Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa
File:                     3b70b41d-e89c-4531-9695-c56d4fbbf712.roa (raw, json)
Hash identifier:          Evu6iWA/rCyAIW5Fv2e5NvZ8z0kR3zItha5uODpmJx8=
Subject key identifier:   01:FD:85:A8:BC:B3:FF:63:02:24:FF:B2:F5:5F:C4:A0:EB:BE:D3:75
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       509ADB5BAB26CA550EE0C94C5EFB433BD4FE02DE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa
Signing time:             Mon 15 Jul 2024 00:00:00 +0000
ROA not before:           Mon 15 Jul 2024 00:00:00 +0000
ROA not after:            Mon 19 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        3.3.0.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 28 Jul 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:9a:db:5b:ab:26:ca:55:0e:e0:c9:4c:5e:fb:43:3b:d4:fe:02:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 15 00:00:00 2024 GMT
            Not After : Aug 19 23:59:59 2024 GMT
        Subject: serialNumber=fab292185024e1cc0a608eed2898ddf66f9b1347d445883a0d20f60423df7929, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:74:85:96:ee:e5:2b:0c:6e:6d:13:87:05:13:
                    02:05:b0:5b:18:92:a6:7b:ca:8e:14:fa:61:5a:5e:
                    6f:db:10:63:84:fa:73:c0:a1:51:2b:19:9c:75:2a:
                    8d:97:47:15:d8:9f:67:a7:91:69:64:b3:5f:cb:30:
                    a5:1b:ac:ea:2f:5f:6f:2c:5f:09:34:55:8f:a6:9e:
                    fb:4c:e3:cc:67:b1:44:82:49:96:10:9e:2b:14:09:
                    03:a0:fa:3c:a7:c6:17:df:bf:b6:f4:f8:48:c5:ba:
                    6b:43:bf:92:b4:0d:6a:34:9e:1d:63:cd:b5:25:6e:
                    b6:9a:9a:cc:64:e8:d1:14:fa:6c:ca:08:ea:95:d5:
                    7d:f3:73:b2:da:5d:6b:63:4c:3a:20:6f:1b:92:e4:
                    7f:ca:35:68:87:7f:a5:a3:db:73:e2:c6:1b:7b:e3:
                    61:48:02:7e:40:7f:77:7d:81:11:92:b4:bf:e6:07:
                    10:fa:64:e5:6a:94:7c:b0:78:08:fb:1e:2b:a4:54:
                    bc:68:3a:3b:cf:74:59:72:74:2a:d9:81:9f:71:d4:
                    2f:f7:83:30:58:bd:26:e1:9a:03:92:2b:45:3a:a3:
                    04:ba:55:b6:77:d3:d1:eb:ee:5e:5e:4d:fa:57:ee:
                    37:18:8b:df:fb:f5:ea:e4:7a:02:10:fe:d2:c3:55:
                    02:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:FD:85:A8:BC:B3:FF:63:02:24:FF:B2:F5:5F:C4:A0:EB:BE:D3:75
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.3.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:2c:f0:2b:6d:2d:f6:ec:1a:65:98:b6:52:fc:f6:aa:c7:67:
         be:8a:67:fc:bd:bc:40:55:12:de:1a:ac:a1:a5:f3:07:01:0c:
         2b:bd:b2:2c:5f:92:0c:ec:7a:f7:b4:74:56:b7:ce:48:a0:2f:
         a6:98:6b:88:30:1b:8d:37:22:49:71:25:6b:e4:a8:79:58:a1:
         52:59:bc:ab:13:82:02:02:c5:58:b7:6a:03:47:c6:d2:01:45:
         43:fc:0c:ce:38:51:04:6e:3e:2a:03:ed:bf:d7:b2:8d:b5:85:
         bc:eb:41:97:4c:67:1c:b2:ab:db:b5:cf:b6:3e:ee:03:da:92:
         b4:2a:04:f9:9d:dd:aa:a7:e5:e5:e8:d8:8b:98:fd:51:d2:00:
         56:f5:18:ca:88:69:9e:58:93:8e:3f:57:80:6a:8c:a1:2d:de:
         8f:ae:b1:ee:71:2e:64:88:38:0e:96:20:52:64:09:f9:09:60:
         38:e5:41:b6:1e:cb:2c:eb:dd:c1:a8:75:cc:d7:9d:b9:84:e1:
         f9:4a:7f:19:70:1d:c1:33:8d:e2:86:64:c3:16:d4:c0:b8:e6:
         14:b7:80:3a:c9:bd:e5:d0:81:d5:cf:f6:c1:2a:fd:a2:0c:05:
         f8:1b:2c:27:2c:23:6a:0b:93:1e:b3:0b:ec:25:e9:27:5b:2a:
         d1:80:57:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUJrbW6smylUO4MlMXvtDO9T+At4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNzE1MDAwMDAwWhcNMjQwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWIyOTIxODUwMjRlMWNjMGE2MDhlZWQyODk4ZGRmNjZm
OWIxMzQ3ZDQ0NTg4M2EwZDIwZjYwNDIzZGY3OTI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvdIWW7uUrDG5tE4cFEwIFsFsYkqZ7yo4U+mFaXm/bEGOE
+nPAoVErGZx1Ko2XRxXYn2enkWlks1/LMKUbrOovX28sXwk0VY+mnvtM48xnsUSC
SZYQnisUCQOg+jynxhffv7b0+EjFumtDv5K0DWo0nh1jzbUlbraamsxk6NEU+mzK
COqV1X3zc7LaXWtjTDogbxuS5H/KNWiHf6Wj23Pixht742FIAn5Af3d9gRGStL/m
BxD6ZOVqlHyweAj7HiukVLxoOjvPdFlydCrZgZ9x1C/3gzBYvSbhmgOSK0U6owS6
VbZ309Hr7l5eTfpX7jcYi9/79erkegIQ/tLDVQLxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAf2FqLyz/2MCJP+y9V/EoOu+03UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiNzBiNDFkLWU4OWMtNDUzMS05Njk1LWM1NmQ0ZmJiZjcxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDAwAwDQYJKoZIhvcNAQELBQADggEBADMs8CttLfbsGmWYtlL89qrHZ76K
Z/y9vEBVEt4arKGl8wcBDCu9sixfkgzseve0dFa3zkigL6aYa4gwG403IklxJWvk
qHlYoVJZvKsTggICxVi3agNHxtIBRUP8DM44UQRuPioD7b/Xso21hbzrQZdMZxyy
q9u1z7Y+7gPakrQqBPmd3aqn5eXo2IuY/VHSAFb1GMqIaZ5Yk44/V4BqjKEt3o+u
se5xLmSIOA6WIFJkCfkJYDjlQbYeyyzr3cGodczXnbmE4flKfxlwHcEzjeKGZMMW
1MC45hS3gDrJveXQgdXP9sEq/aIMBfgbLCcsI2oLkx6zC+wl6SdbKtGAV1Q=
-----END CERTIFICATE-----