Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa
File:                     eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa (raw, json)
Hash identifier:          rURhW5jHFhq9Rg4zwql4PPTmfz/q8Da9UP4SJxLaKX4=
Subject key identifier:   22:62:54:06:2D:D1:6D:CB:BD:88:8A:74:9E:2B:5E:FD:28:A5:F5:84
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       24968842CF073AF0C864EB8648E0C3473C18497B
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa
Signing time:             Fri 11 Jul 2025 15:00:18 +0000
ROA not before:           Fri 11 Jul 2025 15:00:18 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        96.127.0.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:96:88:42:cf:07:3a:f0:c8:64:eb:86:48:e0:c3:47:3c:18:49:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Jul 11 15:00:18 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=29357fd5a810d2ff501708f9c0f9e661f4b722cc37a3e118e902fee371b83c1e, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d7:28:24:aa:e2:81:ef:c6:17:70:ce:f3:95:
                    82:01:aa:76:d6:a6:3c:99:bf:67:89:a5:28:19:1d:
                    60:ec:dc:b1:12:69:32:1d:8b:88:21:34:25:6e:d4:
                    12:bf:41:e4:f6:5c:57:4f:87:35:86:dc:39:74:03:
                    73:b6:b9:bf:f7:ad:63:12:f7:37:b6:c6:56:f2:1e:
                    0b:6b:7e:a5:8b:44:13:7d:5a:f9:e4:01:fe:46:87:
                    92:7c:75:da:ef:ec:43:95:1b:6c:17:56:65:ec:66:
                    1c:75:a9:e8:e5:e4:99:ae:c5:ee:69:84:d5:19:2f:
                    53:08:72:6a:31:4c:75:63:f8:4b:08:6c:25:9a:c3:
                    dc:10:60:0b:34:5b:c7:c4:e2:8a:38:fd:3f:41:ba:
                    11:74:7b:b0:ef:65:05:a4:77:6d:78:77:0f:0a:0c:
                    d5:f7:91:12:5d:d7:df:18:40:ca:43:c2:b8:7a:ae:
                    ff:f0:b9:e8:8b:35:d0:95:57:bc:eb:a4:89:e6:3f:
                    46:91:37:d7:a4:87:ce:e0:ec:ee:fa:c7:de:99:26:
                    36:c4:60:81:e1:f2:b0:7a:1c:a0:4f:ab:84:fa:60:
                    a0:bd:3c:2e:3c:05:9b:0b:cf:2e:70:0a:28:d7:18:
                    86:a1:18:86:b9:b8:a5:e7:de:9d:e9:7c:9c:22:4b:
                    33:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:62:54:06:2D:D1:6D:CB:BD:88:8A:74:9E:2B:5E:FD:28:A5:F5:84
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/eac518ed-0e11-4fe5-9a9e-53a05de60f7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:38:f4:78:5b:22:bc:ce:ee:f3:0f:2b:cb:59:0b:73:91:23:
         8e:fe:a3:e1:5e:95:86:98:5d:8a:96:e6:41:60:dd:8b:c1:52:
         40:31:15:03:3e:38:cd:46:9c:1e:b0:b9:73:50:c1:37:86:dd:
         ec:9e:85:6e:91:cb:bc:4c:5f:ef:c2:1b:59:69:2a:e6:0e:e4:
         7f:4a:48:dd:75:28:32:80:0f:ac:b4:32:bb:8f:8c:d0:ba:33:
         60:20:8c:77:e6:06:03:f7:07:03:a6:77:fa:b0:69:3c:e1:72:
         fb:9e:1c:83:ea:e0:63:48:cb:de:5f:86:25:c1:c4:7a:f9:b0:
         11:fe:96:c7:fe:75:21:00:c5:97:96:e5:f4:2c:32:7b:50:fa:
         88:c7:33:57:47:8d:5d:9d:a9:43:bb:b9:4c:fe:11:75:ed:f0:
         84:e5:c6:de:55:db:15:66:01:0d:84:db:e6:3c:cb:a4:03:7b:
         f4:48:92:36:56:43:60:f8:16:83:d6:70:d8:0f:d2:b1:0c:73:
         67:98:74:b7:95:0d:96:5b:4f:c8:c8:b1:7a:cf:13:54:bd:d7:
         2d:21:7b:64:7f:f7:a4:b4:c0:f2:94:04:d3:54:71:42:55:7a:
         a5:8b:f8:9a:c1:13:05:73:59:9d:06:90:84:a1:d9:cc:c2:d6:
         e5:3c:25:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJJaIQs8HOvDIZOuGSODDRzwYSXswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwNzExMTUwMDE4WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTM1N2ZkNWE4MTBkMmZmNTAxNzA4ZjljMGY5ZTY2MWY0
YjcyMmNjMzdhM2UxMThlOTAyZmVlMzcxYjgzYzFlMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr1ygkquKB78YXcM7zlYIBqnbWpjyZv2eJpSgZHWDs3LES
aTIdi4ghNCVu1BK/QeT2XFdPhzWG3Dl0A3O2ub/3rWMS9ze2xlbyHgtrfqWLRBN9
WvnkAf5Gh5J8ddrv7EOVG2wXVmXsZhx1qejl5Jmuxe5phNUZL1MIcmoxTHVj+EsI
bCWaw9wQYAs0W8fE4oo4/T9BuhF0e7DvZQWkd214dw8KDNX3kRJd198YQMpDwrh6
rv/wueiLNdCVV7zrpInmP0aRN9ekh87g7O76x96ZJjbEYIHh8rB6HKBPq4T6YKC9
PC48BZsLzy5wCijXGIahGIa5uKXn3p3pfJwiSzMJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUImJUBi3Rbcu9iIp0nite/Sil9YQwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1L2VhYzUxOGVkLTBlMTEtNGZlNS05YTllLTUzYTA1ZGU2MGY3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgfwAwDQYJKoZIhvcNAQELBQADggEBACk49HhbIrzO7vMPK8tZC3ORI47+
o+FelYaYXYqW5kFg3YvBUkAxFQM+OM1GnB6wuXNQwTeG3eyehW6Ry7xMX+/CG1lp
KuYO5H9KSN11KDKAD6y0MruPjNC6M2AgjHfmBgP3BwOmd/qwaTzhcvueHIPq4GNI
y95fhiXBxHr5sBH+lsf+dSEAxZeW5fQsMntQ+ojHM1dHjV2dqUO7uUz+EXXt8ITl
xt5V2xVmAQ2E2+Y8y6QDe/RIkjZWQ2D4FoPWcNgP0rEMc2eYdLeVDZZbT8jIsXrP
E1S91y0he2R/96S0wPKUBNNUcUJVeqWL+JrBEwVzWZ0GkISh2czC1uU8JVY=
-----END CERTIFICATE-----