Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/661f32c0-f8f7-4621-8aaf-7a270e451918.roa
File:                     661f32c0-f8f7-4621-8aaf-7a270e451918.roa (raw, json)
Hash identifier:          fO71et4UcxCFbMSTnzGCP1c4YJkQrmbr37VBLXiY5cQ=
Subject key identifier:   79:91:CB:0E:59:20:E9:53:2F:F2:E2:37:8C:4A:13:C4:C5:DB:5C:48
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       7A1FD675C8DFC444AC5802B1317E1E782191CA84
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/661f32c0-f8f7-4621-8aaf-7a270e451918.roa
Signing time:             Tue 20 May 2025 15:31:04 +0000
ROA not before:           Tue 20 May 2025 15:31:04 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        96.127.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 09 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:1f:d6:75:c8:df:c4:44:ac:58:02:b1:31:7e:1e:78:21:91:ca:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: May 20 15:31:04 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=595ce3720f10738dcdb4844670550ccc2af23537ec4c93225f9a77f075f7a452, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5a:c4:44:47:28:3a:4c:76:f2:dd:56:e7:bf:
                    c0:af:46:35:7c:0f:17:e4:fe:e4:af:b7:56:49:a9:
                    55:41:6f:63:09:3a:95:e2:37:42:e2:f4:ee:be:3c:
                    91:43:34:c1:f5:ba:f4:84:96:65:dc:2f:61:ec:b2:
                    38:a8:10:77:c0:21:b3:60:35:72:30:57:f3:e7:16:
                    8b:12:ff:f1:25:e1:72:81:88:bb:44:82:c2:8e:5e:
                    ff:60:7e:d9:ff:56:f6:cf:40:ec:2f:2f:db:6f:f6:
                    d4:9e:ad:5b:a3:2a:4f:7e:b1:1a:13:c5:41:0b:39:
                    d2:b0:0b:53:ed:74:55:e0:37:b7:8c:48:e2:54:f6:
                    27:3f:6d:ed:a4:ee:ec:05:89:1b:00:1d:53:74:b8:
                    b0:88:8d:9b:7d:ab:d4:e3:f5:d2:92:7e:16:fb:e1:
                    a1:4c:9d:c8:be:b7:cd:7d:51:be:5c:9f:13:a4:ac:
                    5b:5d:32:5a:b5:1e:e1:8d:01:78:6b:18:8a:7c:dc:
                    f5:91:a2:c6:f7:4f:7d:9a:70:65:d1:51:34:65:dd:
                    86:4e:e5:9d:a2:5b:0e:86:8a:94:ba:cf:00:65:0a:
                    6e:6a:36:cf:e3:24:48:24:be:5f:71:d9:4c:11:67:
                    80:e2:ab:78:3b:b4:59:6a:11:12:cb:6c:67:9c:3f:
                    62:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:91:CB:0E:59:20:E9:53:2F:F2:E2:37:8C:4A:13:C4:C5:DB:5C:48
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/661f32c0-f8f7-4621-8aaf-7a270e451918.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:82:05:47:aa:48:f8:39:33:ca:8d:e5:ad:02:56:ab:d9:a4:
         2d:11:11:62:69:9f:01:90:c7:fe:14:93:5a:3b:dc:13:7e:77:
         ab:6a:e4:60:da:3a:87:01:9f:1f:b4:69:ac:48:7b:19:b6:3c:
         59:e5:7b:b4:ee:23:32:87:de:f0:ea:af:83:f3:f7:0f:81:64:
         8a:45:9a:42:84:ad:fb:40:a1:72:0d:f1:5f:62:50:2b:c6:5e:
         4f:49:e0:d7:bc:f1:8b:ab:f0:28:6f:65:e4:a4:81:ce:7c:ee:
         cf:f8:12:6c:57:2e:b9:b4:f0:3c:09:6e:5c:67:bc:6e:cf:50:
         a7:58:a4:17:f1:06:80:27:14:59:61:ec:83:15:ef:78:a1:25:
         f8:d4:5b:50:bc:c6:03:d9:0f:39:48:a0:97:23:95:d4:65:9a:
         e0:07:e7:8d:9b:6b:88:50:a4:61:e0:46:4f:f3:15:ea:5d:14:
         52:e9:94:81:bd:53:23:d5:28:85:5c:af:47:f0:e0:a1:7f:71:
         01:96:2c:14:f3:88:94:47:3c:3c:24:0b:b8:f7:b8:28:12:09:
         6f:39:e4:64:be:ed:a6:95:b0:be:60:67:c8:27:3d:2b:5b:bc:
         20:df:2e:b5:9a:a4:a5:1f:1d:a4:cc:e3:63:df:0f:02:77:79:
         2a:33:d5:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeh/WdcjfxESsWAKxMX4eeCGRyoQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwNTIwMTUzMTA0WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OTVjZTM3MjBmMTA3MzhkY2RiNDg0NDY3MDU1MGNjYzJh
ZjIzNTM3ZWM0YzkzMjI1ZjlhNzdmMDc1ZjdhNDUyMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgWsRERyg6THby3Vbnv8CvRjV8Dxfk/uSvt1ZJqVVBb2MJ
OpXiN0Li9O6+PJFDNMH1uvSElmXcL2HssjioEHfAIbNgNXIwV/PnFosS//El4XKB
iLtEgsKOXv9gftn/VvbPQOwvL9tv9tSerVujKk9+sRoTxUELOdKwC1PtdFXgN7eM
SOJU9ic/be2k7uwFiRsAHVN0uLCIjZt9q9Tj9dKSfhb74aFMnci+t819Ub5cnxOk
rFtdMlq1HuGNAXhrGIp83PWRosb3T32acGXRUTRl3YZO5Z2iWw6GipS6zwBlCm5q
Ns/jJEgkvl9x2UwRZ4Diq3g7tFlqERLLbGecP2J/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeZHLDlkg6VMv8uI3jEoTxMXbXEgwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzY2MWYzMmMwLWY4ZjctNDYyMS04YWFmLTdhMjcwZTQ1MTkxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABgfwkwDQYJKoZIhvcNAQELBQADggEBAEqCBUeqSPg5M8qN5a0CVqvZpC0R
EWJpnwGQx/4Uk1o73BN+d6tq5GDaOocBnx+0aaxIexm2PFnle7TuIzKH3vDqr4Pz
9w+BZIpFmkKErftAoXIN8V9iUCvGXk9J4Ne88Yur8ChvZeSkgc587s/4EmxXLrm0
8DwJblxnvG7PUKdYpBfxBoAnFFlh7IMV73ihJfjUW1C8xgPZDzlIoJcjldRlmuAH
542ba4hQpGHgRk/zFepdFFLplIG9UyPVKIVcr0fw4KF/cQGWLBTziJRHPDwkC7j3
uCgSCW855GS+7aaVsL5gZ8gnPStbvCDfLrWapKUfHaTM42PfDwJ3eSoz1cw=
-----END CERTIFICATE-----