Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cbdf06af-388d-47dc-bcb3-09595976d90a.roa
File:                     cbdf06af-388d-47dc-bcb3-09595976d90a.roa (raw, json)
Hash identifier:          CDy05rxWW85KIfW4Mp1qGhbWT4v2bViNK0AaboWBHmI=
Subject key identifier:   D3:8C:C0:24:F6:29:A5:58:96:38:E4:06:16:90:CC:23:99:EB:5D:97
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       539C656FD348C569EA328FC061DF9BC418B9ED89
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cbdf06af-388d-47dc-bcb3-09595976d90a.roa
Signing time:             Tue 29 Oct 2024 00:00:00 +0000
ROA not before:           Tue 29 Oct 2024 00:00:00 +0000
ROA not after:            Tue 03 Dec 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        18.124.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:9c:65:6f:d3:48:c5:69:ea:32:8f:c0:61:df:9b:c4:18:b9:ed:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 29 00:00:00 2024 GMT
            Not After : Dec  3 23:59:59 2024 GMT
        Subject: serialNumber=9f1ad87c9d714480b94fc1c08eaa12797b29aeab182120eda3f7a70270e7c53c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2b:b6:7f:c4:7e:d8:a9:af:fa:48:52:b3:d0:
                    29:31:83:c0:19:b2:02:13:dc:9a:cc:98:46:bb:1f:
                    21:9b:eb:e9:5d:a2:d0:5b:f4:2f:2d:31:f3:a9:8d:
                    9a:cb:92:ef:1c:18:c8:5a:d2:62:4d:28:32:de:32:
                    f0:d0:17:f0:3a:28:fc:b5:83:3c:a5:a2:17:4f:e6:
                    eb:1e:bc:79:20:ca:8a:99:63:eb:9c:8f:e7:5c:cb:
                    3d:80:6c:6d:22:fb:d3:bc:c2:be:6f:14:60:26:da:
                    38:20:73:40:3c:62:56:b2:d0:05:7b:f1:21:6c:0c:
                    fa:d5:eb:eb:26:96:cd:70:34:d6:27:0c:31:ca:70:
                    92:90:b0:01:36:d8:63:ca:e7:24:f2:1e:6b:ec:71:
                    f1:c1:44:1d:a8:68:6a:03:45:08:5d:7d:2d:9a:82:
                    90:14:c7:09:67:66:78:e0:47:1e:9f:9a:be:fe:0f:
                    16:7f:88:97:24:5a:a6:c8:6b:57:7e:0a:0f:77:91:
                    83:26:4f:b8:c7:bc:3a:c2:ba:20:4b:c9:dd:ce:9a:
                    cd:1b:52:1e:13:03:a2:f6:0c:07:8e:97:cf:00:f9:
                    7a:92:5b:30:b1:43:c7:92:aa:c9:93:c0:90:4c:81:
                    56:9b:98:43:3d:eb:87:67:08:35:68:c9:53:05:32:
                    8d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:8C:C0:24:F6:29:A5:58:96:38:E4:06:16:90:CC:23:99:EB:5D:97
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cbdf06af-388d-47dc-bcb3-09595976d90a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.124.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a2:2c:c1:b2:10:ef:3f:72:5d:9c:34:ae:fc:c1:bf:7a:7e:e7:
         42:db:97:c8:3a:d5:fc:5e:21:bc:7f:d7:80:95:1d:5b:68:03:
         ac:09:a8:c1:3d:53:37:a8:2a:d6:70:e8:9c:a2:46:21:f2:9d:
         0a:bd:fc:c6:c7:a1:50:37:89:92:f2:35:6e:48:3f:66:0d:f5:
         e2:e4:2b:90:b0:97:20:eb:cb:8e:5b:65:41:f7:8b:18:61:ba:
         04:67:b5:d8:c1:80:07:49:32:57:76:58:d0:6f:4a:d9:66:fb:
         2c:a1:92:4d:36:f3:49:25:d5:54:b0:aa:1b:e4:c4:a5:d3:53:
         6b:a1:14:b1:e4:cd:f7:01:d9:6d:84:7f:cc:b5:8e:41:eb:18:
         96:90:f7:37:d0:e3:c8:52:5c:bf:3e:db:ca:44:cb:30:2a:ee:
         99:f7:24:2e:ea:52:1e:31:72:09:66:5a:47:fa:0c:a1:b3:96:
         9a:7c:f1:ca:4f:e3:2c:df:e2:ad:0b:2d:3e:d2:b6:4e:d2:ac:
         9e:4f:6f:c5:65:dc:3a:03:67:66:16:72:75:ac:d1:2c:46:81:
         2a:ed:b7:bb:75:1d:03:f2:a1:20:8f:11:ec:fc:03:c9:51:ab:
         65:d2:3a:cd:6a:53:69:0d:71:95:2c:71:ba:c0:81:c9:c0:15:
         b0:98:fc:0a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUU5xlb9NIxWnqMo/AYd+bxBi57YkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMDI5MDAwMDAwWhcNMjQxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjFhZDg3YzlkNzE0NDgwYjk0ZmMxYzA4ZWFhMTI3OTdi
MjlhZWFiMTgyMTIwZWRhM2Y3YTcwMjcwZTdjNTNjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7K7Z/xH7Yqa/6SFKz0Ckxg8AZsgIT3JrMmEa7HyGb6+ld
otBb9C8tMfOpjZrLku8cGMha0mJNKDLeMvDQF/A6KPy1gzylohdP5usevHkgyoqZ
Y+ucj+dcyz2AbG0i+9O8wr5vFGAm2jggc0A8Ylay0AV78SFsDPrV6+smls1wNNYn
DDHKcJKQsAE22GPK5yTyHmvscfHBRB2oaGoDRQhdfS2agpAUxwlnZnjgRx6fmr7+
DxZ/iJckWqbIa1d+Cg93kYMmT7jHvDrCuiBLyd3Oms0bUh4TA6L2DAeOl88A+XqS
WzCxQ8eSqsmTwJBMgVabmEM964dnCDVoyVMFMo2lAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU04zAJPYppViWOOQGFpDMI5nrXZcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NiZGYwNmFmLTM4OGQtNDdkYy1iY2IzLTA5NTk1OTc2ZDkwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESfDANBgkqhkiG9w0BAQsFAAOCAQEAoizBshDvP3JdnDSu/MG/en7nQtuX
yDrV/F4hvH/XgJUdW2gDrAmowT1TN6gq1nDonKJGIfKdCr38xsehUDeJkvI1bkg/
Zg314uQrkLCXIOvLjltlQfeLGGG6BGe12MGAB0kyV3ZY0G9K2Wb7LKGSTTbzSSXV
VLCqG+TEpdNTa6EUseTN9wHZbYR/zLWOQesYlpD3N9DjyFJcvz7bykTLMCrumfck
LupSHjFyCWZaR/oMobOWmnzxyk/jLN/irQstPtK2TtKsnk9vxWXcOgNnZhZydazR
LEaBKu23u3UdA/KhII8R7PwDyVGrZdI6zWpTaQ1xlSxxusCBycAVsJj8Cg==
-----END CERTIFICATE-----