Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa
File:                     76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa (raw, json)
Hash identifier:          VALNKCo2R1jDp/Ftfd79I0VC9XXz/HtG7VrWjVQI15A=
Subject key identifier:   A0:88:93:0F:FC:54:94:CB:B0:27:EC:A3:80:EA:71:3D:72:F9:19:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       178D3A7B326C7FAF07607742AC9E76D92BC0CE4C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa
Signing time:             Mon 08 Apr 2024 00:00:00 +0000
ROA not before:           Mon 08 Apr 2024 00:00:00 +0000
ROA not after:            Mon 13 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        47.10.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 25 Apr 2024 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:8d:3a:7b:32:6c:7f:af:07:60:77:42:ac:9e:76:d9:2b:c0:ce:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  8 00:00:00 2024 GMT
            Not After : May 13 23:59:59 2024 GMT
        Subject: serialNumber=879fe669319501c09cdc5830ecf63d8642a833a152406679fe32d174ff98b0e0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:57:3c:9a:6f:3b:8a:8a:4c:58:56:30:fe:f9:
                    aa:9d:81:f3:1f:4b:e1:31:51:73:9e:aa:2e:96:a2:
                    5c:07:cb:4f:40:28:8c:5c:eb:05:c0:34:e0:6f:7e:
                    01:ad:36:1c:97:b0:34:65:27:2a:39:1c:a2:3c:27:
                    1a:15:23:bf:4e:5e:96:a6:0d:b0:e8:4e:46:3a:a7:
                    f7:9a:0f:0d:d1:85:23:31:43:ee:41:c8:ca:5f:13:
                    d1:e8:71:49:78:7c:99:82:e5:49:0f:75:a7:85:d4:
                    c0:91:f0:e3:21:a2:35:f1:49:fc:c0:96:04:a2:66:
                    cd:cc:13:47:ad:f3:d4:04:f2:16:df:5c:8b:d4:1b:
                    24:82:27:62:9a:fe:81:fe:1d:0c:93:38:09:9c:64:
                    e7:4b:66:3c:5b:1b:d0:8c:c0:e8:58:b8:c3:2e:63:
                    95:b4:73:90:29:d4:b3:fa:93:e9:71:95:81:f1:fc:
                    67:3d:9b:e5:39:cc:18:e9:0a:ee:4f:44:9d:74:e2:
                    c7:7c:94:3e:54:5a:ed:92:33:51:5c:d0:97:e9:13:
                    06:a0:17:72:ba:43:77:c4:ae:5b:c6:ab:bf:5f:ad:
                    f4:65:38:96:64:9c:f3:59:59:c3:61:87:11:5d:bc:
                    85:f2:9b:17:62:94:91:1c:4e:11:b1:46:ad:ba:b2:
                    8a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:88:93:0F:FC:54:94:CB:B0:27:EC:A3:80:EA:71:3D:72:F9:19:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  47.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:1e:a7:df:00:40:47:65:16:73:7f:e4:95:01:4a:2a:48:aa:
         8f:d9:c8:5d:c1:f9:a2:75:ad:3b:f0:cd:c8:5d:86:35:99:01:
         12:74:d5:14:5a:59:f2:82:f9:de:3f:5c:80:08:87:48:c4:2c:
         9f:21:71:a6:dd:90:c0:12:ae:cf:25:63:24:b1:28:d4:85:fc:
         3a:35:7f:16:4d:89:2e:5a:a9:3d:c7:22:fe:d0:d6:8a:98:da:
         8f:d9:43:74:9f:fc:82:1a:a1:e4:d8:6e:50:22:65:14:2e:25:
         0f:21:f1:7d:e4:53:b6:5e:80:f6:54:5c:89:ee:03:8c:84:b5:
         6d:fa:5e:55:50:bc:00:f3:ed:e9:b4:b8:e7:2e:f4:3d:32:a3:
         cc:a6:d6:4d:8e:1b:9a:58:b9:59:96:84:54:a0:92:64:99:90:
         c4:5a:e4:8e:08:02:3c:a1:87:82:be:da:19:cc:2a:2b:bf:84:
         fc:53:e4:36:e7:bf:0c:1a:46:f4:1f:29:9f:a5:fb:0f:a5:2d:
         ca:3a:27:61:e0:b0:6a:51:67:42:3e:61:c4:a6:6c:48:d2:dc:
         04:25:e4:de:fd:2c:14:d1:c1:f8:ab:50:b6:33:3a:f0:8a:97:
         cc:ae:b1:6c:dc:07:25:5f:0f:0e:23:d3:6c:84:75:a2:d2:6f:
         84:15:5e:8b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF406ezJsf68HYHdCrJ522SvAzkwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNDA4MDAwMDAwWhcNMjQwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzlmZTY2OTMxOTUwMWMwOWNkYzU4MzBlY2Y2M2Q4NjQy
YTgzM2ExNTI0MDY2NzlmZTMyZDE3NGZmOThiMGUwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEVzyabzuKikxYVjD++aqdgfMfS+ExUXOeqi6WolwHy09A
KIxc6wXANOBvfgGtNhyXsDRlJyo5HKI8JxoVI79OXpamDbDoTkY6p/eaDw3RhSMx
Q+5ByMpfE9HocUl4fJmC5UkPdaeF1MCR8OMhojXxSfzAlgSiZs3ME0et89QE8hbf
XIvUGySCJ2Ka/oH+HQyTOAmcZOdLZjxbG9CMwOhYuMMuY5W0c5Ap1LP6k+lxlYHx
/Gc9m+U5zBjpCu5PRJ104sd8lD5UWu2SM1Fc0JfpEwagF3K6Q3fErlvGq79frfRl
OJZknPNZWcNhhxFdvIXymxdilJEcThGxRq26sopbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUoIiTD/xUlMuwJ+yjgOpxPXL5GYEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc2ZWIyMjc3LWIxODItNGNkMi1hNGIyLWVmNjVkYTI1NjVhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAvCjANBgkqhkiG9w0BAQsFAAOCAQEAoR6n3wBAR2UWc3/klQFKKkiqj9nI
XcH5onWtO/DNyF2GNZkBEnTVFFpZ8oL53j9cgAiHSMQsnyFxpt2QwBKuzyVjJLEo
1IX8OjV/Fk2JLlqpPcci/tDWipjaj9lDdJ/8ghqh5NhuUCJlFC4lDyHxfeRTtl6A
9lRcie4DjIS1bfpeVVC8APPt6bS45y70PTKjzKbWTY4bmli5WZaEVKCSZJmQxFrk
jggCPKGHgr7aGcwqK7+E/FPkNue/DBpG9B8pn6X7D6UtyjonYeCwalFnQj5hxKZs
SNLcBCXk3v0sFNHB+KtQtjM68IqXzK6xbNwHJV8PDiPTbIR1otJvhBVeiw==
-----END CERTIFICATE-----