Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ac091c5-8143-4a71-81c4-f34c33d996aa.roa
File:                     2ac091c5-8143-4a71-81c4-f34c33d996aa.roa (raw, json)
Hash identifier:          n02+q20wwGkTlaBR6J4bNV0ElDdqEThuPdtuor1R/lM=
Subject key identifier:   7E:79:39:F5:F8:6C:3A:0C:0D:BA:F9:D5:2E:DA:2C:B5:59:4C:F1:DD
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       73EF52899D45AF4A04DCE1169F444CEE560F0AA7
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ac091c5-8143-4a71-81c4-f34c33d996aa.roa
Signing time:             Sun 19 Oct 2025 04:00:14 +0000
ROA not before:           Sun 19 Oct 2025 04:00:14 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:ef:52:89:9d:45:af:4a:04:dc:e1:16:9f:44:4c:ee:56:0f:0a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Oct 19 04:00:14 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=77977ea16e11862dceff2f99a072975f867147e98bdf055326310b9acdd9b611, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b3:c2:13:4c:28:ba:6b:a6:ec:3d:66:42:b2:
                    ae:6d:23:4d:3f:b9:4c:08:24:16:f9:2c:85:6e:04:
                    e9:bf:23:2b:4d:14:80:dc:6d:e2:9d:55:e3:96:36:
                    4a:c7:a1:11:48:8f:52:64:42:cd:41:c2:17:e3:de:
                    81:47:86:d6:13:ce:c8:40:61:5b:98:e6:e6:1a:7f:
                    f9:31:56:15:0b:2e:74:ab:ca:fe:d1:f9:f7:83:93:
                    2d:d6:05:35:eb:fd:20:a9:03:34:1f:4c:2b:92:38:
                    04:fb:ad:e6:75:74:a6:9b:e4:4c:6b:7a:e5:c5:c3:
                    81:a9:4b:b8:8b:38:93:5b:ee:cf:dc:46:0a:e4:d6:
                    17:a5:23:35:e9:ab:99:f0:8d:be:b1:11:b9:76:84:
                    cd:00:42:6e:a8:e0:90:76:f5:e2:56:04:a9:81:e7:
                    88:6b:f7:e4:2a:e6:22:3c:e7:92:b8:b7:3a:da:35:
                    2a:5a:93:59:41:b9:cd:85:bb:80:b1:14:95:23:95:
                    5f:70:f2:59:59:0b:d0:2a:83:a4:af:85:5c:70:67:
                    ef:06:fb:98:80:73:f0:35:2e:51:0a:07:03:19:68:
                    75:15:12:e6:35:b3:1f:33:c0:0c:21:6f:2f:a0:df:
                    13:d9:28:14:f4:e1:32:ee:2b:7a:ce:80:99:93:57:
                    80:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:79:39:F5:F8:6C:3A:0C:0D:BA:F9:D5:2E:DA:2C:B5:59:4C:F1:DD
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ac091c5-8143-4a71-81c4-f34c33d996aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:1c:b3:ad:34:87:a9:31:93:83:9b:bb:1f:bc:5d:f2:73:4f:
         6f:fa:5b:dc:88:31:4d:a3:3c:04:57:e6:13:8b:10:ed:e1:15:
         fd:0c:9f:b7:42:53:b0:bc:50:ba:31:ef:c5:ae:f5:51:6e:e1:
         6a:f6:1e:16:68:1a:5a:b1:2b:fa:07:1f:30:4f:f9:0f:b7:b9:
         41:ae:7b:80:3c:08:30:63:0b:c9:94:89:12:e8:4c:82:b2:20:
         7d:63:cc:0e:4d:6a:49:51:ce:c2:9d:ef:a6:9f:03:0d:3f:67:
         a2:94:e9:7b:66:c6:3a:95:52:2e:87:46:5e:3a:58:02:79:95:
         1c:a6:15:dd:f3:be:16:24:17:61:63:47:25:fe:80:ae:bb:0c:
         c3:d7:99:f2:12:28:fe:7f:19:12:39:98:c2:b6:57:c6:a3:fd:
         ce:04:58:7a:90:11:57:ee:f4:ae:a6:a5:a1:36:4c:e5:4d:12:
         27:37:47:af:3b:21:0f:6d:51:f9:2c:bb:60:42:6e:96:61:a7:
         07:a8:e5:e2:c4:13:1d:28:ed:19:66:27:ac:e5:85:42:63:4d:
         97:f6:45:21:31:2c:06:64:de:73:54:5d:22:28:8e:96:3f:a5:
         5b:1c:0a:50:9c:e0:59:db:1b:9c:ca:8f:cd:2f:67:fd:df:c4:
         4b:f8:62:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc+9SiZ1Fr0oE3OEWn0RM7lYPCqcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUxMDE5MDQwMDE0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3Nzk3N2VhMTZlMTE4NjJkY2VmZjJmOTlhMDcyOTc1Zjg2
NzE0N2U5OGJkZjA1NTMyNjMxMGI5YWNkZDliNjExMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIs8ITTCi6a6bsPWZCsq5tI00/uUwIJBb5LIVuBOm/IytN
FIDcbeKdVeOWNkrHoRFIj1JkQs1Bwhfj3oFHhtYTzshAYVuY5uYaf/kxVhULLnSr
yv7R+feDky3WBTXr/SCpAzQfTCuSOAT7reZ1dKab5ExreuXFw4GpS7iLOJNb7s/c
Rgrk1helIzXpq5nwjb6xEbl2hM0AQm6o4JB29eJWBKmB54hr9+Qq5iI855K4tzra
NSpak1lBuc2Fu4CxFJUjlV9w8llZC9Aqg6SvhVxwZ+8G+5iAc/A1LlEKBwMZaHUV
EuY1sx8zwAwhby+g3xPZKBT04TLuK3rOgJmTV4A1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfnk59fhsOgwNuvnVLtostVlM8d0wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzJhYzA5MWM1LTgxNDMtNGE3MS04MWM0LWYzNGMzM2Q5OTZhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYCYwDQYJKoZIhvcNAQELBQADggEBAD8cs600h6kxk4Obux+8XfJzT2/6
W9yIMU2jPARX5hOLEO3hFf0Mn7dCU7C8ULox78Wu9VFu4Wr2HhZoGlqxK/oHHzBP
+Q+3uUGue4A8CDBjC8mUiRLoTIKyIH1jzA5NaklRzsKd76afAw0/Z6KU6XtmxjqV
Ui6HRl46WAJ5lRymFd3zvhYkF2FjRyX+gK67DMPXmfISKP5/GRI5mMK2V8aj/c4E
WHqQEVfu9K6mpaE2TOVNEic3R687IQ9tUfksu2BCbpZhpweo5eLEEx0o7RlmJ6zl
hUJjTZf2RSExLAZk3nNUXSIojpY/pVscClCc4FnbG5zKj80vZ/3fxEv4Yuc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:37:16 2025 by rpki-client