Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f216b0-ae5e-4b61-8da2-6ec525295ebe.roa
File:                     88f216b0-ae5e-4b61-8da2-6ec525295ebe.roa (raw, json)
Hash identifier:          GMwYJspxHev09t/Sn9E6QDomBESRAROoC3R50fg8Fq4=
Subject key identifier:   10:0A:03:69:D4:16:EC:BD:A7:22:22:A9:98:6D:AE:00:88:90:8F:92
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7DFF843A952A05D5CCABFEE70331617FF6DC4CDE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f216b0-ae5e-4b61-8da2-6ec525295ebe.roa
Signing time:             Fri 19 Jul 2024 00:00:00 +0000
ROA not before:           Fri 19 Jul 2024 00:00:00 +0000
ROA not after:            Fri 23 Aug 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        18.163.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 28 Jul 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ff:84:3a:95:2a:05:d5:cc:ab:fe:e7:03:31:61:7f:f6:dc:4c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 19 00:00:00 2024 GMT
            Not After : Aug 23 23:59:59 2024 GMT
        Subject: serialNumber=219fdf4b6579115b8653a617bc9ba2969ab22bbb8d4c952ebdc095a71ad98a16, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:90:34:5e:ad:90:ca:3c:0d:28:52:b8:63:d5:
                    28:3b:de:18:c7:9b:f0:4b:6c:09:97:03:8a:4b:ac:
                    34:04:1d:d7:c0:cc:d5:21:15:d6:53:17:43:0c:ed:
                    42:4d:5b:ef:29:08:e9:89:79:97:c0:89:6f:4b:a2:
                    53:45:52:72:c7:45:58:86:7f:b7:3e:e2:37:32:69:
                    19:33:14:8f:cb:a6:22:4e:b6:79:1e:15:05:5e:7b:
                    0b:f0:bf:6e:4f:19:5d:d5:62:a1:79:c2:d2:2c:fe:
                    00:bb:fe:4c:17:bb:93:44:39:6f:7c:34:db:85:57:
                    82:03:c6:d0:60:ef:31:eb:9d:71:1d:a5:07:bd:fc:
                    bd:68:f5:01:3b:82:67:76:c5:15:d2:97:eb:80:f0:
                    30:aa:a8:5a:b3:14:92:09:a3:c9:3b:3c:8d:d4:e0:
                    d3:a5:0e:ef:bf:61:18:02:fc:44:fc:f8:69:63:d2:
                    b7:4c:8e:52:fa:f2:9d:8d:03:4a:c2:ff:4b:d3:e9:
                    96:f1:91:e9:e8:12:bf:8f:56:9f:60:04:5b:4c:77:
                    ec:ce:5a:ba:69:3f:6c:61:36:16:44:d0:9a:3a:7a:
                    b0:9d:bf:ec:0b:a5:b7:ed:ef:da:0f:f9:8f:3b:17:
                    9b:35:1d:7f:35:a1:5a:2f:57:eb:9a:79:f0:4d:34:
                    74:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:0A:03:69:D4:16:EC:BD:A7:22:22:A9:98:6D:AE:00:88:90:8F:92
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f216b0-ae5e-4b61-8da2-6ec525295ebe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.163.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         71:28:3f:1c:3a:9d:da:58:94:4f:28:46:65:ca:98:41:09:ec:
         fe:9d:88:91:f3:d0:ef:bb:55:f0:84:f7:00:b1:a5:8d:bb:9e:
         59:aa:66:04:33:21:be:39:2e:24:d3:51:e8:25:2f:cd:29:54:
         f2:97:7d:3e:19:50:73:52:f7:44:41:78:ce:1e:38:77:ae:53:
         51:40:3b:c8:93:3d:af:32:75:5b:a8:1f:d5:8c:e6:62:bd:29:
         2e:b8:d3:70:30:d9:57:6d:6b:77:4f:23:ba:f8:9e:90:ff:70:
         75:23:be:ee:ef:13:20:f3:cf:4d:57:3b:b3:16:f8:99:0b:a8:
         83:37:35:fa:e5:dd:a0:4e:5c:9a:21:6e:81:ad:2f:8d:b0:19:
         71:e5:ab:31:9e:01:4b:83:9a:22:d1:55:d3:03:3c:46:5b:67:
         c7:2f:d2:7e:e6:3c:1b:c9:0b:fe:62:9f:0b:ed:ec:9f:3f:46:
         57:c2:05:72:80:9b:66:74:1a:e5:2e:c4:8a:4d:68:7f:fe:d8:
         9a:a6:c7:f9:20:41:4b:68:10:73:49:08:1d:dd:ae:e2:b6:bc:
         3c:f8:d8:10:82:f3:8b:29:c4:f1:04:95:19:2d:e2:ba:e2:cd:
         0d:a7:09:18:ac:2a:e0:4f:79:f1:b0:b0:ee:71:64:e5:e9:e7:
         b1:e1:fc:49
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUff+EOpUqBdXMq/7nAzFhf/bcTN4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNzE5MDAwMDAwWhcNMjQwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTlmZGY0YjY1NzkxMTViODY1M2E2MTdiYzliYTI5Njlh
YjIyYmJiOGQ0Yzk1MmViZGMwOTVhNzFhZDk4YTE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEkDRerZDKPA0oUrhj1Sg73hjHm/BLbAmXA4pLrDQEHdfA
zNUhFdZTF0MM7UJNW+8pCOmJeZfAiW9LolNFUnLHRViGf7c+4jcyaRkzFI/LpiJO
tnkeFQVeewvwv25PGV3VYqF5wtIs/gC7/kwXu5NEOW98NNuFV4IDxtBg7zHrnXEd
pQe9/L1o9QE7gmd2xRXSl+uA8DCqqFqzFJIJo8k7PI3U4NOlDu+/YRgC/ET8+Glj
0rdMjlL68p2NA0rC/0vT6ZbxkenoEr+PVp9gBFtMd+zOWrppP2xhNhZE0Jo6erCd
v+wLpbft79oP+Y87F5s1HX81oVovV+uaefBNNHRLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEAoDadQW7L2nIiKpmG2uAIiQj5IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg4ZjIxNmIwLWFlNWUtNGI2MS04ZGEyLTZlYzUyNTI5NWViZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASozANBgkqhkiG9w0BAQsFAAOCAQEAcSg/HDqd2liUTyhGZcqYQQns/p2I
kfPQ77tV8IT3ALGljbueWapmBDMhvjkuJNNR6CUvzSlU8pd9PhlQc1L3REF4zh44
d65TUUA7yJM9rzJ1W6gf1YzmYr0pLrjTcDDZV21rd08juviekP9wdSO+7u8TIPPP
TVc7sxb4mQuogzc1+uXdoE5cmiFuga0vjbAZceWrMZ4BS4OaItFV0wM8Rltnxy/S
fuY8G8kL/mKfC+3snz9GV8IFcoCbZnQa5S7Eik1of/7YmqbH+SBBS2gQc0kIHd2u
4ra8PPjYEILziynE8QSVGS3iuuLNDacJGKwq4E958bCw7nFk5ennseH8SQ==
-----END CERTIFICATE-----