Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70cfbc47-a64a-4cd8-a271-ff8c8b9efe87.roa
File:                     70cfbc47-a64a-4cd8-a271-ff8c8b9efe87.roa (raw, json)
Hash identifier:          G5BThUJRjfR0yxRAUygBjS1vCJvVl5y/44BLs7wbgzo=
Subject key identifier:   6A:24:38:03:CD:E8:0B:BF:32:76:2D:79:3E:EE:C3:95:B0:71:0C:7E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       18D6EFD7267F44083E05CC47135D70CBF0E7AE02
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70cfbc47-a64a-4cd8-a271-ff8c8b9efe87.roa
Signing time:             Mon 08 Apr 2024 00:00:00 +0000
ROA not before:           Mon 08 Apr 2024 00:00:00 +0000
ROA not after:            Mon 13 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        15.170.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 27 Apr 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:d6:ef:d7:26:7f:44:08:3e:05:cc:47:13:5d:70:cb:f0:e7:ae:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  8 00:00:00 2024 GMT
            Not After : May 13 23:59:59 2024 GMT
        Subject: serialNumber=fd3fb904bc566ca02009e57d5ac8fa3606c9c68fb575576fd6148c1e2f811c11, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:f3:c3:f9:01:d2:18:3e:36:ab:bc:26:a1:86:
                    4c:f7:e9:87:94:fa:1c:fb:3c:9a:c9:b9:9c:65:c9:
                    cc:d8:99:1f:af:20:4e:88:43:5d:c0:e8:a4:12:42:
                    08:3d:4f:42:94:50:cf:14:b3:6b:09:32:78:0e:12:
                    93:4e:0c:b3:6e:49:92:9a:75:b0:be:c3:f0:5a:73:
                    75:08:ef:ca:96:9a:c1:d8:6a:5b:91:0d:df:23:3e:
                    8f:41:39:ed:a5:1e:d2:6e:d6:76:41:f1:9f:ba:0c:
                    d4:b8:6b:0d:1f:b0:d1:96:9c:45:12:36:50:22:b2:
                    ca:84:7c:d3:80:3f:71:c9:75:63:d4:b0:f8:a5:ee:
                    0f:28:52:7d:61:17:15:6b:a6:e2:07:1a:a1:9e:a4:
                    96:9d:18:7c:c6:73:fc:9c:6d:b6:44:69:a7:eb:93:
                    c8:88:5f:4c:9f:71:d7:a0:1c:d4:96:c1:a8:87:b7:
                    f4:97:f8:91:5f:53:ae:97:62:4b:75:9d:ab:43:2f:
                    33:77:57:74:23:55:de:02:7f:8a:63:80:e8:9c:77:
                    59:db:e3:3d:ce:14:e4:fd:da:57:d9:70:14:9e:9a:
                    3b:6a:77:0a:2a:2f:c6:d9:08:c6:15:d8:32:29:b6:
                    2b:d1:22:38:76:f7:f4:87:b6:93:a5:dc:be:08:b9:
                    0d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:24:38:03:CD:E8:0B:BF:32:76:2D:79:3E:EE:C3:95:B0:71:0C:7E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70cfbc47-a64a-4cd8-a271-ff8c8b9efe87.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.170.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6d:54:ce:8a:a4:e8:f8:b9:d5:5d:9b:8b:34:21:7f:6f:af:35:
         f6:da:e8:2f:34:c7:ad:06:45:79:03:c7:a9:ae:90:46:3b:3e:
         57:7a:4a:e8:64:19:26:3e:49:b2:ae:d3:87:1f:06:98:6c:6c:
         22:56:72:08:87:d4:07:cf:0d:3c:06:40:d4:08:e1:02:60:b6:
         d7:f5:bd:60:7f:eb:c5:75:33:69:57:e8:15:5d:d2:b5:60:cc:
         37:69:6b:05:bb:56:0f:23:0f:00:04:d8:03:60:e4:ee:e9:c6:
         d8:99:68:65:36:9e:0f:48:b8:1c:0e:d9:2b:ee:41:29:d5:ed:
         01:45:62:4e:78:54:42:06:88:2d:39:e9:74:07:9f:9f:da:8c:
         fb:c0:20:27:f6:95:82:fa:a2:74:78:7f:21:7e:6a:64:60:bc:
         ed:fa:0b:60:17:d7:d9:90:17:20:8f:f6:3c:1c:e7:77:3f:9a:
         ee:0c:b6:3d:03:23:95:b4:a6:5d:5b:3e:56:a0:99:d2:be:d1:
         f0:ef:11:cd:4e:f9:8e:47:77:b0:8e:95:be:0d:e2:06:8e:7d:
         79:89:c3:56:76:9a:14:17:68:31:ce:bb:7c:d9:6d:15:f9:28:
         8a:8c:18:a5:57:20:5b:ec:b3:64:7c:b3:c8:ea:46:e3:f7:93:
         51:2d:05:7b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGNbv1yZ/RAg+BcxHE11wy/DnrgIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNDA4MDAwMDAwWhcNMjQwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDNmYjkwNGJjNTY2Y2EwMjAwOWU1N2Q1YWM4ZmEzNjA2
YzljNjhmYjU3NTU3NmZkNjE0OGMxZTJmODExYzExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDn88P5AdIYPjarvCahhkz36YeU+hz7PJrJuZxlyczYmR+v
IE6IQ13A6KQSQgg9T0KUUM8Us2sJMngOEpNODLNuSZKadbC+w/Bac3UI78qWmsHY
aluRDd8jPo9BOe2lHtJu1nZB8Z+6DNS4aw0fsNGWnEUSNlAissqEfNOAP3HJdWPU
sPil7g8oUn1hFxVrpuIHGqGepJadGHzGc/ycbbZEaafrk8iIX0yfcdegHNSWwaiH
t/SX+JFfU66XYkt1natDLzN3V3QjVd4Cf4pjgOicd1nb4z3OFOT92lfZcBSemjtq
dwoqL8bZCMYV2DIptivRIjh29/SHtpOl3L4IuQ05AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUaiQ4A83oC78ydi15Pu7DlbBxDH4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcwY2ZiYzQ3LWE2NGEtNGNkOC1hMjcxLWZmOGM4YjllZmU4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPqjANBgkqhkiG9w0BAQsFAAOCAQEAbVTOiqTo+LnVXZuLNCF/b6819tro
LzTHrQZFeQPHqa6QRjs+V3pK6GQZJj5Jsq7Thx8GmGxsIlZyCIfUB88NPAZA1Ajh
AmC21/W9YH/rxXUzaVfoFV3StWDMN2lrBbtWDyMPAATYA2Dk7unG2JloZTaeD0i4
HA7ZK+5BKdXtAUViTnhUQgaILTnpdAefn9qM+8AgJ/aVgvqidHh/IX5qZGC87foL
YBfX2ZAXII/2PBzndz+a7gy2PQMjlbSmXVs+VqCZ0r7R8O8RzU75jkd3sI6Vvg3i
Bo59eYnDVnaaFBdoMc67fNltFfkoiowYpVcgW+yzZHyzyOpG4/eTUS0Few==
-----END CERTIFICATE-----