Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9e473a03-bff1-4027-969e-83657f2b7a4a.roa
File:                     9e473a03-bff1-4027-969e-83657f2b7a4a.roa (raw, json)
Hash identifier:          vZv9mqH9YrZECaLPR6CllcGSv7MX7v1ApaVIe12Dy3c=
Subject key identifier:   A8:63:13:9C:CC:03:AE:A4:72:55:88:86:A5:4F:BD:01:0F:62:4E:A9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6354AAA2ECE2890E91942B15BAC11D42A99B682D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9e473a03-bff1-4027-969e-83657f2b7a4a.roa
Signing time:             Fri 16 Aug 2024 00:00:00 +0000
ROA not before:           Fri 16 Aug 2024 00:00:00 +0000
ROA not after:            Fri 20 Sep 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        15.248.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:54:aa:a2:ec:e2:89:0e:91:94:2b:15:ba:c1:1d:42:a9:9b:68:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 16 00:00:00 2024 GMT
            Not After : Sep 20 23:59:59 2024 GMT
        Subject: serialNumber=92f78d64554eb24bca00a261b1d118084cccec7010aed7c4a1c9c59ac15b866c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b2:91:9f:75:dc:7b:97:32:18:7f:aa:29:65:
                    98:de:d1:0c:9f:73:e1:48:6e:2f:2e:69:b5:76:27:
                    59:ee:f6:76:9a:92:06:7c:c8:ac:f7:9c:2d:4a:ab:
                    05:15:bc:e8:8f:c4:04:e8:2a:eb:02:77:f1:3e:7a:
                    8d:a0:bd:2d:79:67:0f:4b:3c:a1:4d:34:27:0d:85:
                    51:04:81:2a:5c:a9:c6:a5:57:1c:a7:60:35:ef:8b:
                    fd:4d:e9:2b:59:68:e6:f1:ba:19:0c:af:d2:00:38:
                    e7:d3:b3:9b:82:ed:21:d7:23:14:c7:80:d9:86:fb:
                    14:68:11:96:1a:8f:1f:21:56:db:ca:26:c4:a2:7b:
                    8d:28:59:b2:d9:41:ec:5b:f4:26:38:d4:1a:c3:6f:
                    56:00:c6:a9:f7:05:f0:5d:79:db:b3:46:f6:14:e2:
                    d7:0e:7c:0e:25:d7:34:55:4a:e3:a2:da:3e:e2:f0:
                    36:45:77:48:ca:e9:21:36:ed:fd:66:06:35:44:06:
                    1b:de:f5:bb:f8:ee:8a:b2:dc:69:e3:b5:d1:d8:c1:
                    ee:e1:c2:83:06:60:33:9d:24:0b:85:fc:92:9f:23:
                    a5:27:d5:ee:cf:5b:6d:f7:59:d5:34:9c:fc:e7:08:
                    75:06:51:9d:70:c3:88:3c:39:34:4a:c8:d3:dc:b1:
                    3f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:63:13:9C:CC:03:AE:A4:72:55:88:86:A5:4F:BD:01:0F:62:4E:A9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9e473a03-bff1-4027-969e-83657f2b7a4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.248.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:cc:20:f2:08:68:79:a1:f9:0e:a0:76:81:bf:77:32:d3:ce:
         28:fb:fd:a2:e3:46:dd:45:7b:a2:ed:10:92:4e:04:89:4e:d7:
         56:1e:7e:ca:c6:1d:7c:7c:06:2d:7e:36:a1:ad:0a:ef:15:53:
         78:d6:b6:1d:15:9c:a7:6e:80:2f:64:71:d8:51:2a:61:44:df:
         7a:94:7d:10:e7:d7:6d:a9:42:f3:0a:61:de:13:c3:fa:96:2e:
         93:d8:b3:73:34:61:8b:b9:02:43:84:dc:1b:d3:95:d4:45:14:
         51:a5:8c:bc:b6:21:f7:87:84:1a:5e:44:15:39:dd:c3:c4:82:
         15:61:24:26:89:50:f3:46:d6:25:bc:15:11:fb:bd:a4:57:df:
         94:c1:12:87:b2:3a:c6:df:46:76:b7:43:9e:eb:b4:a3:14:1b:
         aa:8d:4d:78:21:aa:16:28:4c:24:65:ec:e0:0b:53:db:66:d1:
         3a:52:7c:dc:d2:83:7b:fd:44:d1:74:f4:ae:03:b5:8d:5a:1e:
         f3:6b:98:f7:f9:5b:94:34:53:f5:fb:c0:21:04:b1:f5:1e:16:
         6b:b1:69:1b:3b:e1:8b:aa:0f:82:2c:fd:bf:21:df:2e:92:8a:
         c9:f4:86:87:3a:fb:e1:51:48:bf:95:cd:10:3a:af:f2:4b:7b:
         e8:f6:42:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY1SqouziiQ6RlCsVusEdQqmbaC0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwODE2MDAwMDAwWhcNMjQwOTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MmY3OGQ2NDU1NGViMjRiY2EwMGEyNjFiMWQxMTgwODRj
Y2NlYzcwMTBhZWQ3YzRhMWM5YzU5YWMxNWI4NjZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsspGfddx7lzIYf6opZZje0Qyfc+FIbi8uabV2J1nu9naa
kgZ8yKz3nC1KqwUVvOiPxAToKusCd/E+eo2gvS15Zw9LPKFNNCcNhVEEgSpcqcal
VxynYDXvi/1N6StZaObxuhkMr9IAOOfTs5uC7SHXIxTHgNmG+xRoEZYajx8hVtvK
JsSie40oWbLZQexb9CY41BrDb1YAxqn3BfBdeduzRvYU4tcOfA4l1zRVSuOi2j7i
8DZFd0jK6SE27f1mBjVEBhve9bv47oqy3GnjtdHYwe7hwoMGYDOdJAuF/JKfI6Un
1e7PW233WdU0nPznCHUGUZ1ww4g8OTRKyNPcsT8LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqGMTnMwDrqRyVYiGpU+9AQ9iTqkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzllNDczYTAzLWJmZjEtNDAyNy05NjllLTgzNjU3ZjJiN2E0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP+IgwDQYJKoZIhvcNAQELBQADggEBAFbMIPIIaHmh+Q6gdoG/dzLTzij7
/aLjRt1Fe6LtEJJOBIlO11YefsrGHXx8Bi1+NqGtCu8VU3jWth0VnKdugC9kcdhR
KmFE33qUfRDn122pQvMKYd4Tw/qWLpPYs3M0YYu5AkOE3BvTldRFFFGljLy2IfeH
hBpeRBU53cPEghVhJCaJUPNG1iW8FRH7vaRX35TBEoeyOsbfRna3Q57rtKMUG6qN
TXghqhYoTCRl7OALU9tm0TpSfNzSg3v9RNF09K4DtY1aHvNrmPf5W5Q0U/X7wCEE
sfUeFmuxaRs74YuqD4Is/b8h3y6Sisn0hoc6++FRSL+VzRA6r/JLe+j2QlA=
-----END CERTIFICATE-----