Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/ef566134-dc37-415a-a1e3-05f23305a92b.roa
File:                     ef566134-dc37-415a-a1e3-05f23305a92b.roa (raw, json)
Hash identifier:          pG4fCzbjyPd7mhHs/CN5+NFS/zwVtiBUsODJbVgccMQ=
Subject key identifier:   69:4D:BC:68:3A:5D:08:77:60:28:BE:4F:AB:C7:25:E3:F1:55:E4:59
Certificate issuer:       /CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
Certificate serial:       20A813C4F00C1C05F60A0951B0570839C3BE39FA
Authority key identifier: 7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/ef566134-dc37-415a-a1e3-05f23305a92b.roa
Signing time:             Fri 06 Jun 2025 00:20:30 +0000
ROA not before:           Fri 06 Jun 2025 00:20:30 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        172.96.104.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/b4e4fec5-3510-4017-90ef-8391412ecd6c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:a8:13:c4:f0:0c:1c:05:f6:0a:09:51:b0:57:08:39:c3:be:39:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d
        Validity
            Not Before: Jun  6 00:20:30 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=400b57ff4664e3d16dceece51636c19c5b08f74a4018b7d4016f40fb3d493689, CN=b0dbbb6a-5472-4b68-ae4d-401518603039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:dc:67:95:63:27:6a:40:a9:fa:80:48:5d:1f:
                    14:b4:0a:45:ea:59:e2:f8:e4:86:78:42:84:1a:76:
                    e7:60:0b:39:a3:16:87:e3:00:27:b6:2c:92:65:97:
                    4c:8b:18:a3:ce:8d:1b:1c:a7:23:fd:41:eb:38:91:
                    c2:52:50:22:c3:92:41:ef:27:42:b3:b7:26:bb:54:
                    13:36:4e:b6:3c:0b:5f:51:42:69:8b:12:33:90:70:
                    18:c5:50:e1:c7:99:6d:ab:e7:5f:9f:88:c6:df:20:
                    d0:b6:d4:24:cd:dc:24:ef:ca:5b:27:85:6f:2d:b7:
                    6e:69:1c:2e:16:8d:5d:45:4f:f3:58:65:19:5d:42:
                    1d:b5:47:1b:dd:bd:e3:07:23:92:72:46:96:88:2e:
                    ad:84:3d:7e:51:fe:c3:7f:e0:cf:30:64:80:17:39:
                    fd:9a:6a:30:6e:db:1e:c2:06:50:56:ac:1b:e9:00:
                    d3:b9:fe:9c:1f:cd:c7:2e:ff:d9:d6:7c:35:21:f9:
                    f6:2e:89:01:86:94:cb:2a:ce:78:8b:84:0c:6a:bc:
                    75:35:a8:54:36:ae:9d:dc:f4:8e:70:46:63:2e:32:
                    b7:d9:2b:d8:91:85:15:a9:5a:72:5b:e5:61:85:ab:
                    dc:2c:cb:59:c5:fc:95:92:5b:75:c8:8b:76:da:3f:
                    7f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4D:BC:68:3A:5D:08:77:60:28:BE:4F:AB:C7:25:E3:F1:55:E4:59
            X509v3 Authority Key Identifier:
                keyid:7D:84:47:C4:97:8A:0B:4C:73:9B:EB:F6:92:E2:4C:75:DD:3F:BC:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/b4e4fec5-3510-4017-90ef-8391412ecd6c/0ee4583d84d9b4f0824cb80ba8fc1240b4794b515071e9751d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/ef566134-dc37-415a-a1e3-05f23305a92b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dfd7f6d3-e6e9-4987-9ae7-d052c5353898/2bTwgky4C6j8EkC0eUtRUHHpdR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.96.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5f:0b:7a:43:77:6f:43:85:04:d0:0b:59:f3:f6:20:d4:ab:e6:
         75:db:6f:8d:37:4c:17:d9:04:3f:39:6c:2f:a9:43:57:1e:86:
         37:60:de:14:64:f5:06:21:f6:ee:6e:e4:88:2e:a0:8b:c8:04:
         e3:60:de:2a:db:92:00:c1:9f:c6:02:35:31:79:19:17:8f:9d:
         4a:2b:f3:06:e0:20:ae:10:e2:31:c9:2c:49:d4:93:9a:95:54:
         d5:de:06:bb:b7:ca:f5:d5:20:d2:8e:cf:75:db:64:07:47:20:
         0b:02:c6:80:9e:a4:0b:86:69:ea:93:6e:1a:61:01:64:4c:a1:
         fe:e1:76:7e:b0:78:22:32:5f:4e:57:a9:0c:6c:49:9a:ec:34:
         5a:e3:c5:42:75:19:34:62:5e:7b:10:94:c6:0c:22:fa:1c:99:
         2a:0d:4c:68:7d:58:d2:2a:d7:82:f9:11:98:c6:45:64:a5:bc:
         3d:2d:61:1f:d0:58:81:b2:e3:d0:ca:98:42:69:3a:c9:32:da:
         40:d9:15:ff:75:8a:5c:54:aa:a1:65:8c:16:bd:91:51:5b:60:
         ed:30:d4:2b:74:5c:5f:b4:76:d0:c8:2b:51:cd:f1:99:89:80:
         00:8d:0b:e9:ca:08:09:e6:aa:cf:0e:5f:ef:21:f8:8d:c5:c6:
         14:1f:a3:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIKgTxPAMHAX2CglRsFcIOcO+OfowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMGVlNDU4M2Q4NGQ5YjRmMDgyNGNiODBiYThmYzEyNDBi
NDc5NGI1MTUwNzFlOTc1MWQwHhcNMjUwNjA2MDAyMDMwWhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDBiNTdmZjQ2NjRlM2QxNmRjZWVjZTUxNjM2YzE5YzVi
MDhmNzRhNDAxOGI3ZDQwMTZmNDBmYjNkNDkzNjg5MS0wKwYDVQQDEyRiMGRiYmI2
YS01NDcyLTRiNjgtYWU0ZC00MDE1MTg2MDMwMzkwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDS3GeVYydqQKn6gEhdHxS0CkXqWeL45IZ4QoQadudgCzmj
FofjACe2LJJll0yLGKPOjRscpyP9Qes4kcJSUCLDkkHvJ0Kztya7VBM2TrY8C19R
QmmLEjOQcBjFUOHHmW2r51+fiMbfINC21CTN3CTvylsnhW8tt25pHC4WjV1FT/NY
ZRldQh21RxvdveMHI5JyRpaILq2EPX5R/sN/4M8wZIAXOf2aajBu2x7CBlBWrBvp
ANO5/pwfzccu/9nWfDUh+fYuiQGGlMsqzniLhAxqvHU1qFQ2rp3c9I5wRmMuMrfZ
K9iRhRWpWnJb5WGFq9wsy1nF/JWSW3XIi3baP38bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaU28aDpdCHdgKL5Pq8cl4/FV5FkwHwYDVR0jBBgwFoAUfYRHxJeKC0xz
m+v2kuJMdd0/vK4wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9iNGU0ZmVjNS0z
NTEwLTQwMTctOTBlZi04MzkxNDEyZWNkNmMvMGVlNDU4M2Q4NGQ5YjRmMDgyNGNi
ODBiYThmYzEyNDBiNDc5NGI1MTUwNzFlOTc1MWQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZGZkN2Y2ZDMtZTZlOS00OTg3LTlhZTctZDA1
MmM1MzUzODk4L2VmNTY2MTM0LWRjMzctNDE1YS1hMWUzLTA1ZjIzMzA1YTkyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2RmZDdmNmQzLWU2ZTktNDk4Ny05YWU3
LWQwNTJjNTM1Mzg5OC8yYlR3Z2t5NEM2ajhFa0MwZVV0UlVISHBkUjAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOsYGgwDQYJKoZIhvcNAQELBQADggEBAF8LekN3b0OFBNALWfP2INSr5nXb
b403TBfZBD85bC+pQ1cehjdg3hRk9QYh9u5u5IguoIvIBONg3irbkgDBn8YCNTF5
GRePnUor8wbgIK4Q4jHJLEnUk5qVVNXeBru3yvXVINKOz3XbZAdHIAsCxoCepAuG
aeqTbhphAWRMof7hdn6weCIyX05XqQxsSZrsNFrjxUJ1GTRiXnsQlMYMIvocmSoN
TGh9WNIq14L5EZjGRWSlvD0tYR/QWIGy49DKmEJpOsky2kDZFf91ilxUqqFljBa9
kVFbYO0w1Ct0XF+0dtDIK1HN8ZmJgACNC+nKCAnmqs8OX+8h+I3FxhQfo1g=
-----END CERTIFICATE-----