Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bec848b0-bea8-433b-a2df-5dc6d2b34196.roa
File:                     bec848b0-bea8-433b-a2df-5dc6d2b34196.roa (raw, json)
Hash identifier:          WciJyGubBHBEDzJByRPj3KsFONcsht2vCHrw3vNj4NE=
Subject key identifier:   FA:15:2B:A6:46:8A:3B:BD:FA:C4:8D:3A:34:9E:6C:7A:AD:80:1F:C8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10A7B5CD5EECFAB654F468670F5E143A72D09918
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bec848b0-bea8-433b-a2df-5dc6d2b34196.roa
Signing time:             Tue 02 Apr 2024 00:00:00 +0000
ROA not before:           Tue 02 Apr 2024 00:00:00 +0000
ROA not after:            Tue 07 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        13.209.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:a7:b5:cd:5e:ec:fa:b6:54:f4:68:67:0f:5e:14:3a:72:d0:99:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  2 00:00:00 2024 GMT
            Not After : May  7 23:59:59 2024 GMT
        Subject: serialNumber=0232053492d80fef75ad24e56a5647a1cc42318423cf4f4d9a2b0d22434abf01, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1b:99:a3:d7:c3:ad:b4:39:a5:09:5d:ef:a0:
                    50:21:3a:46:22:a7:47:b6:9b:e9:c5:24:de:5f:fd:
                    11:9c:df:9d:e8:a4:2b:d9:d7:ad:c8:09:c9:9a:d6:
                    45:46:d4:04:39:47:97:d9:3b:6f:ce:e8:6c:54:bd:
                    a9:ae:21:f8:e8:e5:d5:4d:7e:84:6e:61:36:24:9b:
                    8e:36:fc:f6:2d:ba:0c:37:e5:dc:3d:8a:65:a7:f0:
                    6e:41:61:59:a5:87:bb:cb:20:6c:54:31:ad:67:ac:
                    90:80:08:1d:f7:83:8b:f1:57:cb:48:04:79:9f:fe:
                    19:b1:cd:f5:22:1d:eb:a9:d4:d0:29:9a:e9:fc:d5:
                    85:c2:d5:23:1a:b9:9f:34:0a:83:d7:1f:44:5c:73:
                    dc:3e:4a:4b:66:03:92:b2:71:b5:e7:f3:d0:12:8e:
                    13:f9:62:0e:46:16:ac:5a:41:78:e9:e9:bf:1c:da:
                    c7:d9:1d:63:22:1c:dd:17:4e:f6:d4:65:9d:78:10:
                    e1:ca:bc:7a:b1:97:8d:8c:f7:2a:0e:c4:b7:e3:96:
                    06:e9:ca:fb:69:f3:d9:84:13:13:cb:25:d7:b7:7b:
                    2f:bc:b0:39:97:16:b8:30:d7:3d:27:78:7e:77:ed:
                    dd:50:cf:92:17:d7:2b:19:5a:18:bc:31:84:9f:5b:
                    85:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:15:2B:A6:46:8A:3B:BD:FA:C4:8D:3A:34:9E:6C:7A:AD:80:1F:C8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bec848b0-bea8-433b-a2df-5dc6d2b34196.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.209.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         48:b5:32:90:ee:ad:12:f0:5b:cc:e2:d2:5f:bd:dd:a5:07:27:
         01:50:b3:ee:90:f7:b0:96:70:9f:5f:5c:76:4e:b9:7a:28:17:
         5a:0a:00:65:3e:77:6d:3f:44:b0:c7:36:18:ec:9b:38:a8:39:
         11:1f:7c:ac:e0:7c:17:97:3b:5a:9d:56:cb:39:9d:98:17:de:
         5e:94:74:fa:22:fc:3a:94:13:95:18:22:ac:91:e1:f6:b1:fa:
         d4:93:d4:1e:68:4a:b2:7c:a9:b4:a4:fc:8d:3b:9d:4a:09:28:
         f6:be:0f:b9:18:b1:0b:a3:c6:f8:37:d7:22:d6:6a:90:de:4e:
         39:93:40:9a:fe:27:dd:f6:a1:e7:b3:b0:9c:81:24:33:a7:dd:
         c7:8e:99:b3:1e:76:1d:57:d6:43:62:f4:ee:2d:f8:16:f7:4c:
         c9:21:b4:df:f4:9c:ab:c9:d8:fc:16:fd:75:eb:3b:c3:79:f5:
         2a:ff:85:41:1e:f3:96:fd:36:3f:f2:f4:33:f4:fc:9f:71:e6:
         72:3c:32:bc:2b:2e:ff:bf:14:3c:3b:03:06:6c:e0:3a:78:6a:
         af:94:d7:e9:2d:b1:82:ac:28:03:96:45:0a:b6:08:3d:1a:b6:
         62:1b:30:26:88:15:b0:28:1e:aa:30:ed:07:47:58:10:5c:1c:
         99:60:14:59
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEKe1zV7s+rZU9GhnD14UOnLQmRgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNDAyMDAwMDAwWhcNMjQwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjMyMDUzNDkyZDgwZmVmNzVhZDI0ZTU2YTU2NDdhMWNj
NDIzMTg0MjNjZjRmNGQ5YTJiMGQyMjQzNGFiZjAxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqG5mj18OttDmlCV3voFAhOkYip0e2m+nFJN5f/RGc353o
pCvZ163ICcma1kVG1AQ5R5fZO2/O6GxUvamuIfjo5dVNfoRuYTYkm442/PYtugw3
5dw9imWn8G5BYVmlh7vLIGxUMa1nrJCACB33g4vxV8tIBHmf/hmxzfUiHeup1NAp
mun81YXC1SMauZ80CoPXH0Rcc9w+SktmA5KycbXn89ASjhP5Yg5GFqxaQXjp6b8c
2sfZHWMiHN0XTvbUZZ14EOHKvHqxl42M9yoOxLfjlgbpyvtp89mEExPLJde3ey+8
sDmXFrgw1z0neH537d1Qz5IX1ysZWhi8MYSfW4U9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+hUrpkaKO736xI06NJ5seq2AH8gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JlYzg0OGIwLWJlYTgtNDMzYi1hMmRmLTVkYzZkMmIzNDE5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAN0TANBgkqhkiG9w0BAQsFAAOCAQEASLUykO6tEvBbzOLSX73dpQcnAVCz
7pD3sJZwn19cdk65eigXWgoAZT53bT9EsMc2GOybOKg5ER98rOB8F5c7Wp1Wyzmd
mBfeXpR0+iL8OpQTlRgirJHh9rH61JPUHmhKsnyptKT8jTudSgko9r4PuRixC6PG
+DfXItZqkN5OOZNAmv4n3fah57OwnIEkM6fdx46Zsx52HVfWQ2L07i34FvdMySG0
3/Scq8nY/Bb9des7w3n1Kv+FQR7zlv02P/L0M/T8n3HmcjwyvCsu/78UPDsDBmzg
Onhqr5TX6S2xgqwoA5ZFCrYIPRq2YhswJogVsCgeqjDtB0dYEFwcmWAUWQ==
-----END CERTIFICATE-----