Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/5ed51049-d347-4dd0-bf4f-e1cb4adc80ca.roa
File:                     5ed51049-d347-4dd0-bf4f-e1cb4adc80ca.roa (raw, json)
Hash identifier:          mJZA7TU/n5b0tN9x9/xo1NFl3oVTDt0hU0RniYmUsLU=
Subject key identifier:   AA:80:7A:73:5C:7E:A8:F8:51:69:16:F9:B9:5F:96:98:B4:9C:9A:67
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       0CF48D7E340266EA2A2D73397AE4484B6C109E76
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/5ed51049-d347-4dd0-bf4f-e1cb4adc80ca.roa
Signing time:             Fri 11 Jul 2025 15:00:58 +0000
ROA not before:           Fri 11 Jul 2025 15:00:58 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.127.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:f4:8d:7e:34:02:66:ea:2a:2d:73:39:7a:e4:48:4b:6c:10:9e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Jul 11 15:00:58 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=3581a85b8b6be4787561bc1401f9d620b3d41dbabb91bf30716e7dfe6ef801da, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:90:ec:7b:e1:50:12:b2:e2:4d:41:78:6c:51:
                    ee:9a:ee:9a:84:31:47:1a:64:96:ce:e1:12:51:9c:
                    c0:72:9d:9b:28:99:19:9b:b1:f1:41:d0:f0:89:d1:
                    a4:27:89:7f:d9:a3:c2:52:6b:1f:4d:92:b3:c6:71:
                    23:fe:48:df:df:d3:2c:07:a9:91:61:bb:95:d8:8f:
                    20:de:4d:6b:cb:96:b8:df:72:93:73:62:f9:52:f3:
                    a5:0e:d3:56:04:45:6e:cd:69:d6:ae:9b:6a:a5:ec:
                    a8:eb:c4:fd:b7:e5:64:89:f2:fa:62:09:e9:51:28:
                    c8:6b:d0:bb:a4:07:7d:aa:cf:eb:f6:13:fd:3e:21:
                    a3:17:2b:72:d7:50:6c:31:c7:50:e7:43:90:c2:e4:
                    5e:d8:da:ff:66:49:ee:09:ef:b4:71:ac:46:0d:3b:
                    fe:fa:5d:89:90:39:9d:2d:68:f1:13:10:64:2a:5d:
                    46:f5:86:70:6d:10:38:29:92:5c:98:07:1d:58:ee:
                    b8:2b:d2:cf:28:78:84:6b:0f:ac:c3:c3:ac:52:e5:
                    f9:99:a4:78:ba:97:0a:86:66:57:7a:1a:a6:a2:08:
                    af:03:06:ce:c6:15:80:fb:71:83:2f:25:3b:ec:e8:
                    b1:41:8a:20:67:d8:dd:16:fb:41:62:c1:54:0b:2e:
                    e1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:80:7A:73:5C:7E:A8:F8:51:69:16:F9:B9:5F:96:98:B4:9C:9A:67
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/5ed51049-d347-4dd0-bf4f-e1cb4adc80ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         37:02:b4:4b:33:fb:86:ac:04:26:98:e7:76:03:64:80:a2:8c:
         11:54:1a:66:ea:b7:14:d5:09:c8:87:74:b1:5c:9c:66:a2:de:
         d3:8c:c6:55:c7:8a:0c:1a:7d:ef:2a:12:14:6a:8d:5a:54:9d:
         89:62:c6:6e:73:3d:de:f1:c7:76:2b:19:b8:43:8f:21:aa:cd:
         f6:6f:92:b2:fa:3e:0d:1c:fa:b7:5e:52:b5:dc:92:01:fc:07:
         07:74:9c:91:3d:a7:82:d4:3e:ad:e0:05:ce:5b:ce:c7:e9:6b:
         30:b2:ca:29:39:72:c2:42:e5:29:1b:bd:5d:41:af:64:d2:55:
         78:f4:dd:76:84:38:68:2d:7b:a3:b0:01:be:27:ce:25:8f:7f:
         e8:5f:ca:78:3d:01:0c:12:84:7a:f6:49:d5:78:4a:60:85:ff:
         d0:7e:0c:b6:c5:2c:d7:53:a4:91:98:8c:d8:36:a9:9c:71:b6:
         e6:89:10:c9:31:b2:94:aa:46:04:85:9e:80:a1:7f:4d:ef:c8:
         35:0b:23:50:06:29:2b:66:30:7d:13:07:cb:45:b2:99:fb:a4:
         47:0e:dd:ec:56:56:8e:17:06:c6:63:fa:58:e1:40:6d:fb:c1:
         37:26:de:45:5e:be:99:7a:2e:ef:47:c5:62:e9:12:80:4f:eb:
         89:e7:75:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDPSNfjQCZuoqLXM5euRIS2wQnnYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwNzExMTUwMDU4WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTgxYTg1YjhiNmJlNDc4NzU2MWJjMTQwMWY5ZDYyMGIz
ZDQxZGJhYmI5MWJmMzA3MTZlN2RmZTZlZjgwMWRhMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9kOx74VASsuJNQXhsUe6a7pqEMUcaZJbO4RJRnMBynZso
mRmbsfFB0PCJ0aQniX/Zo8JSax9NkrPGcSP+SN/f0ywHqZFhu5XYjyDeTWvLlrjf
cpNzYvlS86UO01YERW7Nadaum2ql7KjrxP235WSJ8vpiCelRKMhr0LukB32qz+v2
E/0+IaMXK3LXUGwxx1DnQ5DC5F7Y2v9mSe4J77RxrEYNO/76XYmQOZ0taPETEGQq
XUb1hnBtEDgpklyYBx1Y7rgr0s8oeIRrD6zDw6xS5fmZpHi6lwqGZld6GqaiCK8D
Bs7GFYD7cYMvJTvs6LFBiiBn2N0W+0FiwVQLLuGhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqoB6c1x+qPhRaRb5uV+WmLScmmcwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzVlZDUxMDQ5LWQzNDctNGRkMC1iZjRmLWUxY2I0YWRjODBjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdgfwAwDQYJKoZIhvcNAQELBQADggEBADcCtEsz+4asBCaY53YDZICijBFU
GmbqtxTVCciHdLFcnGai3tOMxlXHigwafe8qEhRqjVpUnYlixm5zPd7xx3YrGbhD
jyGqzfZvkrL6Pg0c+rdeUrXckgH8Bwd0nJE9p4LUPq3gBc5bzsfpazCyyik5csJC
5SkbvV1Br2TSVXj03XaEOGgte6OwAb4nziWPf+hfyng9AQwShHr2SdV4SmCF/9B+
DLbFLNdTpJGYjNg2qZxxtuaJEMkxspSqRgSFnoChf03vyDULI1AGKStmMH0TB8tF
spn7pEcO3exWVo4XBsZj+ljhQG37wTcm3kVevpl6Lu9HxWLpEoBP64nndQg=
-----END CERTIFICATE-----