Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ab011af-fada-4c8e-b056-1a9dfdb769da.roa
File:                     3ab011af-fada-4c8e-b056-1a9dfdb769da.roa (raw, json)
Hash identifier:          9iK94plIp0DlRJyA5EpBYVwTqvX9ztr/GA0gDgE55uQ=
Subject key identifier:   D6:3D:10:76:3F:A3:2B:32:51:66:92:F5:64:F0:24:1A:3B:3F:D4:96
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4DEA485CFE4856D09C3EAD3F3B96FFF1A9613D3D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ab011af-fada-4c8e-b056-1a9dfdb769da.roa
Signing time:             Tue 29 Oct 2024 00:00:00 +0000
ROA not before:           Tue 29 Oct 2024 00:00:00 +0000
ROA not after:            Tue 03 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        52.119.224.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 27 Nov 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ea:48:5c:fe:48:56:d0:9c:3e:ad:3f:3b:96:ff:f1:a9:61:3d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 29 00:00:00 2024 GMT
            Not After : Dec  3 23:59:59 2024 GMT
        Subject: serialNumber=802c1f7401a6237acdaa169b4fd95b1200c7f8beac94bca4d890960fb5eff8fb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:87:e9:f2:c2:0a:92:a2:34:52:ab:c0:6a:d3:
                    3c:61:4a:5e:0a:3f:65:cb:5b:a4:81:14:8c:a5:6d:
                    ec:4c:47:bb:01:b0:55:b3:57:9e:2c:aa:17:2b:29:
                    e6:ff:6b:97:3f:4d:f1:4b:9a:92:b5:bf:a0:0e:ed:
                    2a:cb:55:ce:49:e3:37:2c:ce:12:5a:be:83:04:39:
                    2b:25:bf:36:07:03:f2:be:2e:1a:50:12:f5:91:51:
                    a3:13:18:03:bf:35:f3:85:29:f6:6a:d5:a6:3d:97:
                    7e:8d:44:19:92:ab:32:4d:d8:13:c4:37:e2:0d:d3:
                    0d:22:30:19:22:ea:4e:a5:65:ae:2b:55:f4:9b:9d:
                    b2:19:2c:27:5a:e6:fe:dd:a2:c4:a5:0c:1f:89:14:
                    73:1c:c6:b2:72:26:2e:25:0b:57:fb:6d:31:3f:47:
                    f4:37:4c:ff:ec:8e:5c:00:16:65:b8:52:08:9e:64:
                    a3:ca:0f:50:03:85:16:a5:f3:3a:9a:d1:a1:7f:bd:
                    6b:25:04:47:8e:78:7f:6b:05:a8:76:c9:c0:ab:30:
                    9b:02:a6:bf:29:15:59:f2:13:6b:81:bf:9d:76:2b:
                    2e:ee:e4:9e:85:1b:63:1b:bb:0b:22:4b:ef:c6:1a:
                    f7:c9:c1:27:b9:02:7f:bc:65:0c:b9:89:02:00:97:
                    44:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3D:10:76:3F:A3:2B:32:51:66:92:F5:64:F0:24:1A:3B:3F:D4:96
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ab011af-fada-4c8e-b056-1a9dfdb769da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         69:7b:d0:7d:58:c3:c6:cf:eb:c7:e3:f1:86:69:2c:9c:94:46:
         4c:46:17:50:c2:52:fe:e6:12:cf:05:f6:70:fe:37:c6:e2:a1:
         38:f4:3f:bb:16:c6:0d:ec:50:15:da:86:c5:67:d3:31:9d:b1:
         3e:78:17:43:78:4d:81:a1:4f:cd:15:ac:b7:97:be:db:17:1b:
         d0:25:af:64:f4:8c:22:0c:68:53:e1:ce:1b:f3:1a:28:b5:07:
         29:6a:bd:16:f0:b8:cb:f0:d7:b3:51:14:58:41:ce:23:ea:9f:
         67:9c:84:bb:1a:a9:1c:97:71:47:17:ae:c5:51:34:4f:35:57:
         9e:c1:d7:7e:11:3b:fa:08:08:2d:c2:b9:c5:b3:ca:7b:64:7e:
         52:60:8f:5f:0e:61:0e:58:bb:36:1b:4e:1b:13:98:48:48:41:
         46:c1:ef:36:22:e1:32:fa:7c:30:e2:dc:c0:08:c8:e6:a0:26:
         69:ad:f8:0a:26:4a:f1:34:89:01:9d:18:cc:e0:56:0d:68:29:
         5c:dd:e5:fe:24:df:b9:46:08:93:86:e4:4a:8b:3c:a4:66:3f:
         0b:13:03:88:e5:86:f7:1d:10:03:d9:ed:64:82:59:c3:a8:5e:
         aa:23:c4:e5:83:12:ec:aa:20:1d:38:c0:3e:a0:5a:59:e7:07:
         dd:11:01:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTepIXP5IVtCcPq0/O5b/8alhPT0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMDI5MDAwMDAwWhcNMjQxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDJjMWY3NDAxYTYyMzdhY2RhYTE2OWI0ZmQ5NWIxMjAw
YzdmOGJlYWM5NGJjYTRkODkwOTYwZmI1ZWZmOGZiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIh+nywgqSojRSq8Bq0zxhSl4KP2XLW6SBFIylbexMR7sB
sFWzV54sqhcrKeb/a5c/TfFLmpK1v6AO7SrLVc5J4zcszhJavoMEOSslvzYHA/K+
LhpQEvWRUaMTGAO/NfOFKfZq1aY9l36NRBmSqzJN2BPEN+IN0w0iMBki6k6lZa4r
VfSbnbIZLCda5v7dosSlDB+JFHMcxrJyJi4lC1f7bTE/R/Q3TP/sjlwAFmW4Ugie
ZKPKD1ADhRal8zqa0aF/vWslBEeOeH9rBah2ycCrMJsCpr8pFVnyE2uBv512Ky7u
5J6FG2MbuwsiS+/GGvfJwSe5An+8ZQy5iQIAl0SbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1j0Qdj+jKzJRZpL1ZPAkGjs/1JYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhYjAxMWFmLWZhZGEtNGM4ZS1iMDU2LTFhOWRmZGI3NjlkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM0d+AwDQYJKoZIhvcNAQELBQADggEBAGl70H1Yw8bP68fj8YZpLJyURkxG
F1DCUv7mEs8F9nD+N8bioTj0P7sWxg3sUBXahsVn0zGdsT54F0N4TYGhT80VrLeX
vtsXG9Alr2T0jCIMaFPhzhvzGii1BylqvRbwuMvw17NRFFhBziPqn2echLsaqRyX
cUcXrsVRNE81V57B134RO/oICC3CucWzyntkflJgj18OYQ5YuzYbThsTmEhIQUbB
7zYi4TL6fDDi3MAIyOagJmmt+AomSvE0iQGdGMzgVg1oKVzd5f4k37lGCJOG5EqL
PKRmPwsTA4jlhvcdEAPZ7WSCWcOoXqojxOWDEuyqIB04wD6gWlnnB90RAco=
-----END CERTIFICATE-----