Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/2fe9db9b-190c-4cb8-b39b-c434b766e412.roa
File:                     2fe9db9b-190c-4cb8-b39b-c434b766e412.roa (raw, json)
Hash identifier:          PJd7hb+Mx5X2xyLOOebxIm/J4ldengNKnT7SaPjhHIM=
Subject key identifier:   AB:5A:18:CA:C4:09:69:0A:4B:81:60:0B:65:BF:43:65:75:9D:3B:84
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       72D23D51F900BA0A77EF748451CA4AB76090C7C2
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/2fe9db9b-190c-4cb8-b39b-c434b766e412.roa
Signing time:             Mon 16 Jun 2025 18:50:20 +0000
ROA not before:           Mon 16 Jun 2025 18:50:20 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 18:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:d2:3d:51:f9:00:ba:0a:77:ef:74:84:51:ca:4a:b7:60:90:c7:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jun 16 18:50:20 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=9618499232cf506176a1d04b86aaec4256786fc9b07e5ed168a77cfb46f38f77, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:8e:11:d6:5b:51:18:9b:ef:f4:1a:76:2a:ec:
                    57:dc:52:d6:cd:c5:1b:74:22:c9:38:9d:43:6b:fa:
                    bb:59:e8:33:d7:e8:7d:3d:21:40:f2:b5:c3:1a:9b:
                    3e:c2:24:bf:1a:e3:5c:07:b4:c2:6c:00:84:f0:17:
                    2c:f3:c3:0a:4d:f1:03:0e:92:98:3c:bd:e0:82:b9:
                    52:86:75:f4:83:b7:a1:8c:e6:c9:70:df:e9:db:71:
                    c1:70:91:ec:ff:35:0f:ee:c2:a5:9c:4b:d3:14:12:
                    d0:47:0b:f4:80:47:95:f3:e1:e9:b9:a7:20:2a:9b:
                    9e:ca:07:34:f5:3b:c8:53:bc:20:5f:61:b3:39:10:
                    6f:fe:42:01:d8:96:2c:e3:7b:ac:27:b6:32:0c:de:
                    68:45:fe:05:d7:45:fd:50:34:c1:d2:18:cf:36:48:
                    bd:2e:75:10:e2:d8:6e:bc:47:bc:36:2c:0a:9d:dc:
                    25:51:ef:ba:a2:e8:5b:42:4d:5c:a1:fe:b7:02:37:
                    91:80:2f:b8:67:8f:d0:f8:51:91:8f:cb:20:7f:4f:
                    26:93:60:06:29:b1:12:29:61:f7:2f:64:42:60:7d:
                    c3:d1:e0:59:c3:52:00:37:2d:4a:a4:30:5d:c4:02:
                    3d:ca:fb:22:7f:23:73:4a:6e:39:a9:45:5b:1b:62:
                    ed:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:5A:18:CA:C4:09:69:0A:4B:81:60:0B:65:BF:43:65:75:9D:3B:84
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/2fe9db9b-190c-4cb8-b39b-c434b766e412.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:3e:c0:c6:b5:59:a1:af:8f:7c:2b:3a:f9:d3:5f:91:b7:15:
         de:f5:ae:18:25:76:e5:bc:41:ea:c4:3c:58:3c:c9:54:69:9e:
         39:43:f8:eb:95:e1:bf:fe:e7:47:7e:a9:c9:dc:39:4f:73:2f:
         6b:c7:9d:fa:c7:57:e8:54:e8:2b:d8:38:fd:8c:73:e1:5c:fd:
         fe:cf:21:b2:59:0d:0e:a5:3d:cb:2a:b5:e9:cb:5c:ca:25:0b:
         ee:4a:46:0c:45:29:e4:49:cd:89:df:34:3f:25:5e:b2:8b:9a:
         63:6a:df:2b:99:92:f5:79:16:02:1f:1a:54:be:f1:23:da:58:
         d1:d9:12:9a:51:4a:9f:a0:5b:dd:36:97:48:88:fa:66:4e:5f:
         40:b3:53:51:f2:df:92:99:95:56:6d:0f:34:7a:59:c4:de:fe:
         d7:cb:52:2b:55:19:93:1f:66:0b:7c:b8:8d:b4:63:d0:22:7f:
         0c:6a:7d:ef:ee:f4:5c:4d:01:db:5e:0d:ca:fe:3f:ad:61:75:
         95:00:1e:62:f0:cc:eb:0a:45:a2:7a:40:e5:81:9d:9d:91:8e:
         6d:b7:7b:59:3c:b7:b8:ad:0e:ff:d9:97:23:ae:cc:f8:db:52:
         8a:f9:a5:73:d3:96:c6:4b:4d:64:06:3d:a1:3f:96:ed:79:79:
         bc:47:82:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUctI9UfkAugp373SEUcpKt2CQx8IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwNjE2MTg1MDIwWhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NjE4NDk5MjMyY2Y1MDYxNzZhMWQwNGI4NmFhZWM0MjU2
Nzg2ZmM5YjA3ZTVlZDE2OGE3N2NmYjQ2ZjM4Zjc3MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPjhHWW1EYm+/0GnYq7FfcUtbNxRt0Isk4nUNr+rtZ6DPX
6H09IUDytcMamz7CJL8a41wHtMJsAITwFyzzwwpN8QMOkpg8veCCuVKGdfSDt6GM
5slw3+nbccFwkez/NQ/uwqWcS9MUEtBHC/SAR5Xz4em5pyAqm57KBzT1O8hTvCBf
YbM5EG/+QgHYlizje6wntjIM3mhF/gXXRf1QNMHSGM82SL0udRDi2G68R7w2LAqd
3CVR77qi6FtCTVyh/rcCN5GAL7hnj9D4UZGPyyB/TyaTYAYpsRIpYfcvZEJgfcPR
4FnDUgA3LUqkMF3EAj3K+yJ/I3NKbjmpRVsbYu3dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq1oYysQJaQpLgWALZb9DZXWdO4QwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzJmZTlkYjliLTE5MGMtNGNiOC1iMzliLWM0MzRiNzY2ZTQxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUhAwDQYJKoZIhvcNAQELBQADggEBAHY+wMa1WaGvj3wrOvnTX5G3Fd71
rhglduW8QerEPFg8yVRpnjlD+OuV4b/+50d+qcncOU9zL2vHnfrHV+hU6CvYOP2M
c+Fc/f7PIbJZDQ6lPcsqtenLXMolC+5KRgxFKeRJzYnfND8lXrKLmmNq3yuZkvV5
FgIfGlS+8SPaWNHZEppRSp+gW902l0iI+mZOX0CzU1Hy35KZlVZtDzR6WcTe/tfL
UitVGZMfZgt8uI20Y9Aifwxqfe/u9FxNAdteDcr+P61hdZUAHmLwzOsKRaJ6QOWB
nZ2Rjm23e1k8t7itDv/ZlyOuzPjbUor5pXPTlsZLTWQGPaE/lu15ebxHghA=
-----END CERTIFICATE-----