Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85bfc804-a2b4-4976-a32e-f8c8576e63aa.roa
File:                     85bfc804-a2b4-4976-a32e-f8c8576e63aa.roa (raw, json)
Hash identifier:          NcpFVszN/TAqYKnKJ8bQ1pXTgcMCuB2waykHvE06Czc=
Subject key identifier:   42:55:D6:10:D1:20:AF:80:6D:B1:B7:4F:6F:34:9F:F4:AA:6F:C7:FC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       33E0CF95EE40AA2AF36176DA30A9FC7CE6E790E2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85bfc804-a2b4-4976-a32e-f8c8576e63aa.roa
Signing time:             Tue 19 Nov 2024 00:00:00 +0000
ROA not before:           Tue 19 Nov 2024 00:00:00 +0000
ROA not after:            Tue 24 Dec 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        18.188.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e0:cf:95:ee:40:aa:2a:f3:61:76:da:30:a9:fc:7c:e6:e7:90:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov 19 00:00:00 2024 GMT
            Not After : Dec 24 23:59:59 2024 GMT
        Subject: serialNumber=1aa31dbe53971fe93701280b5f08289825feded6263cbe6cd45050c7e7d1ab95, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:72:c4:7a:df:53:fb:ef:6b:37:9d:04:f7:a9:
                    ef:59:cb:83:16:a9:9d:e1:93:11:1c:72:fa:83:11:
                    f2:0e:cf:8d:74:bb:52:45:19:58:f8:1d:a7:db:b5:
                    73:d0:f5:4e:94:1d:27:51:82:b4:b5:6a:af:0a:ad:
                    26:5b:28:1e:3c:1f:69:72:9a:25:f6:d0:e9:c7:f7:
                    e5:01:a4:4d:a0:6a:00:0a:0f:20:3a:e2:46:8a:54:
                    07:99:bf:fe:15:95:f0:8c:b4:e5:a9:6a:f2:3a:4f:
                    db:16:1f:e8:4f:b2:7d:be:1c:24:9d:88:c4:50:f7:
                    4e:3e:d4:1f:b0:96:e1:fe:23:6c:a6:ca:31:ac:94:
                    1e:8c:58:e2:8b:54:4b:d3:49:3c:6f:84:26:17:cb:
                    35:a9:01:94:57:f9:d7:24:fc:07:5d:b3:49:9b:58:
                    3f:b2:6d:6f:19:88:bb:80:01:e8:c2:d6:56:d3:73:
                    fc:6b:3e:2d:46:dd:9b:61:78:cc:c7:8b:df:8a:85:
                    40:cc:a7:60:75:66:40:42:58:52:27:e4:56:4a:95:
                    4b:32:1d:1a:fe:bf:e9:61:13:e2:68:60:98:c9:f6:
                    ee:df:76:aa:d6:e9:17:c3:87:99:2b:a1:85:28:72:
                    a2:6e:3c:86:8e:68:af:92:40:1c:05:3b:44:71:76:
                    8a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:55:D6:10:D1:20:AF:80:6D:B1:B7:4F:6F:34:9F:F4:AA:6F:C7:FC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85bfc804-a2b4-4976-a32e-f8c8576e63aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.188.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0b:69:2f:e2:29:3d:fd:a3:fa:99:9d:9b:87:b0:de:71:07:65:
         b7:ac:a4:3f:dc:6c:b5:1d:e6:29:07:3f:f7:c5:c2:de:cc:74:
         be:a2:78:f3:10:b0:3f:bd:ca:b6:be:da:26:e4:25:d7:ac:34:
         15:3d:66:43:72:fb:6b:b1:6b:81:78:69:74:85:de:73:65:5e:
         a6:b6:80:1a:59:86:34:81:02:d7:b9:75:b7:69:1b:d5:92:6e:
         25:db:7f:a0:bf:9a:78:37:13:e7:23:e3:1e:84:a2:da:c5:1e:
         ae:c7:9e:13:4f:ba:eb:94:d5:25:fe:51:61:f1:2e:f3:98:b4:
         ab:49:a4:5d:4e:d8:cc:73:4c:3d:61:21:d3:8a:46:5a:f3:e2:
         cd:96:d3:c6:a7:f8:aa:9e:5c:81:9d:7b:78:1b:9a:14:aa:b5:
         2c:0f:b7:73:a2:27:3f:a8:0c:7b:27:99:c7:b3:00:56:d5:00:
         44:4e:fd:07:91:eb:81:bd:0d:c4:23:a9:5a:fa:9b:8a:4b:80:
         42:14:0a:c1:9d:2b:a2:72:9c:f8:1b:e4:77:80:ba:fd:c8:1d:
         ee:0c:d6:67:dd:02:2f:74:f3:55:9c:1a:dc:07:44:a9:8d:65:
         fa:ee:6e:b6:4c:fc:15:f8:a2:c1:c8:e1:62:55:9d:eb:9f:17:
         6a:4e:e9:38
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUM+DPle5AqirzYXbaMKn8fObnkOIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMTE5MDAwMDAwWhcNMjQxMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYWEzMWRiZTUzOTcxZmU5MzcwMTI4MGI1ZjA4Mjg5ODI1
ZmVkZWQ2MjYzY2JlNmNkNDUwNTBjN2U3ZDFhYjk1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5csR631P772s3nQT3qe9Zy4MWqZ3hkxEccvqDEfIOz410
u1JFGVj4HafbtXPQ9U6UHSdRgrS1aq8KrSZbKB48H2lymiX20OnH9+UBpE2gagAK
DyA64kaKVAeZv/4VlfCMtOWpavI6T9sWH+hPsn2+HCSdiMRQ904+1B+wluH+I2ym
yjGslB6MWOKLVEvTSTxvhCYXyzWpAZRX+dck/Adds0mbWD+ybW8ZiLuAAejC1lbT
c/xrPi1G3ZtheMzHi9+KhUDMp2B1ZkBCWFIn5FZKlUsyHRr+v+lhE+JoYJjJ9u7f
dqrW6RfDh5kroYUocqJuPIaOaK+SQBwFO0Rxdor/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQlXWENEgr4BtsbdPbzSf9Kpvx/wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1YmZjODA0LWEyYjQtNDk3Ni1hMzJlLWY4Yzg1NzZlNjNhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASvDANBgkqhkiG9w0BAQsFAAOCAQEAC2kv4ik9/aP6mZ2bh7DecQdlt6yk
P9xstR3mKQc/98XC3sx0vqJ48xCwP73Ktr7aJuQl16w0FT1mQ3L7a7FrgXhpdIXe
c2VepraAGlmGNIEC17l1t2kb1ZJuJdt/oL+aeDcT5yPjHoSi2sUerseeE0+665TV
Jf5RYfEu85i0q0mkXU7YzHNMPWEh04pGWvPizZbTxqf4qp5cgZ17eBuaFKq1LA+3
c6InP6gMeyeZx7MAVtUARE79B5Hrgb0NxCOpWvqbikuAQhQKwZ0ronKc+Bvkd4C6
/cgd7gzWZ90CL3TzVZwa3AdEqY1l+u5utkz8FfiiwcjhYlWd658Xak7pOA==
-----END CERTIFICATE-----