Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa
File:                     9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa (raw, json)
Hash identifier:          +DsMp43nL7sBZvOTL0q0Zpx7BmUCJekCvXuMExZLBEo=
Subject key identifier:   84:03:58:FE:72:89:77:C7:17:D0:1D:BD:E6:47:B8:27:08:67:36:34
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       0FD1098C2E85F8589BEDBF0A6475BEDDBBE1CD2A
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa
Signing time:             Tue 20 May 2025 15:31:05 +0000
ROA not before:           Tue 20 May 2025 15:31:05 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.127.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d1:09:8c:2e:85:f8:58:9b:ed:bf:0a:64:75:be:dd:bb:e1:cd:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: May 20 15:31:05 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=abbd81322e7e9ee676351b9a5670f7d4a5d0f355f53195c6f49a3a581814925a, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:25:e1:3a:60:22:4e:f3:3d:e0:ef:43:28:c2:
                    93:ea:ee:11:73:b8:03:9f:dd:72:39:0e:5b:56:26:
                    44:9e:d8:b6:4f:60:88:62:8a:c5:76:f1:e5:c3:f5:
                    3a:7e:ac:11:79:1f:1a:72:50:b1:4f:76:8b:37:58:
                    af:79:fa:6d:fe:5f:a8:8a:3b:9c:7a:77:44:1a:a7:
                    67:c8:93:e6:1b:cc:06:d6:a9:79:da:13:3f:b9:51:
                    9f:43:5a:fd:0a:31:d1:76:c8:8f:90:f4:36:de:d6:
                    d4:8d:29:23:6d:ff:9d:6e:a7:c5:7a:ed:cf:4d:6c:
                    26:83:19:30:31:6a:6a:80:14:80:90:2c:f5:7a:ea:
                    3a:33:95:13:50:78:98:9d:8e:42:9e:24:2d:a0:22:
                    9b:ab:a2:07:59:ea:80:2d:e0:be:81:76:99:c6:da:
                    cf:6e:5d:39:80:06:66:9d:4d:72:23:c0:49:34:f6:
                    89:93:e2:1d:70:f5:51:9e:4e:b4:af:82:02:0f:74:
                    0d:69:1e:84:1f:74:47:58:c0:5c:7f:bb:aa:92:d8:
                    fc:13:d9:5a:17:1f:68:f4:7d:ab:62:98:69:3e:a4:
                    86:ec:58:3c:19:27:78:33:5d:e9:7f:1e:45:40:5c:
                    94:1d:c9:46:a8:81:40:9d:0f:c5:80:71:08:2a:51:
                    b6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:03:58:FE:72:89:77:C7:17:D0:1D:BD:E6:47:B8:27:08:67:36:34
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         51:b0:f6:58:89:d5:d5:fe:46:d5:52:97:9d:70:90:1f:8a:b0:
         3d:61:69:32:14:34:2d:85:80:30:c9:8e:1d:9b:9f:46:7c:66:
         85:c6:36:25:0b:17:79:22:5e:a6:8b:ef:90:28:d5:c0:ca:f2:
         b3:c5:98:cb:d6:49:1c:3b:62:2d:e3:2e:1c:1b:4c:06:33:ee:
         a0:a4:f8:c3:00:4d:ae:eb:27:9d:ec:2c:c8:9e:93:63:e8:58:
         55:a2:1c:d3:bb:bf:52:2b:3c:b0:b0:32:30:a5:cc:56:3d:97:
         16:2c:35:0e:d3:7d:01:e6:bf:95:8a:22:db:20:b9:96:f4:87:
         1d:2c:a3:22:0f:7d:dc:4b:3c:b4:67:3b:78:26:1b:66:9f:65:
         20:d3:cb:ef:3e:fe:95:98:e9:e8:b2:08:63:cc:e8:c0:02:a7:
         08:fe:e6:df:be:b9:87:a6:b8:32:d9:19:9e:2c:b4:24:88:c4:
         51:ec:f1:c7:19:5a:45:07:8a:96:e8:48:53:4a:77:ff:17:95:
         53:3c:5f:66:e8:84:95:fe:d9:1e:47:a1:86:b5:68:de:73:32:
         e3:c5:44:c8:a6:42:f5:95:b0:00:fa:74:3a:af:26:66:5a:eb:
         e4:b8:75:59:ec:14:3f:ee:29:aa:86:9c:40:9b:18:89:5c:86:
         c5:04:61:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD9EJjC6F+Fib7b8KZHW+3bvhzSowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwNTIwMTUzMTA1WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYmJkODEzMjJlN2U5ZWU2NzYzNTFiOWE1NjcwZjdkNGE1
ZDBmMzU1ZjUzMTk1YzZmNDlhM2E1ODE4MTQ5MjVhMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8JeE6YCJO8z3g70MowpPq7hFzuAOf3XI5DltWJkSe2LZP
YIhiisV28eXD9Tp+rBF5HxpyULFPdos3WK95+m3+X6iKO5x6d0Qap2fIk+YbzAbW
qXnaEz+5UZ9DWv0KMdF2yI+Q9Dbe1tSNKSNt/51up8V67c9NbCaDGTAxamqAFICQ
LPV66jozlRNQeJidjkKeJC2gIpurogdZ6oAt4L6BdpnG2s9uXTmABmadTXIjwEk0
9omT4h1w9VGeTrSvggIPdA1pHoQfdEdYwFx/u6qS2PwT2VoXH2j0fatimGk+pIbs
WDwZJ3gzXel/HkVAXJQdyUaogUCdD8WAcQgqUbZpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhANY/nKJd8cX0B295ke4JwhnNjQwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzliZmRlOTRhLTFkOTUtNGRjZS1iMGIyLTcyNzE3MmY1ZTQ5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgfwgwDQYJKoZIhvcNAQELBQADggEBAFGw9liJ1dX+RtVSl51wkB+KsD1h
aTIUNC2FgDDJjh2bn0Z8ZoXGNiULF3kiXqaL75Ao1cDK8rPFmMvWSRw7Yi3jLhwb
TAYz7qCk+MMATa7rJ53sLMiek2PoWFWiHNO7v1IrPLCwMjClzFY9lxYsNQ7TfQHm
v5WKItsguZb0hx0soyIPfdxLPLRnO3gmG2afZSDTy+8+/pWY6eiyCGPM6MACpwj+
5t++uYemuDLZGZ4stCSIxFHs8ccZWkUHipboSFNKd/8XlVM8X2bohJX+2R5HoYa1
aN5zMuPFRMimQvWVsAD6dDqvJmZa6+S4dVnsFD/uKaqGnECbGIlchsUEYeA=
-----END CERTIFICATE-----