR+jPBKFtFKfAreyESVhol58j
N1ciGcz4NB9t2fSAXHaPjNAqw82WuimEXFt5xTRu/CBDNHjuiVAaJAxECYe+Xb6/
YfG7WhzZJUYNwB1mk9yOVhVOxlVH+riio9Oy0c4lV3zbeQHMjFynmzgMPuEP9vJl
hC6ZOhf9QnRJI6aaVBwUxEbf6EwXH1IsFQtbwW+9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU21fG/VpE2wT9KQcj/qFkHOnM4bkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE5OTYxZTdiLTIxYTUtNGYwZC1hZmJiLTNjNTgyZWI4NDA3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQPtQAwDQYJKoZIhvcNAQELBQADggEBAAtMdMjgex9U0cOIJElQj6hzz6dZ
eRcT2eIM9wSHWWOk7iTeEk9EplNgfUHNcinaN7f2voi6LFYopfX2w89NDCdLxo95
KMEC7YV1HBOEM/YyZ0l62EUkyivKQUzg629n9coNYFj1aBF2kZ+rPwfMuQRKRSG+
GswkFa/y+IWA+Z8mKrtmvSuL0gKjXgRmfZLPdxSJTVQVtuN7zXB4zCifjlPjURNo
wIjF6P+ZxdTuwg3LuJUJbL4ESnYZgnVjMoRtZxb42YaEcg0248njGSuiSFbgs+HY
X45FnPsezYEbmLi/x8MNEjQvHNpcQs2fMSmZ/pgl8pRh+iJkl1xeOM9R3ws=
-----END CERTIFICATE-----