Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/eaba9a30-cf2d-4dfd-be79-b67511f92aef.roa
File:                     eaba9a30-cf2d-4dfd-be79-b67511f92aef.roa (raw, json)
Hash identifier:          sVBzk/9BlflhfOaIgz/JW+WpUBrcgqvXaJ5mHBm4zTc=
Subject key identifier:   0A:45:51:C9:7D:A9:41:49:E7:54:1B:B4:92:6D:EB:BD:E5:0A:80:CF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6A01F0F6100E7AD964FAF22004912AC7A282028A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/eaba9a30-cf2d-4dfd-be79-b67511f92aef.roa
Signing time:             Tue 29 Oct 2024 00:00:00 +0000
ROA not before:           Tue 29 Oct 2024 00:00:00 +0000
ROA not after:            Tue 03 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:01:f0:f6:10:0e:7a:d9:64:fa:f2:20:04:91:2a:c7:a2:82:02:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 29 00:00:00 2024 GMT
            Not After : Dec  3 23:59:59 2024 GMT
        Subject: serialNumber=b8354e0edd1c1e5c209a0953a0b5275520fc376dcb5b170949c8e909542f99e2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:92:8e:a6:06:41:04:a1:52:d5:92:30:55:c2:
                    84:58:34:c6:55:4b:06:3f:16:d5:9b:8b:0c:f3:ab:
                    57:44:ec:e3:64:70:74:b3:3d:cb:57:8b:89:b7:db:
                    8c:a8:91:7b:c9:bd:18:23:e5:12:e3:56:58:d2:b9:
                    88:f2:78:37:91:a6:96:0d:0c:a5:7d:8d:b4:bd:50:
                    3a:6d:01:3f:fd:0e:84:d8:5a:fd:2a:f0:d9:23:f0:
                    19:0f:93:88:9a:27:6f:31:ea:86:94:4f:26:5f:14:
                    a0:cc:ec:a5:41:0c:5b:85:23:84:4c:b0:de:91:f4:
                    dd:c5:3f:b9:2c:72:ad:45:ae:0c:0f:4a:a0:f4:2e:
                    81:5d:06:34:82:d9:13:7b:89:24:67:9d:40:b0:53:
                    88:1e:55:51:1b:81:6d:78:02:21:5b:c4:47:c0:fd:
                    1c:64:50:ea:9b:71:98:52:45:bb:6d:62:30:29:b4:
                    eb:4d:36:c5:16:00:5e:8e:b4:1b:e4:2a:b1:92:62:
                    40:b9:28:22:02:ec:c3:69:0b:39:c5:cf:cf:2a:84:
                    64:01:39:0d:ac:16:87:be:57:39:2a:0b:25:03:5e:
                    e6:95:78:d5:87:0d:57:00:4d:59:d0:81:8e:50:80:
                    6e:58:4d:de:39:9c:57:1f:ee:79:39:6d:41:19:dc:
                    65:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:45:51:C9:7D:A9:41:49:E7:54:1B:B4:92:6D:EB:BD:E5:0A:80:CF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/eaba9a30-cf2d-4dfd-be79-b67511f92aef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:b2:03:2a:8c:0f:24:91:e2:96:44:a6:0d:ff:75:90:a6:bb:
         88:c1:93:b2:56:02:ec:74:9f:7f:b9:29:bf:36:67:3c:74:c6:
         db:e1:41:0d:67:6a:77:25:ff:a1:15:c8:3f:3f:6f:b3:dc:8f:
         95:78:6a:5e:98:2e:df:a8:43:95:42:ab:7a:29:cb:4c:ab:d8:
         85:c1:ce:9b:a0:c3:92:46:1f:ba:3e:b2:3e:e6:d3:c0:6a:de:
         23:cc:52:73:ac:f4:74:26:96:8b:9f:0a:0c:eb:01:96:96:37:
         61:56:8a:61:97:6c:11:a4:82:58:14:e8:91:5e:ab:5b:b3:64:
         54:46:3b:b6:dc:85:f4:26:fe:f2:25:27:fa:08:4d:cb:b3:dd:
         e4:87:12:36:5f:47:25:91:46:af:a9:bd:16:14:c9:12:e0:d5:
         5c:57:36:6a:00:c2:d4:c3:0c:d5:e2:18:d0:1d:38:55:a3:0e:
         c9:49:09:01:e6:e6:7e:96:a2:0e:9b:e7:87:d8:cb:31:99:a7:
         11:70:be:11:6a:03:c8:dc:cb:5c:84:e7:2b:2a:5b:5f:2c:fd:
         9a:3a:37:7c:a7:f3:7e:9c:3e:02:59:cc:f4:59:57:ff:f2:c1:
         9e:a9:b0:9d:6e:13:2f:3e:ef:f9:f8:9a:95:1b:4f:b9:64:4d:
         1d:3e:0c:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUagHw9hAOetlk+vIgBJEqx6KCAoowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMDI5MDAwMDAwWhcNMjQxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiODM1NGUwZWRkMWMxZTVjMjA5YTA5NTNhMGI1Mjc1NTIw
ZmMzNzZkY2I1YjE3MDk0OWM4ZTkwOTU0MmY5OWUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZko6mBkEEoVLVkjBVwoRYNMZVSwY/FtWbiwzzq1dE7ONk
cHSzPctXi4m324yokXvJvRgj5RLjVljSuYjyeDeRppYNDKV9jbS9UDptAT/9DoTY
Wv0q8Nkj8BkPk4iaJ28x6oaUTyZfFKDM7KVBDFuFI4RMsN6R9N3FP7kscq1FrgwP
SqD0LoFdBjSC2RN7iSRnnUCwU4geVVEbgW14AiFbxEfA/RxkUOqbcZhSRbttYjAp
tOtNNsUWAF6OtBvkKrGSYkC5KCIC7MNpCznFz88qhGQBOQ2sFoe+VzkqCyUDXuaV
eNWHDVcATVnQgY5QgG5YTd45nFcf7nk5bUEZ3GWRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCkVRyX2pQUnnVBu0km3rveUKgM8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VhYmE5YTMwLWNmMmQtNGRmZC1iZTc5LWI2NzUxMWY5MmFlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X/kwDQYJKoZIhvcNAQELBQADggEBADqyAyqMDySR4pZEpg3/dZCmu4jB
k7JWAux0n3+5Kb82Zzx0xtvhQQ1nancl/6EVyD8/b7Pcj5V4al6YLt+oQ5VCq3op
y0yr2IXBzpugw5JGH7o+sj7m08Bq3iPMUnOs9HQmloufCgzrAZaWN2FWimGXbBGk
glgU6JFeq1uzZFRGO7bchfQm/vIlJ/oITcuz3eSHEjZfRyWRRq+pvRYUyRLg1VxX
NmoAwtTDDNXiGNAdOFWjDslJCQHm5n6Wog6b54fYyzGZpxFwvhFqA8jcy1yE5ysq
W18s/Zo6N3yn836cPgJZzPRZV//ywZ6psJ1uEy8+7/n4mpUbT7lkTR0+DFc=
-----END CERTIFICATE-----