Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa
File:                     9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa (raw, json)
Hash identifier:          u2h4Km5mYL7raO9luVpxDC4BjLlaS3AkxyA8oVkmB7w=
Subject key identifier:   DD:3E:49:E6:CB:B0:15:37:E3:E0:CA:F9:6A:8B:7C:CE:97:52:65:CF
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       02B7BF56988D00477A19030CEC1BC5706D6C7308
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa
Signing time:             Fri 26 Sep 2025 00:41:12 +0000
ROA not before:           Fri 26 Sep 2025 00:41:12 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.127.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 23 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:b7:bf:56:98:8d:00:47:7a:19:03:0c:ec:1b:c5:70:6d:6c:73:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Sep 26 00:41:12 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=088001f930f16c4efa43934a5f8deb82393f8c03cfe2cf3f495a1b816ced7bf8, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a3:e0:67:6b:32:94:f1:de:4a:ea:7f:f2:54:
                    27:26:ea:06:e7:db:23:1d:e6:d7:b2:49:82:0a:9e:
                    12:09:10:f7:23:8d:90:78:da:91:3b:90:a8:6a:22:
                    08:a1:62:f2:88:19:a9:57:84:6d:91:e0:26:ec:5b:
                    20:e0:de:1b:65:30:47:5d:64:2c:8f:2b:b9:ed:55:
                    15:7c:c7:f6:d9:4d:61:e4:30:5a:1d:9d:13:df:ed:
                    67:55:31:47:2c:8e:8b:2e:c3:d5:7c:16:94:00:31:
                    07:16:0c:94:53:fe:c4:c7:c7:52:14:6b:21:c4:11:
                    76:78:68:da:c3:af:05:2d:50:19:58:b8:e4:a0:1d:
                    6d:bb:ba:c7:3b:10:44:02:be:f1:e6:18:09:e5:8d:
                    61:a8:81:b7:71:16:ee:65:ce:d5:0f:ee:3d:4b:a1:
                    99:43:a3:1c:c9:bb:db:60:2d:00:e0:67:ad:43:8c:
                    c1:9e:a6:bb:00:4f:0d:4d:a7:d8:6b:00:4e:88:31:
                    8a:aa:23:a5:16:b7:a1:fb:dd:ec:82:4f:eb:68:3a:
                    84:9b:b9:2f:03:2d:d0:2c:40:70:0b:0b:11:1d:66:
                    c4:f3:e3:f5:25:2f:a6:3f:dd:54:b7:b6:5c:d8:36:
                    f9:3c:ec:4f:a8:71:a4:9b:ff:c3:2f:6a:b3:02:73:
                    8c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:3E:49:E6:CB:B0:15:37:E3:E0:CA:F9:6A:8B:7C:CE:97:52:65:CF
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/9bfde94a-1d95-4dce-b0b2-727172f5e49d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         16:53:72:41:d3:61:7e:d8:69:52:99:8e:ed:80:59:af:30:a0:
         67:b8:a8:47:41:f4:3c:84:cc:69:fb:5e:ab:b6:d0:42:21:cc:
         b0:80:87:92:65:e9:70:4f:76:e3:21:a4:96:bb:89:95:86:83:
         e3:08:39:f1:a3:d8:47:32:81:2c:68:db:d1:a9:22:2c:7d:4a:
         39:15:c7:8f:51:a9:40:24:5b:54:3f:27:d5:f1:25:9b:f5:80:
         ad:e7:5b:fd:c6:35:ab:c3:a8:91:05:02:5c:67:23:d8:00:cf:
         89:71:87:38:d2:c4:0e:b7:b4:70:e8:51:17:58:27:fc:4f:d4:
         d7:ab:68:d8:e2:b3:a4:52:53:ec:73:ea:7c:17:48:ec:47:66:
         c2:2a:39:f4:d9:e1:97:3c:76:43:98:fd:9c:96:a4:52:0b:db:
         2a:27:c2:97:46:57:15:de:03:97:a9:92:40:67:a5:a5:01:22:
         26:e0:9c:dd:71:ff:a2:67:a1:57:66:17:e3:52:c3:d6:a5:79:
         f0:da:e0:b8:e4:61:ee:d8:2f:e5:7f:c7:02:7d:1b:a5:e4:b3:
         6e:47:78:1e:b9:51:22:7b:b2:e4:fd:0c:35:d5:76:9b:9b:17:
         d5:7d:ba:a9:95:99:5d:67:19:10:8b:c8:20:e2:9d:a4:15:14:
         be:87:fa:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAre/VpiNAEd6GQMM7BvFcG1scwgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwOTI2MDA0MTEyWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwODgwMDFmOTMwZjE2YzRlZmE0MzkzNGE1ZjhkZWI4MjM5
M2Y4YzAzY2ZlMmNmM2Y0OTVhMWI4MTZjZWQ3YmY4MS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVo+BnazKU8d5K6n/yVCcm6gbn2yMd5teySYIKnhIJEPcj
jZB42pE7kKhqIgihYvKIGalXhG2R4CbsWyDg3htlMEddZCyPK7ntVRV8x/bZTWHk
MFodnRPf7WdVMUcsjosuw9V8FpQAMQcWDJRT/sTHx1IUayHEEXZ4aNrDrwUtUBlY
uOSgHW27usc7EEQCvvHmGAnljWGogbdxFu5lztUP7j1LoZlDoxzJu9tgLQDgZ61D
jMGeprsATw1Np9hrAE6IMYqqI6UWt6H73eyCT+toOoSbuS8DLdAsQHALCxEdZsTz
4/UlL6Y/3VS3tlzYNvk87E+ocaSb/8MvarMCc4z3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3T5J5suwFTfj4Mr5aot8zpdSZc8wHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzliZmRlOTRhLTFkOTUtNGRjZS1iMGIyLTcyNzE3MmY1ZTQ5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgfwgwDQYJKoZIhvcNAQELBQADggEBABZTckHTYX7YaVKZju2AWa8woGe4
qEdB9DyEzGn7Xqu20EIhzLCAh5Jl6XBPduMhpJa7iZWGg+MIOfGj2EcygSxo29Gp
Iix9SjkVx49RqUAkW1Q/J9XxJZv1gK3nW/3GNavDqJEFAlxnI9gAz4lxhzjSxA63
tHDoURdYJ/xP1NeraNjis6RSU+xz6nwXSOxHZsIqOfTZ4Zc8dkOY/ZyWpFIL2yon
wpdGVxXeA5epkkBnpaUBIibgnN1x/6JnoVdmF+NSw9alefDa4LjkYe7YL+V/xwJ9
G6Xks25HeB65USJ7suT9DDXVdpubF9V9uqmVmV1nGRCLyCDinaQVFL6H+jA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:16:15 2025 by rpki-client