Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/35dd8080-5375-4755-bea9-982f40526ea4.roa
File:                     35dd8080-5375-4755-bea9-982f40526ea4.roa (raw, json)
Hash identifier:          r8Qrpuz7peEnmrp+qgojAw9Zhpl1z2w94lGaelii64M=
Subject key identifier:   3E:C7:58:16:AA:A0:EE:6E:F1:CD:7C:B5:11:3D:3E:31:1E:74:04:B0
Certificate issuer:       /CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
Certificate serial:       029247237327BADB9A9FEF869CDD778BE2CE8AD7
Authority key identifier: 7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/35dd8080-5375-4755-bea9-982f40526ea4.roa
Signing time:             Wed 16 Apr 2025 00:10:29 +0000
ROA not before:           Wed 16 Apr 2025 00:10:29 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        172.96.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:92:47:23:73:27:ba:db:9a:9f:ef:86:9c:dd:77:8b:e2:ce:8a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
        Validity
            Not Before: Apr 16 00:10:29 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=f3d3f45db959852fde25824bc25d14c9dff8956327984d0781173787df65caab, CN=b0dbbb6a-5472-4b68-ae4d-401518603039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:99:a1:55:be:12:15:1f:b9:2e:a0:f6:1b:83:
                    44:10:00:a8:01:d4:f1:44:b0:f6:70:43:77:88:58:
                    97:f3:42:34:d8:ef:79:b2:a0:27:7f:16:06:26:5c:
                    1c:4e:16:ba:21:89:c9:c4:fd:2f:df:72:68:0b:76:
                    06:6f:6f:78:23:b7:3e:8d:c0:b6:70:a9:db:6a:8c:
                    4a:36:64:51:45:22:58:41:f4:ea:14:33:61:a2:b6:
                    49:64:b2:e1:fd:7f:7b:96:21:d3:b4:da:dd:a8:2f:
                    25:5d:69:b9:05:09:66:0e:40:15:fa:55:4b:fc:54:
                    59:d4:0f:96:86:20:b0:d1:15:49:d6:c6:75:92:19:
                    b2:51:9a:7f:0a:f3:fe:c3:08:45:23:f0:f0:5f:bb:
                    01:95:2e:77:f2:68:f6:49:34:b7:69:dd:86:64:9f:
                    d5:21:fb:19:1a:17:e1:d1:b8:af:d1:c7:39:a1:4e:
                    29:e6:23:aa:f8:0b:52:83:a4:40:6a:ea:b7:20:c5:
                    88:47:5d:47:1c:36:65:89:95:3a:af:09:e6:fc:df:
                    02:92:22:0f:b9:8a:bb:6a:fa:54:13:d3:ff:22:25:
                    8a:7b:2d:0c:ec:54:41:db:38:e3:a6:cb:6b:1e:ee:
                    c7:bc:08:7c:97:45:89:ff:31:8f:b1:78:6a:d7:28:
                    39:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C7:58:16:AA:A0:EE:6E:F1:CD:7C:B5:11:3D:3E:31:1E:74:04:B0
            X509v3 Authority Key Identifier:
                keyid:7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/35dd8080-5375-4755-bea9-982f40526ea4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.96.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         76:26:9a:73:51:27:b5:39:7a:f0:58:d7:d7:09:de:31:2f:b3:
         6a:d2:2e:27:e9:c5:6b:11:e6:13:3c:74:c9:fd:8f:4f:e3:9b:
         92:c3:4b:5a:51:25:37:04:66:bb:0c:40:5a:d4:d1:63:67:d6:
         02:e2:b8:40:8f:49:6e:86:77:b0:9d:fe:60:12:73:8f:dd:e2:
         d5:38:e1:84:ae:cb:0c:29:b3:14:a5:bb:b9:c5:6b:65:09:9f:
         86:ea:64:8b:e8:b7:e2:16:ef:05:ec:d1:74:ed:b4:68:ab:4b:
         70:ac:21:90:28:7e:be:21:6a:5d:05:15:34:12:4f:04:3f:d7:
         ee:07:83:ea:01:a3:ec:3f:1b:59:81:12:91:36:fa:00:b7:1f:
         eb:3c:ce:c0:8d:9c:dc:7a:42:37:d8:98:c0:53:aa:34:1c:7c:
         11:2e:ec:a0:7d:85:68:9b:71:27:00:0d:14:7e:cb:ff:08:a6:
         45:5c:f7:2d:9b:cf:ec:79:28:70:e2:a2:3d:5c:b0:67:5a:d2:
         c2:45:a3:94:ed:5a:06:6f:44:06:35:bf:25:cd:4e:4b:62:e5:
         16:7e:24:13:17:ee:97:04:13:73:60:69:f6:db:14:5a:5d:04:
         2a:9d:e3:94:b0:18:2e:bd:3b:eb:af:3c:e2:c0:44:bb:e1:67:
         6c:40:b0:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUApJHI3Mnutuan++GnN13i+LOitcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMGVlNDU4M2Q4NGQ5YjRmMDgyNGNiODBiYThmYzEyNDBi
NDc5NGI1MTUwNzFlOTc1MWQwHhcNMjUwNDE2MDAxMDI5WhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2QzZjQ1ZGI5NTk4NTJmZGUyNTgyNGJjMjVkMTRjOWRm
Zjg5NTYzMjc5ODRkMDc4MTE3Mzc4N2RmNjVjYWFiMS0wKwYDVQQDEyRiMGRiYmI2
YS01NDcyLTRiNjgtYWU0ZC00MDE1MTg2MDMwMzkwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCimaFVvhIVH7kuoPYbg0QQAKgB1PFEsPZwQ3eIWJfzQjTY
73myoCd/FgYmXBxOFrohicnE/S/fcmgLdgZvb3gjtz6NwLZwqdtqjEo2ZFFFIlhB
9OoUM2GitklksuH9f3uWIdO02t2oLyVdabkFCWYOQBX6VUv8VFnUD5aGILDRFUnW
xnWSGbJRmn8K8/7DCEUj8PBfuwGVLnfyaPZJNLdp3YZkn9Uh+xkaF+HRuK/Rxzmh
TinmI6r4C1KDpEBq6rcgxYhHXUccNmWJlTqvCeb83wKSIg+5irtq+lQT0/8iJYp7
LQzsVEHbOOOmy2se7se8CHyXRYn/MY+xeGrXKDmxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPsdYFqqg7m7xzXy1ET0+MR50BLAwHwYDVR0jBBgwFoAUfYRHxJeKC0xz
m+v2kuJMdd0/vK4wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9iNGU0ZmVjNS0z
NTEwLTQwMTctOTBlZi04MzkxNDEyZWNkNmMvMGVlNDU4M2Q4NGQ5YjRmMDgyNGNi
ODBiYThmYzEyNDBiNDc5NGI1MTUwNzFlOTc1MWQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZGZkN2Y2ZDMtZTZlOS00OTg3LTlhZTctZDA1
MmM1MzUzODk4LzM1ZGQ4MDgwLTUzNzUtNDc1NS1iZWE5LTk4MmY0MDUyNmVhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2RmZDdmNmQzLWU2ZTktNDk4Ny05YWU3
LWQwNTJjNTM1Mzg5OC8yYlR3Z2t5NEM2ajhFa0MwZVV0UlVISHBkUjAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASsYGAwDQYJKoZIhvcNAQELBQADggEBAHYmmnNRJ7U5evBY19cJ3jEvs2rS
LifpxWsR5hM8dMn9j0/jm5LDS1pRJTcEZrsMQFrU0WNn1gLiuECPSW6Gd7Cd/mAS
c4/d4tU44YSuywwpsxSlu7nFa2UJn4bqZIvot+IW7wXs0XTttGirS3CsIZAofr4h
al0FFTQSTwQ/1+4Hg+oBo+w/G1mBEpE2+gC3H+s8zsCNnNx6QjfYmMBTqjQcfBEu
7KB9hWibcScADRR+y/8IpkVc9y2bz+x5KHDioj1csGda0sJFo5TtWgZvRAY1vyXN
Tkti5RZ+JBMX7pcEE3NgafbbFFpdBCqd45SwGC69O+uvPOLARLvhZ2xAsN0=
-----END CERTIFICATE-----