Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/07653354-62e0-4912-98f0-2c22354ec38a.roa
File:                     07653354-62e0-4912-98f0-2c22354ec38a.roa (raw, json)
Hash identifier:          Zaco078LnnFzzZeW2Rq9kYQMVlUA+kPrNtPiGx4W2vU=
Subject key identifier:   6C:D0:53:04:45:52:3A:2F:1B:42:89:5F:04:E2:CE:E0:7D:B6:C6:37
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       357B4405759287BA1A32658865804B872386B865
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/07653354-62e0-4912-98f0-2c22354ec38a.roa
Signing time:             Tue 21 Oct 2025 00:50:09 +0000
ROA not before:           Tue 21 Oct 2025 00:50:09 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.127.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 23 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:7b:44:05:75:92:87:ba:1a:32:65:88:65:80:4b:87:23:86:b8:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Oct 21 00:50:09 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=41a5091ea7c5adf17a76b0bc821ce9eaf5f90db94a467f0c19d6e966626d5e7b, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fd:e9:db:f6:55:39:e0:27:48:77:c1:68:e2:
                    ad:60:02:5a:c8:b4:1a:dd:9e:1e:7e:c0:d2:93:fa:
                    a4:f3:eb:86:ca:1d:ac:0f:6a:75:cd:9d:86:27:4a:
                    6c:89:a8:16:ca:5a:5b:46:55:55:d7:b7:e4:cf:eb:
                    66:19:a7:a4:1b:65:21:0c:ca:53:f4:1b:fe:af:00:
                    90:f9:b8:2d:0f:5a:c7:2c:1c:e1:34:2c:3a:cc:d5:
                    08:32:8d:1f:d2:d7:53:48:8b:b2:61:bb:ab:60:d7:
                    54:05:9d:ff:e8:d6:51:41:12:be:4c:44:4a:f6:2c:
                    08:f9:8e:7b:71:d7:1d:80:29:de:e0:e3:5a:93:ff:
                    ae:54:7d:02:eb:c0:7c:2e:1f:fe:4f:dc:81:9b:55:
                    74:4c:06:fd:82:1d:a8:f5:bf:14:0c:39:85:d2:23:
                    11:07:41:1d:f9:a3:12:64:69:21:cc:0a:c7:69:ac:
                    a8:74:e1:5a:ad:7a:63:6e:55:20:5e:95:9d:0b:31:
                    68:b7:1e:4e:90:5b:d0:75:e4:13:9e:03:c3:3c:81:
                    e6:d3:18:a9:72:ca:95:4d:2d:bd:ef:e5:d4:c3:0c:
                    bd:b2:0d:73:a4:bf:44:ae:e6:11:8f:5c:4b:78:82:
                    73:76:c5:46:20:3f:6e:25:11:54:dd:0d:2f:06:fc:
                    fd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D0:53:04:45:52:3A:2F:1B:42:89:5F:04:E2:CE:E0:7D:B6:C6:37
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/07653354-62e0-4912-98f0-2c22354ec38a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2e:83:80:1a:fa:94:a1:55:0f:49:bb:f4:e3:13:a5:b0:7c:42:
         32:32:61:73:5a:13:ef:12:fd:3f:d6:be:ad:81:5e:4a:0c:98:
         f7:52:4f:10:6f:eb:a3:56:77:4e:0c:27:41:6c:b0:11:1e:62:
         e1:bd:d1:c1:c2:9c:3b:08:be:de:36:f3:44:d3:e3:69:ef:2f:
         b5:9e:65:e9:a9:24:7a:e9:97:90:23:b3:58:82:51:3f:de:ff:
         96:c1:4e:9f:6c:e6:f6:6d:6a:b5:4e:3a:77:9d:6e:77:14:43:
         62:2a:e1:aa:be:4b:6d:95:da:fc:77:b6:45:d6:9c:ba:f2:83:
         11:0e:a1:bf:52:7e:a7:72:6d:ce:cd:e4:8e:bd:98:07:a4:42:
         e7:f7:6b:08:90:93:69:4a:05:f2:0e:0f:90:6c:e5:9f:d1:cf:
         ac:d6:f4:52:74:36:25:13:fd:0d:0d:d8:a5:49:f3:1a:50:8e:
         5c:40:13:89:0b:bd:88:0a:a2:55:24:b1:c4:0d:8c:b6:e0:e3:
         27:8e:1d:15:75:23:ce:53:25:14:96:a8:86:88:99:13:1e:69:
         e4:10:38:e6:a4:1a:b5:68:ca:38:ed:de:9d:3e:7b:16:30:da:
         15:db:0e:cc:86:82:02:a0:8c:91:c9:7a:9a:ff:bb:eb:49:4d:
         42:32:a7:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNXtEBXWSh7oaMmWIZYBLhyOGuGUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUxMDIxMDA1MDA5WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWE1MDkxZWE3YzVhZGYxN2E3NmIwYmM4MjFjZTllYWY1
ZjkwZGI5NGE0NjdmMGMxOWQ2ZTk2NjYyNmQ1ZTdiMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDY/enb9lU54CdId8Fo4q1gAlrItBrdnh5+wNKT+qTz64bK
HawPanXNnYYnSmyJqBbKWltGVVXXt+TP62YZp6QbZSEMylP0G/6vAJD5uC0PWscs
HOE0LDrM1QgyjR/S11NIi7Jhu6tg11QFnf/o1lFBEr5MREr2LAj5jntx1x2AKd7g
41qT/65UfQLrwHwuH/5P3IGbVXRMBv2CHaj1vxQMOYXSIxEHQR35oxJkaSHMCsdp
rKh04VqtemNuVSBelZ0LMWi3Hk6QW9B15BOeA8M8gebTGKlyypVNLb3v5dTDDL2y
DXOkv0Su5hGPXEt4gnN2xUYgP24lEVTdDS8G/P0ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbNBTBEVSOi8bQolfBOLO4H22xjcwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzA3NjUzMzU0LTYyZTAtNDkxMi05OGYwLTJjMjIzNTRlYzM4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVgfyAwDQYJKoZIhvcNAQELBQADggEBAC6DgBr6lKFVD0m79OMTpbB8QjIy
YXNaE+8S/T/Wvq2BXkoMmPdSTxBv66NWd04MJ0FssBEeYuG90cHCnDsIvt4280TT
42nvL7WeZempJHrpl5Ajs1iCUT/e/5bBTp9s5vZtarVOOnedbncUQ2Iq4aq+S22V
2vx3tkXWnLrygxEOob9Sfqdybc7N5I69mAekQuf3awiQk2lKBfIOD5Bs5Z/Rz6zW
9FJ0NiUT/Q0N2KVJ8xpQjlxAE4kLvYgKolUkscQNjLbg4yeOHRV1I85TJRSWqIaI
mRMeaeQQOOakGrVoyjjt3p0+exYw2hXbDsyGggKgjJHJepr/u+tJTUIyp+g=
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:49:32 2025 by rpki-client