Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa
File:                     a7263a9f-7172-480b-9d6d-f158ac2601a0.roa (raw, json)
Hash identifier:          ocmUCSm1lPv33l9P09qB2JnFKKtvFXQN3IFvbRBgE1A=
Subject key identifier:   27:D7:53:51:9A:B8:78:85:D5:F1:4A:CA:04:31:F2:86:A7:2F:A2:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       04669E4B42B014CC4FE3DFEAAA322B8CF21C9B36
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa
Signing time:             Fri 12 Jul 2024 00:00:00 +0000
ROA not before:           Fri 12 Jul 2024 00:00:00 +0000
ROA not after:            Fri 16 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.184.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 28 Jul 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:66:9e:4b:42:b0:14:cc:4f:e3:df:ea:aa:32:2b:8c:f2:1c:9b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 12 00:00:00 2024 GMT
            Not After : Aug 16 23:59:59 2024 GMT
        Subject: serialNumber=eae0fac7c3385df8f3ca9d3b618b48e0dd0729fd57f2d190ee47460bf201ce42, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0e:e3:38:4c:9b:cd:f8:9b:d2:be:05:da:c9:
                    ed:90:1c:b4:f5:0e:58:74:0d:eb:ff:67:a3:00:39:
                    0c:40:94:84:dc:1b:c2:51:7e:b8:5b:33:64:df:01:
                    93:34:e7:6b:e6:a8:2c:7c:b8:7c:ef:79:c8:ba:e9:
                    d8:28:0a:22:e7:83:69:6f:79:26:25:e1:97:60:e5:
                    8c:ee:c9:07:1c:83:5d:53:0f:52:29:3c:f4:18:92:
                    58:a1:4d:d3:99:c5:91:9c:95:06:06:02:a8:8a:47:
                    e1:5d:55:b7:31:16:fa:ab:b2:d1:07:2c:cb:c9:f1:
                    73:3e:95:57:73:d4:42:c6:70:58:94:64:e4:ef:7c:
                    70:58:29:20:d8:e7:c9:03:14:17:62:63:5c:e4:9f:
                    44:65:09:ec:e9:18:cb:f2:9a:10:ae:f1:21:f6:2c:
                    74:7e:b6:93:31:44:53:30:20:02:9e:4f:60:94:0f:
                    d9:33:1d:a4:5a:80:92:ad:62:cd:00:ca:65:36:de:
                    88:49:d8:12:9d:be:68:be:42:5d:9e:0e:7a:aa:e3:
                    df:d0:ec:5a:fc:22:44:ea:e8:21:ef:8f:10:c3:cd:
                    2b:ff:b3:d1:ae:d1:5e:0b:8f:ad:86:88:04:67:a1:
                    94:91:a5:aa:ff:e4:26:1b:cb:2f:6d:59:b4:64:bf:
                    97:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:D7:53:51:9A:B8:78:85:D5:F1:4A:CA:04:31:F2:86:A7:2F:A2:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         79:d9:c5:71:a3:03:42:61:69:e4:89:84:3e:9d:53:7a:35:db:
         1a:df:8d:2d:5e:f5:2e:46:b3:c4:b9:0a:56:ae:94:48:10:9f:
         45:72:dd:a3:8c:e3:d9:bb:2d:57:63:0c:96:5e:a9:4a:1b:6e:
         1c:7f:83:80:f6:a5:d4:33:96:8a:a5:6c:85:6f:97:95:c8:c5:
         0f:f1:48:ee:7f:85:6e:63:84:db:f7:f0:0a:5e:a3:97:25:5f:
         45:e3:9b:ed:4c:b8:e5:4e:99:f2:c1:5f:cf:a3:4a:ce:12:18:
         23:ef:59:92:6f:c6:07:65:02:57:11:f7:12:f0:f4:66:8f:d8:
         90:d2:7a:44:a4:37:ba:c2:a4:63:9d:8b:68:a8:29:0e:54:bd:
         3d:59:06:58:e7:af:8e:30:28:98:7a:d0:5b:63:f8:29:47:4a:
         f3:4d:9e:27:e3:61:ae:a0:80:92:a6:e5:b9:1c:a4:4f:b7:ae:
         d8:c7:1e:b5:f7:a6:0e:6c:50:41:f5:44:b5:4c:68:3a:9e:09:
         59:81:df:53:e4:35:d4:c8:ed:0f:6a:6d:d1:44:53:74:13:38:
         5d:73:ff:93:30:42:98:20:73:d4:ed:08:39:bc:35:de:94:21:
         82:f5:af:a5:bd:22:93:51:a6:15:97:0d:28:5c:78:f8:51:24:
         76:e2:f1:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBGaeS0KwFMxP49/qqjIrjPIcmzYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNzEyMDAwMDAwWhcNMjQwODE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWUwZmFjN2MzMzg1ZGY4ZjNjYTlkM2I2MThiNDhlMGRk
MDcyOWZkNTdmMmQxOTBlZTQ3NDYwYmYyMDFjZTQyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDODuM4TJvN+JvSvgXaye2QHLT1Dlh0Dev/Z6MAOQxAlITc
G8JRfrhbM2TfAZM052vmqCx8uHzveci66dgoCiLng2lveSYl4Zdg5YzuyQccg11T
D1IpPPQYklihTdOZxZGclQYGAqiKR+FdVbcxFvqrstEHLMvJ8XM+lVdz1ELGcFiU
ZOTvfHBYKSDY58kDFBdiY1zkn0RlCezpGMvymhCu8SH2LHR+tpMxRFMwIAKeT2CU
D9kzHaRagJKtYs0AymU23ohJ2BKdvmi+Ql2eDnqq49/Q7Fr8IkTq6CHvjxDDzSv/
s9Gu0V4Lj62GiARnoZSRpar/5CYbyy9tWbRkv5fJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJ9dTUZq4eIXV8UrKBDHyhqcvooIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3MjYzYTlmLTcxNzItNDgwYi05ZDZkLWYxNThhYzI2MDFhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3LgwDQYJKoZIhvcNAQELBQADggEBAHnZxXGjA0JhaeSJhD6dU3o12xrf
jS1e9S5Gs8S5ClaulEgQn0Vy3aOM49m7LVdjDJZeqUobbhx/g4D2pdQzloqlbIVv
l5XIxQ/xSO5/hW5jhNv38Apeo5clX0Xjm+1MuOVOmfLBX8+jSs4SGCPvWZJvxgdl
AlcR9xLw9GaP2JDSekSkN7rCpGOdi2ioKQ5UvT1ZBljnr44wKJh60Ftj+ClHSvNN
nifjYa6ggJKm5bkcpE+3rtjHHrX3pg5sUEH1RLVMaDqeCVmB31PkNdTI7Q9qbdFE
U3QTOF1z/5MwQpggc9TtCDm8Nd6UIYL1r6W9IpNRphWXDShcePhRJHbi8Sw=
-----END CERTIFICATE-----