Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/35dd8080-5375-4755-bea9-982f40526ea4.roa
File:                     35dd8080-5375-4755-bea9-982f40526ea4.roa (raw, json)
Hash identifier:          +so24B7ZYGxm9nQE27gnASCGrNouyhskcSaFEk8LLzM=
Subject key identifier:   77:63:89:33:F9:1B:A4:A6:6E:35:21:2B:8B:5E:53:71:CE:5B:5D:DC
Certificate issuer:       /CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
Certificate serial:       38CD34F63F4D098C68CD5D82380EB3DA84611F4C
Authority key identifier: 7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/35dd8080-5375-4755-bea9-982f40526ea4.roa
Signing time:             Fri 06 Jun 2025 00:20:32 +0000
ROA not before:           Fri 06 Jun 2025 00:20:32 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        172.96.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 16 Jun 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:cd:34:f6:3f:4d:09:8c:68:cd:5d:82:38:0e:b3:da:84:61:1f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
        Validity
            Not Before: Jun  6 00:20:32 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=d76f12ad64e005b1f944f54d14a86d60b68a5a61f1b120f7227f2b2421e4ff58, CN=b0dbbb6a-5472-4b68-ae4d-401518603039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:dd:8d:43:c5:24:e3:76:f2:91:7a:b1:75:3f:
                    b4:57:3d:53:7e:60:2a:ef:bc:c8:72:58:a1:cd:dc:
                    17:0e:50:d3:de:3e:a0:b1:af:1f:3e:cd:27:60:c9:
                    fe:d8:13:68:a7:01:13:af:53:c9:62:c8:8f:6a:5a:
                    09:0f:44:1f:e5:21:a8:66:7f:66:1a:95:0a:11:00:
                    73:d5:2c:f9:cb:b6:24:c7:32:ce:b5:d6:f4:43:4e:
                    f1:60:31:11:03:8f:37:f5:03:d3:53:d1:99:4a:b5:
                    4a:13:a2:06:11:5e:18:4b:32:fa:92:64:04:de:37:
                    ed:a9:c8:fb:2a:32:92:a5:45:ba:6e:84:f9:92:e4:
                    8e:8f:c1:51:8e:e5:27:29:65:03:63:fb:f8:7e:7d:
                    fb:44:5b:04:6c:be:29:4f:00:4a:ef:eb:7a:8f:9a:
                    14:33:30:91:fa:4e:01:de:67:ab:0d:a2:c8:c1:ca:
                    65:2d:99:8c:ec:6a:b2:97:bc:e4:e5:61:8e:e7:e6:
                    56:dc:10:78:bf:25:6e:00:8e:7b:22:39:d8:3a:27:
                    0b:e2:63:01:14:d1:61:25:18:5d:43:93:3f:a0:67:
                    bf:36:72:a5:9f:61:0f:e0:a4:aa:ed:75:8f:89:e5:
                    d5:1b:3d:a5:a8:03:50:6a:18:55:df:04:be:1a:c4:
                    ca:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:63:89:33:F9:1B:A4:A6:6E:35:21:2B:8B:5E:53:71:CE:5B:5D:DC
            X509v3 Authority Key Identifier:
                keyid:7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/35dd8080-5375-4755-bea9-982f40526ea4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.96.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2b:0a:9d:93:f8:9b:b7:cb:70:bf:f6:a4:bb:e1:7d:e4:0a:a5:
         ae:48:2a:76:ab:c6:21:0a:79:1b:02:c7:17:53:27:e2:83:d8:
         6c:31:dc:e7:07:8b:0a:e4:db:63:fd:9a:30:a7:24:64:62:2a:
         0d:81:51:99:9c:e6:d4:43:06:f7:47:cd:e7:e9:bf:a5:d4:bc:
         8c:18:6e:20:60:bf:2b:99:d3:79:7c:ad:9d:e4:fb:08:7b:22:
         59:97:af:b4:de:82:cc:51:af:2f:99:fd:0c:54:c4:1b:da:40:
         b1:9a:ce:af:21:dc:73:27:9a:77:13:bf:27:20:c5:cb:06:1e:
         9d:d6:5f:78:8c:38:94:d8:83:0b:83:88:88:0f:ab:cf:6d:ba:
         80:40:d9:39:d5:be:40:47:ef:37:68:8c:64:7b:8c:69:7f:8b:
         06:6b:c9:e6:f6:05:48:56:95:a6:fe:08:6e:01:c2:2d:5a:93:
         fd:59:4e:1e:bc:52:ca:2c:6b:99:4b:50:45:dc:c8:07:ec:2a:
         57:b4:82:ff:c2:9e:b2:7f:33:28:ec:fd:20:1a:37:24:a5:c7:
         46:a3:50:aa:c1:98:e5:eb:b8:1d:bf:ee:bf:cc:bc:aa:a2:23:
         f9:a4:31:24:df:82:ba:be:80:8f:0f:f7:a0:b4:db:06:07:b5:
         64:89:40:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOM009j9NCYxozV2COA6z2oRhH0wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMGVlNDU4M2Q4NGQ5YjRmMDgyNGNiODBiYThmYzEyNDBi
NDc5NGI1MTUwNzFlOTc1MWQwHhcNMjUwNjA2MDAyMDMyWhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzZmMTJhZDY0ZTAwNWIxZjk0NGY1NGQxNGE4NmQ2MGI2
OGE1YTYxZjFiMTIwZjcyMjdmMmIyNDIxZTRmZjU4MS0wKwYDVQQDEyRiMGRiYmI2
YS01NDcyLTRiNjgtYWU0ZC00MDE1MTg2MDMwMzkwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC23Y1DxSTjdvKRerF1P7RXPVN+YCrvvMhyWKHN3BcOUNPe
PqCxrx8+zSdgyf7YE2inAROvU8liyI9qWgkPRB/lIahmf2YalQoRAHPVLPnLtiTH
Ms611vRDTvFgMREDjzf1A9NT0ZlKtUoTogYRXhhLMvqSZATeN+2pyPsqMpKlRbpu
hPmS5I6PwVGO5ScpZQNj+/h+fftEWwRsvilPAErv63qPmhQzMJH6TgHeZ6sNosjB
ymUtmYzsarKXvOTlYY7n5lbcEHi/JW4AjnsiOdg6JwviYwEU0WElGF1Dkz+gZ782
cqWfYQ/gpKrtdY+J5dUbPaWoA1BqGFXfBL4axMqpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd2OJM/kbpKZuNSEri15Tcc5bXdwwHwYDVR0jBBgwFoAUfYRHxJeKC0xz
m+v2kuJMdd0/vK4wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9iNGU0ZmVjNS0z
NTEwLTQwMTctOTBlZi04MzkxNDEyZWNkNmMvMGVlNDU4M2Q4NGQ5YjRmMDgyNGNi
ODBiYThmYzEyNDBiNDc5NGI1MTUwNzFlOTc1MWQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZGZkN2Y2ZDMtZTZlOS00OTg3LTlhZTctZDA1
MmM1MzUzODk4LzM1ZGQ4MDgwLTUzNzUtNDc1NS1iZWE5LTk4MmY0MDUyNmVhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2RmZDdmNmQzLWU2ZTktNDk4Ny05YWU3
LWQwNTJjNTM1Mzg5OC8yYlR3Z2t5NEM2ajhFa0MwZVV0UlVISHBkUjAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASsYGAwDQYJKoZIhvcNAQELBQADggEBACsKnZP4m7fLcL/2pLvhfeQKpa5I
KnarxiEKeRsCxxdTJ+KD2Gwx3OcHiwrk22P9mjCnJGRiKg2BUZmc5tRDBvdHzefp
v6XUvIwYbiBgvyuZ03l8rZ3k+wh7IlmXr7TegsxRry+Z/QxUxBvaQLGazq8h3HMn
mncTvycgxcsGHp3WX3iMOJTYgwuDiIgPq89tuoBA2TnVvkBH7zdojGR7jGl/iwZr
yeb2BUhWlab+CG4Bwi1ak/1ZTh68Usosa5lLUEXcyAfsKle0gv/CnrJ/Myjs/SAa
NySlx0ajUKrBmOXruB2/7r/MvKqiI/mkMSTfgrq+gI8P96C02wYHtWSJQAg=
-----END CERTIFICATE-----