Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/8bae045f-365b-43cf-99fc-12cbcbce5f67.roa
File:                     8bae045f-365b-43cf-99fc-12cbcbce5f67.roa (raw, json)
Hash identifier:          mUBzR8xp2fKG3y3eACcv9PgTXE2Va2Vj1Q6WG4WmD6M=
Subject key identifier:   93:62:C1:9F:69:44:E5:CC:11:F9:2D:4D:93:13:B0:B0:B3:A0:46:95
Certificate issuer:       /CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
Certificate serial:       7A90C62A571E67B9B73133E1D191F0D2C660D4A7
Authority key identifier: 7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/8bae045f-365b-43cf-99fc-12cbcbce5f67.roa
Signing time:             Mon 20 May 2024 00:00:00 +0000
ROA not before:           Mon 20 May 2024 00:00:00 +0000
ROA not after:            Mon 24 Jun 2024 23:59:59 +0000
asID:                     62785
IP address blocks:        172.96.104.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:90:c6:2a:57:1e:67:b9:b7:31:33:e1:d1:91:f0:d2:c6:60:d4:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
        Validity
            Not Before: May 20 00:00:00 2024 GMT
            Not After : Jun 24 23:59:59 2024 GMT
        Subject: serialNumber=0c25a1add86433a12846db3e11f309ebdef2231ceff0e1558a1ebdf33e1c7532, CN=b0dbbb6a-5472-4b68-ae4d-401518603039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:52:36:b2:40:a9:6a:aa:6c:94:48:33:1a:36:
                    b9:8b:ac:52:88:a4:a0:a9:8f:35:b6:4c:49:20:71:
                    f8:d7:18:77:25:e2:bd:84:eb:62:c9:42:b4:8a:d3:
                    cf:52:fc:5a:31:e7:c4:69:2f:3d:28:48:df:6f:de:
                    66:5b:5b:9c:bd:d4:6d:64:20:23:88:ff:6d:57:78:
                    48:b3:1c:f2:bf:4e:01:91:c3:8e:a4:82:70:f9:a2:
                    9e:e0:8a:76:92:af:b0:23:70:fe:24:44:38:4c:f2:
                    c8:6f:fe:4a:88:34:0f:5c:0d:ca:6d:e9:a6:68:fe:
                    44:4c:51:bc:89:69:66:c1:ec:73:3f:57:3c:f6:7d:
                    88:ba:0e:fa:2c:1e:08:bb:88:a5:3c:48:bb:f5:89:
                    9c:d9:00:f4:e1:50:cb:fb:d8:af:61:fd:8f:69:27:
                    42:41:b8:2d:05:3a:15:52:aa:76:dc:46:b1:9a:b7:
                    1d:66:52:98:f7:91:fb:f9:d8:7d:c0:52:04:5c:f2:
                    d6:50:78:b1:1c:d4:be:e4:ef:96:1e:f6:04:ee:c1:
                    95:d3:c3:d6:c9:cb:58:39:02:eb:be:5f:8b:06:48:
                    b3:f6:f1:99:1f:38:6c:cf:83:34:67:b2:f0:ca:d1:
                    15:aa:eb:1c:e2:2d:64:92:7c:c8:6e:43:a4:d8:44:
                    fb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:62:C1:9F:69:44:E5:CC:11:F9:2D:4D:93:13:B0:B0:B3:A0:46:95
            X509v3 Authority Key Identifier:
                keyid:7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/8bae045f-365b-43cf-99fc-12cbcbce5f67.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.96.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5f:0b:42:5b:de:5f:18:79:ab:b6:bb:8c:f4:50:85:2a:85:c5:
         c6:9a:e1:a6:94:0b:dd:fe:56:1d:e2:3a:65:2f:21:95:64:39:
         e7:44:e6:b3:a1:26:66:75:17:5c:9b:1d:34:f7:92:9d:17:d9:
         12:c8:67:19:b5:ad:24:f2:40:9d:0d:b6:4e:8a:14:e5:a0:ae:
         0e:c0:a6:e4:50:1e:80:48:78:1b:37:16:6a:e4:e3:e4:1e:a6:
         50:69:3c:1a:a3:f5:54:60:bd:41:5f:c4:50:93:f5:df:cd:10:
         5b:42:19:0e:e8:3d:b1:47:cd:49:b7:80:f4:06:5b:63:fc:82:
         6e:27:cf:9b:42:0e:3b:61:d6:d3:13:11:c2:b6:f3:26:53:6f:
         cd:13:36:32:12:6e:fb:87:b7:c2:ae:99:d7:ba:9c:dc:8c:53:
         d6:c4:b7:6e:59:55:7c:0d:3a:f5:51:e0:c4:ed:51:fa:a3:45:
         8d:97:a0:fd:3b:96:dc:8f:bb:f8:c4:de:17:20:3b:a1:a0:ba:
         92:bf:da:e0:8e:0c:35:00:ec:66:c1:c6:7c:95:e3:72:04:6a:
         cd:96:e4:64:55:34:e7:b8:6f:73:0a:41:3d:9e:aa:0d:33:be:
         88:17:77:38:a3:a7:7e:0b:bf:1b:c6:02:2d:43:f3:b4:30:f3:
         ff:bf:78:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUepDGKlceZ7m3MTPh0ZHw0sZg1KcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMGVlNDU4M2Q4NGQ5YjRmMDgyNGNiODBiYThmYzEyNDBi
NDc5NGI1MTUwNzFlOTc1MWQwHhcNMjQwNTIwMDAwMDAwWhcNMjQwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzI1YTFhZGQ4NjQzM2ExMjg0NmRiM2UxMWYzMDllYmRl
ZjIyMzFjZWZmMGUxNTU4YTFlYmRmMzNlMWM3NTMyMS0wKwYDVQQDEyRiMGRiYmI2
YS01NDcyLTRiNjgtYWU0ZC00MDE1MTg2MDMwMzkwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLUjayQKlqqmyUSDMaNrmLrFKIpKCpjzW2TEkgcfjXGHcl
4r2E62LJQrSK089S/Fox58RpLz0oSN9v3mZbW5y91G1kICOI/21XeEizHPK/TgGR
w46kgnD5op7ginaSr7AjcP4kRDhM8shv/kqINA9cDcpt6aZo/kRMUbyJaWbB7HM/
Vzz2fYi6DvosHgi7iKU8SLv1iZzZAPThUMv72K9h/Y9pJ0JBuC0FOhVSqnbcRrGa
tx1mUpj3kfv52H3AUgRc8tZQeLEc1L7k75Ye9gTuwZXTw9bJy1g5Auu+X4sGSLP2
8ZkfOGzPgzRnsvDK0RWq6xziLWSSfMhuQ6TYRPtVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk2LBn2lE5cwR+S1NkxOwsLOgRpUwHwYDVR0jBBgwFoAUfYRHxJeKC0xz
m+v2kuJMdd0/vK4wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9iNGU0ZmVjNS0z
NTEwLTQwMTctOTBlZi04MzkxNDEyZWNkNmMvMGVlNDU4M2Q4NGQ5YjRmMDgyNGNi
ODBiYThmYzEyNDBiNDc5NGI1MTUwNzFlOTc1MWQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZGZkN2Y2ZDMtZTZlOS00OTg3LTlhZTctZDA1
MmM1MzUzODk4LzhiYWUwNDVmLTM2NWItNDNjZi05OWZjLTEyY2JjYmNlNWY2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2RmZDdmNmQzLWU2ZTktNDk4Ny05YWU3
LWQwNTJjNTM1Mzg5OC8yYlR3Z2t5NEM2ajhFa0MwZVV0UlVISHBkUjAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOsYGgwDQYJKoZIhvcNAQELBQADggEBAF8LQlveXxh5q7a7jPRQhSqFxcaa
4aaUC93+Vh3iOmUvIZVkOedE5rOhJmZ1F1ybHTT3kp0X2RLIZxm1rSTyQJ0Ntk6K
FOWgrg7ApuRQHoBIeBs3Fmrk4+QeplBpPBqj9VRgvUFfxFCT9d/NEFtCGQ7oPbFH
zUm3gPQGW2P8gm4nz5tCDjth1tMTEcK28yZTb80TNjISbvuHt8Kumde6nNyMU9bE
t25ZVXwNOvVR4MTtUfqjRY2XoP07ltyPu/jE3hcgO6GgupK/2uCODDUA7GbBxnyV
43IEas2W5GRVNOe4b3MKQT2eqg0zvogXdzijp34LvxvGAi1D87Qw8/+/eA4=
-----END CERTIFICATE-----