Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/f2e5e11c-f4e0-4f91-8ed1-a6cba6c5e288.roa
File:                     f2e5e11c-f4e0-4f91-8ed1-a6cba6c5e288.roa (raw, json)
Hash identifier:          xZ8Q2BRqwmIPD8Veru55EmCO16ECJAvgtBeqyLM8P2c=
Subject key identifier:   81:38:91:3A:31:F7:34:D8:42:75:C1:A6:C9:D7:05:2E:65:CB:6A:E0
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       4EB10ADBE58664B252FD75B2FB2FE85D0A667CDE
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/f2e5e11c-f4e0-4f91-8ed1-a6cba6c5e288.roa
Signing time:             Tue 20 May 2025 15:30:59 +0000
ROA not before:           Tue 20 May 2025 15:30:59 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        96.127.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:b1:0a:db:e5:86:64:b2:52:fd:75:b2:fb:2f:e8:5d:0a:66:7c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: May 20 15:30:59 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=147c4b0eda9f90112fe9b380329c2cc00241a8a9601980d25150c1add6827e1f, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:36:7c:00:cc:02:e0:86:3f:af:56:6d:d6:23:
                    8b:c2:9b:dd:5e:8e:2c:a8:b1:50:b4:dc:75:b7:43:
                    67:d5:95:80:a7:52:94:dd:24:15:60:59:26:f3:62:
                    92:70:15:ad:41:80:62:49:3f:dc:4a:27:46:79:f8:
                    d9:b7:f9:f5:5a:e7:b8:d8:c8:71:7b:5b:65:d3:2e:
                    fb:28:72:9a:b5:d2:26:b5:62:a9:b5:cb:31:df:4c:
                    1f:9f:83:c8:5c:79:1b:b2:f0:88:8a:88:b0:26:d3:
                    20:92:19:76:50:60:4e:82:4d:00:bf:10:d0:61:14:
                    01:e7:c7:b2:bd:26:ef:46:ef:9f:99:c2:eb:dc:1f:
                    a4:3e:b8:cd:99:c3:62:49:57:ac:a2:8a:9d:5a:7d:
                    9b:da:bd:ec:1d:ef:73:7c:b6:00:10:c7:ad:b9:c4:
                    33:08:f7:a8:14:27:9f:b8:0c:4c:c2:ad:72:b1:ef:
                    87:ca:81:ca:0b:a2:da:52:32:d2:b7:c9:75:95:5b:
                    f7:a7:10:14:7d:2c:4d:68:98:c9:2f:8a:97:c2:b0:
                    ac:7e:b3:cf:e4:92:17:6d:b0:23:aa:a6:63:e2:d8:
                    b7:47:40:cf:19:5a:60:e1:10:e2:a5:7b:f2:2b:6d:
                    e3:0f:37:e9:ea:f9:e6:39:a7:b8:8d:ce:aa:ca:55:
                    4d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:38:91:3A:31:F7:34:D8:42:75:C1:A6:C9:D7:05:2E:65:CB:6A:E0
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/f2e5e11c-f4e0-4f91-8ed1-a6cba6c5e288.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         7c:51:cd:69:45:da:84:b4:dd:e3:69:35:bb:8c:3f:f2:13:56:
         28:4d:b1:38:ed:32:e7:d9:fc:42:a6:ca:bc:9c:8b:b1:d8:ef:
         e4:33:a7:54:6c:60:aa:54:e3:cf:7c:38:ee:bb:92:7b:fb:48:
         b3:26:12:75:47:c6:51:77:96:98:12:df:71:2e:76:33:3f:db:
         cd:cf:5c:e2:48:a6:9b:2b:00:74:0a:d8:76:ec:8a:94:d5:05:
         87:77:10:78:d8:57:09:9e:7c:fc:2f:7b:14:e0:5a:7f:ec:60:
         4c:65:51:1c:80:08:41:cc:e0:75:f3:f1:4d:ba:72:fc:a5:00:
         6f:c5:d0:ad:44:b2:f3:c5:aa:2b:c8:72:be:3f:8d:07:f6:98:
         ec:49:99:ed:b4:70:e7:d0:cd:2c:35:b7:77:55:26:ff:5b:2f:
         b0:2f:77:c3:9c:b3:f1:8c:4c:64:ac:21:6e:74:6c:35:bb:66:
         69:9c:d4:91:69:25:c1:23:5d:bd:f9:99:43:1f:2a:ac:e0:64:
         36:8f:76:d8:f1:de:8c:cc:67:02:3c:d6:5d:f0:5b:91:08:ab:
         08:55:19:51:4f:f4:61:3f:4d:bd:68:35:26:8b:43:dc:04:c7:
         c0:53:b4:d1:bd:0d:98:68:7f:14:16:d6:e1:ff:fa:fd:e9:1f:
         99:df:70:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTrEK2+WGZLJS/XWy+y/oXQpmfN4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwNTIwMTUzMDU5WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDdjNGIwZWRhOWY5MDExMmZlOWIzODAzMjljMmNjMDAy
NDFhOGE5NjAxOTgwZDI1MTUwYzFhZGQ2ODI3ZTFmMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkNnwAzALghj+vVm3WI4vCm91ejiyosVC03HW3Q2fVlYCn
UpTdJBVgWSbzYpJwFa1BgGJJP9xKJ0Z5+Nm3+fVa57jYyHF7W2XTLvsocpq10ia1
Yqm1yzHfTB+fg8hceRuy8IiKiLAm0yCSGXZQYE6CTQC/ENBhFAHnx7K9Ju9G75+Z
wuvcH6Q+uM2Zw2JJV6yiip1afZvavewd73N8tgAQx625xDMI96gUJ5+4DEzCrXKx
74fKgcoLotpSMtK3yXWVW/enEBR9LE1omMkvipfCsKx+s8/kkhdtsCOqpmPi2LdH
QM8ZWmDhEOKle/IrbeMPN+nq+eY5p7iNzqrKVU2/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgTiROjH3NNhCdcGmydcFLmXLauAwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1L2YyZTVlMTFjLWY0ZTAtNGY5MS04ZWQxLWE2Y2JhNmM1ZTI4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdgfwAwDQYJKoZIhvcNAQELBQADggEBAHxRzWlF2oS03eNpNbuMP/ITVihN
sTjtMufZ/EKmyryci7HY7+Qzp1RsYKpU4898OO67knv7SLMmEnVHxlF3lpgS33Eu
djM/283PXOJIppsrAHQK2HbsipTVBYd3EHjYVwmefPwvexTgWn/sYExlURyACEHM
4HXz8U26cvylAG/F0K1EsvPFqivIcr4/jQf2mOxJme20cOfQzSw1t3dVJv9bL7Av
d8Ocs/GMTGSsIW50bDW7Zmmc1JFpJcEjXb35mUMfKqzgZDaPdtjx3ozMZwI81l3w
W5EIqwhVGVFP9GE/Tb1oNSaLQ9wEx8BTtNG9DZhofxQW1uH/+v3pH5nfcAw=
-----END CERTIFICATE-----