Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e337ea29-83a4-4851-83f2-0b0aef373403.roa
File:                     e337ea29-83a4-4851-83f2-0b0aef373403.roa (raw, json)
Hash identifier:          wqPMponCgyBOFma6/3P+6ap3OsK216yGYUGnHd4O+7k=
Subject key identifier:   F3:E8:84:4E:1B:25:D5:E7:2B:B9:D5:6D:33:10:E6:79:B9:BD:E0:EF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6B2FDC80AB347B2DDC75C42120AFB0FDA1DA176D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e337ea29-83a4-4851-83f2-0b0aef373403.roa
Signing time:             Sat 30 Mar 2024 00:00:00 +0000
ROA not before:           Sat 30 Mar 2024 00:00:00 +0000
ROA not after:            Sat 04 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        3.4.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Apr 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:2f:dc:80:ab:34:7b:2d:dc:75:c4:21:20:af:b0:fd:a1:da:17:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 30 00:00:00 2024 GMT
            Not After : May  4 23:59:59 2024 GMT
        Subject: serialNumber=4204f178011fdb37563c910929600d2a378525eb30389cf7c961ab71096df7f9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:aa:5c:00:b0:d4:82:f0:32:7e:4c:fc:83:cd:
                    3e:26:d1:bb:ca:f0:7b:f7:5c:ad:d9:b3:7a:a7:74:
                    39:12:b9:60:31:64:1e:e6:94:15:98:02:84:e8:a1:
                    2a:a8:47:69:79:14:db:7e:19:a7:ba:60:f9:f9:4d:
                    bd:f5:9f:35:2f:9a:b9:a1:49:16:44:04:8c:0f:70:
                    b0:2a:8a:73:bf:16:a6:3f:f2:ca:94:c8:e8:8a:f7:
                    ef:e5:14:19:c5:df:02:fb:11:98:ee:1f:1d:60:d5:
                    4e:5f:ab:67:70:b0:53:65:c2:36:13:91:19:c5:d1:
                    be:a1:e1:cb:bd:97:42:81:62:c4:09:e0:a3:1d:80:
                    0e:14:75:3c:fa:8d:cb:df:08:81:c3:05:84:b6:d6:
                    63:03:c6:c2:9f:d7:11:33:34:bb:04:2f:cf:e6:b9:
                    bb:39:d4:c2:22:ef:6d:93:91:7a:fa:73:a2:54:ba:
                    01:ca:71:09:b6:0e:c8:77:a3:56:c7:04:ab:36:97:
                    0a:cc:7b:5b:b9:ba:f7:9d:dc:ca:ef:14:fc:ef:1b:
                    85:b7:ef:13:16:7e:6e:f0:8c:f8:10:85:61:d3:b4:
                    b8:f6:e4:4b:44:e1:64:fa:e4:09:8b:eb:b8:76:36:
                    7f:03:b2:84:5d:6a:61:7f:00:a8:7e:c2:98:69:65:
                    cc:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:E8:84:4E:1B:25:D5:E7:2B:B9:D5:6D:33:10:E6:79:B9:BD:E0:EF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e337ea29-83a4-4851-83f2-0b0aef373403.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.4.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:a3:2a:fc:7b:aa:03:e1:24:69:ba:95:2b:5b:89:f3:be:d7:
         2c:64:e3:50:25:4d:97:56:4f:bf:ef:a3:eb:3c:bf:1d:cb:39:
         fa:21:58:9f:49:78:d2:95:81:57:05:e8:8e:2e:4c:1f:88:6b:
         87:48:53:51:4d:a9:8c:6b:e4:b3:10:7f:7a:7e:fe:70:ba:fe:
         d2:84:1f:dd:37:58:a6:39:bd:a6:2a:77:34:66:e8:0e:03:ec:
         bd:2a:30:44:6d:e3:84:d6:21:24:91:f2:97:80:5b:ed:da:fb:
         91:4d:86:4b:37:d5:32:84:cc:40:fb:f5:92:63:46:ef:20:a9:
         77:97:8f:c2:20:06:51:b0:4d:0e:3a:05:6b:d6:7b:36:91:d2:
         5e:87:21:0b:b2:1a:db:1f:f5:36:40:fa:af:ee:9b:12:23:92:
         00:86:31:ba:8a:10:4b:92:d3:cb:a5:68:77:12:a5:34:b5:b5:
         d2:b5:50:e0:b5:4c:aa:04:04:c3:8b:cb:bb:82:b0:37:9f:22:
         59:79:e2:04:2c:94:9d:59:58:78:e0:6a:8d:39:c3:f3:7b:f1:
         07:06:ef:6e:86:03:98:d6:47:4d:e3:78:d7:bf:79:ce:41:cd:
         c7:d7:13:3a:6a:14:fc:ad:b6:f7:70:b6:08:98:3d:de:f6:53:
         fd:56:80:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUay/cgKs0ey3cdcQhIK+w/aHaF20wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwMzMwMDAwMDAwWhcNMjQwNTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjA0ZjE3ODAxMWZkYjM3NTYzYzkxMDkyOTYwMGQyYTM3
ODUyNWViMzAzODljZjdjOTYxYWI3MTA5NmRmN2Y5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHqlwAsNSC8DJ+TPyDzT4m0bvK8Hv3XK3Zs3qndDkSuWAx
ZB7mlBWYAoTooSqoR2l5FNt+Gae6YPn5Tb31nzUvmrmhSRZEBIwPcLAqinO/FqY/
8sqUyOiK9+/lFBnF3wL7EZjuHx1g1U5fq2dwsFNlwjYTkRnF0b6h4cu9l0KBYsQJ
4KMdgA4UdTz6jcvfCIHDBYS21mMDxsKf1xEzNLsEL8/mubs51MIi722TkXr6c6JU
ugHKcQm2Dsh3o1bHBKs2lwrMe1u5uved3MrvFPzvG4W37xMWfm7wjPgQhWHTtLj2
5EtE4WT65AmL67h2Nn8DsoRdamF/AKh+wphpZcwjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8+iEThsl1ecrudVtMxDmebm94O8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UzMzdlYTI5LTgzYTQtNDg1MS04M2YyLTBiMGFlZjM3MzQwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADBAMwDQYJKoZIhvcNAQELBQADggEBAK2jKvx7qgPhJGm6lStbifO+1yxk
41AlTZdWT7/vo+s8vx3LOfohWJ9JeNKVgVcF6I4uTB+Ia4dIU1FNqYxr5LMQf3p+
/nC6/tKEH903WKY5vaYqdzRm6A4D7L0qMERt44TWISSR8peAW+3a+5FNhks31TKE
zED79ZJjRu8gqXeXj8IgBlGwTQ46BWvWezaR0l6HIQuyGtsf9TZA+q/umxIjkgCG
MbqKEEuS08ulaHcSpTS1tdK1UOC1TKoEBMOLy7uCsDefIll54gQslJ1ZWHjgao05
w/N78QcG726GA5jWR03jeNe/ec5BzcfXEzpqFPyttvdwtgiYPd72U/1WgMM=
-----END CERTIFICATE-----