Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/e96848dd-3369-4e73-af27-2bec7ae42c0e.roa
File:                     e96848dd-3369-4e73-af27-2bec7ae42c0e.roa (raw, json)
Hash identifier:          KrfY3ZN2Feht/ECmVBvLqv+fGPUb/UZq6g+4A7Xs4Cs=
Subject key identifier:   DB:3C:6F:BD:5F:6C:67:47:D4:71:55:68:1A:2B:F8:C9:02:CF:11:36
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       696F77734A69B1097B98FB9F5E814C3E1ACB2F49
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/e96848dd-3369-4e73-af27-2bec7ae42c0e.roa
Signing time:             Mon 02 Sep 2024 00:00:00 +0000
ROA not before:           Mon 02 Sep 2024 00:00:00 +0000
ROA not after:            Mon 07 Oct 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 09 Sep 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:6f:77:73:4a:69:b1:09:7b:98:fb:9f:5e:81:4c:3e:1a:cb:2f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Sep  2 00:00:00 2024 GMT
            Not After : Oct  7 23:59:59 2024 GMT
        Subject: serialNumber=855bfeee8d41863992c35725708a5e4f66df0e5dbe51227fce20e6dda6a43379, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ba:c7:24:72:e7:82:88:2a:0a:5d:6b:7c:12:
                    9b:5a:95:67:f3:87:c3:29:17:65:ef:bf:c4:08:28:
                    2d:54:8c:28:67:62:13:ce:0f:dc:a8:4f:9b:5e:1e:
                    bf:04:d8:b4:05:df:72:70:46:ff:53:31:4f:3c:f4:
                    ef:48:21:0c:f0:7c:13:a5:f4:43:2d:50:42:67:48:
                    a7:33:7d:c8:88:2d:0b:c1:ab:91:04:90:4d:d6:0a:
                    28:5c:cf:9b:e4:3a:c4:bf:86:c5:8f:52:c5:30:5f:
                    69:34:f6:48:0d:30:60:52:bf:04:7c:49:95:fb:7f:
                    c0:46:97:51:5a:2a:fe:9c:52:dd:37:88:9e:85:4c:
                    7f:07:56:94:49:52:73:86:56:bf:b4:9c:db:16:cc:
                    01:63:9d:01:51:54:c0:6d:c6:43:92:87:cd:98:bc:
                    75:4b:dc:0b:73:44:91:7a:05:f9:18:70:96:b2:1b:
                    90:f7:4a:49:88:6b:77:bd:d3:cc:96:e9:68:7a:77:
                    09:0e:5f:87:b9:1f:76:87:9e:56:52:19:75:99:04:
                    e8:3b:9b:fb:fa:39:40:9c:c2:91:98:d2:b7:53:f9:
                    44:f3:d6:a8:91:7f:fa:1c:28:43:d5:ba:60:9d:b6:
                    8b:07:00:99:9e:e8:29:21:e9:7b:65:87:48:f4:ac:
                    d1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3C:6F:BD:5F:6C:67:47:D4:71:55:68:1A:2B:F8:C9:02:CF:11:36
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/e96848dd-3369-4e73-af27-2bec7ae42c0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:b1:9c:94:8e:17:f5:61:1b:a2:16:52:66:9b:34:3f:61:e8:
         16:c0:c4:30:a0:73:c4:37:4a:a6:49:62:27:b2:30:c2:7b:78:
         ed:af:c3:5b:2c:ff:f5:3c:a2:ff:f2:6c:f2:40:05:a2:c5:60:
         20:ed:00:bd:a2:d8:ff:9a:93:d9:cd:7f:b2:a0:e3:7e:9d:12:
         b6:b1:66:cd:14:9d:1d:12:69:d8:dd:ab:72:55:96:a9:2d:18:
         89:a8:89:9f:26:8b:98:99:c7:6b:9c:9f:30:0b:3b:5f:b4:a2:
         98:7f:48:33:91:41:9a:23:5a:8f:28:8c:44:c1:c8:3d:5c:91:
         eb:6f:76:52:9d:78:d3:d1:a0:25:6e:d3:b9:7b:8c:c1:e9:bc:
         d2:e8:cb:62:14:b1:26:e8:40:af:ce:9c:c2:fd:d9:2e:a5:10:
         c1:64:c8:13:a0:8e:ef:c0:3f:1f:6b:f9:4d:1f:07:f9:82:37:
         5a:61:66:a7:e1:87:59:29:1d:e5:bd:92:09:c6:3d:bf:17:db:
         b9:cb:21:b6:91:a3:e2:82:c8:cf:7b:98:50:9f:a0:c8:bf:b4:
         e3:a5:87:32:10:cd:f8:04:f7:8b:68:d6:37:37:6b:3c:18:74:
         c2:a0:3f:d6:73:44:09:eb:d7:18:e1:d6:1a:e0:6d:e9:f3:43:
         62:ac:07:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaW93c0ppsQl7mPufXoFMPhrLL0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjQwOTAyMDAwMDAwWhcNMjQxMDA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTViZmVlZThkNDE4NjM5OTJjMzU3MjU3MDhhNWU0ZjY2
ZGYwZTVkYmU1MTIyN2ZjZTIwZTZkZGE2YTQzMzc5MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsusckcueCiCoKXWt8EptalWfzh8MpF2Xvv8QIKC1UjChn
YhPOD9yoT5teHr8E2LQF33JwRv9TMU889O9IIQzwfBOl9EMtUEJnSKczfciILQvB
q5EEkE3WCihcz5vkOsS/hsWPUsUwX2k09kgNMGBSvwR8SZX7f8BGl1FaKv6cUt03
iJ6FTH8HVpRJUnOGVr+0nNsWzAFjnQFRVMBtxkOSh82YvHVL3AtzRJF6BfkYcJay
G5D3SkmIa3e908yW6Wh6dwkOX4e5H3aHnlZSGXWZBOg7m/v6OUCcwpGY0rdT+UTz
1qiRf/ocKEPVumCdtosHAJme6Ckh6Xtlh0j0rNGZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2zxvvV9sZ0fUcVVoGiv4yQLPETYwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiL2U5Njg0OGRkLTMzNjktNGU3My1hZjI3LTJiZWM3YWU0MmMwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUgQwDQYJKoZIhvcNAQELBQADggEBAEGxnJSOF/VhG6IWUmabND9h6BbA
xDCgc8Q3SqZJYieyMMJ7eO2vw1ss//U8ov/ybPJABaLFYCDtAL2i2P+ak9nNf7Kg
436dEraxZs0UnR0Sadjdq3JVlqktGImoiZ8mi5iZx2ucnzALO1+0oph/SDORQZoj
Wo8ojETByD1cketvdlKdeNPRoCVu07l7jMHpvNLoy2IUsSboQK/OnML92S6lEMFk
yBOgju/APx9r+U0fB/mCN1phZqfhh1kpHeW9kgnGPb8X27nLIbaRo+KCyM97mFCf
oMi/tOOlhzIQzfgE94to1jc3azwYdMKgP9ZzRAnr1xjh1hrgbenzQ2KsB/U=
-----END CERTIFICATE-----