Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa
File:                     2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa (raw, json)
Hash identifier:          TiyqfxjxePCsFdkr1ohu4fsVeNUtT4Ha6tsBdIwE7f0=
Subject key identifier:   54:01:76:1F:99:3A:35:CF:F6:63:F8:B4:32:97:CE:0F:4C:D1:0D:BE
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       1221AEF71D0396B66064248B1341FBD3CF31BD83
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa
Signing time:             Tue 15 Apr 2025 00:50:26 +0000
ROA not before:           Tue 15 Apr 2025 00:50:26 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.96.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:21:ae:f7:1d:03:96:b6:60:64:24:8b:13:41:fb:d3:cf:31:bd:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Apr 15 00:50:26 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=ffa09285ef4fc6856131f90e37264bedcef1a3193b7292d96f2415b05eaa5948, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:61:ad:22:20:4c:98:a2:87:a5:61:4d:54:b9:
                    a1:31:5d:85:18:0c:24:57:c0:1e:d4:79:99:b3:79:
                    c0:f2:16:9a:6d:5e:99:99:e4:17:dd:f1:7c:12:aa:
                    ad:b7:30:9a:a1:ab:6e:0c:1e:8a:f4:ff:93:7d:7a:
                    7c:94:36:41:5a:27:d3:0b:ae:a7:da:75:54:4d:5f:
                    46:b6:68:6a:9a:07:fd:44:76:a4:c8:55:64:7c:a5:
                    cb:8b:b7:43:ba:cf:ce:4e:ef:71:c6:dd:e9:75:3d:
                    03:72:14:05:a7:73:06:3c:d1:88:76:96:eb:1f:6b:
                    a2:0a:de:4b:f8:78:25:9e:af:53:ff:62:67:dd:7b:
                    e4:0c:43:60:5e:38:a5:8a:6c:8f:00:c6:6e:e3:fc:
                    0f:2c:a3:d6:04:42:cd:70:f5:aa:4a:d4:83:5e:41:
                    d6:b2:7f:d1:8c:32:4e:a0:9d:d6:98:bb:a5:64:50:
                    e3:cf:2e:31:e8:c4:aa:ae:0a:2b:fe:3a:76:62:0c:
                    db:89:7e:1c:a3:c1:ae:0d:80:b0:ff:64:03:d2:30:
                    38:42:87:d2:36:c9:42:22:7c:16:2f:6f:f7:69:45:
                    93:12:6b:b4:5f:bc:a7:d6:e4:2f:b1:0f:9e:00:87:
                    25:9e:c0:e6:a3:53:1a:a4:d9:37:c9:f3:31:fb:8f:
                    61:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:01:76:1F:99:3A:35:CF:F6:63:F8:B4:32:97:CE:0F:4C:D1:0D:BE
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2ca5264c-7bf5-4248-b6ad-dd9cf57a2be3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ae:21:01:d9:dd:48:29:5d:f3:77:a7:35:9c:91:b7:28:d1:
         95:fa:4b:de:18:b8:6b:1e:5c:e0:05:fd:6f:cf:34:cf:09:0b:
         da:7f:5e:ed:b9:4d:80:12:39:1d:5e:0c:14:66:69:93:79:1f:
         fd:ed:03:d1:dc:4f:e7:e4:02:6a:b4:65:ca:8e:f7:d7:48:ab:
         d6:d1:95:2c:2d:e1:24:b6:76:40:90:54:9b:5e:39:b3:1a:f0:
         4b:be:b5:41:d1:89:c4:dd:69:5d:de:e5:c1:fd:9b:01:d0:27:
         3a:d2:c9:3c:ea:a6:91:40:63:72:fe:25:e9:3b:38:79:4d:06:
         af:c8:1f:52:e2:c7:a5:12:75:ff:5f:68:df:51:ad:ae:e6:f3:
         f2:c1:94:04:85:85:96:eb:01:68:f3:fc:f7:8a:69:98:34:17:
         2d:87:52:2a:a3:65:e4:5c:8f:88:2b:5b:4e:b9:b0:a1:54:4a:
         34:80:00:d6:d1:80:54:47:31:cb:9c:5d:85:10:a5:ba:10:d4:
         27:33:b3:d4:62:d0:4b:68:ab:66:c1:c0:85:50:2c:9e:27:64:
         76:63:3a:0a:7f:e0:78:ba:71:77:94:37:c1:77:5a:bb:59:ce:
         f4:f9:ca:1f:28:40:b6:8a:a2:57:fe:b2:85:cf:b6:13:96:f1:
         0d:df:2d:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEiGu9x0DlrZgZCSLE0H7088xvYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNDE1MDA1MDI2WhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZmEwOTI4NWVmNGZjNjg1NjEzMWY5MGUzNzI2NGJlZGNl
ZjFhMzE5M2I3MjkyZDk2ZjI0MTViMDVlYWE1OTQ4MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvYa0iIEyYooelYU1UuaExXYUYDCRXwB7UeZmzecDyFppt
XpmZ5Bfd8XwSqq23MJqhq24MHor0/5N9enyUNkFaJ9MLrqfadVRNX0a2aGqaB/1E
dqTIVWR8pcuLt0O6z85O73HG3el1PQNyFAWncwY80Yh2lusfa6IK3kv4eCWer1P/
Ymfde+QMQ2BeOKWKbI8Axm7j/A8so9YEQs1w9apK1INeQdayf9GMMk6gndaYu6Vk
UOPPLjHoxKquCiv+OnZiDNuJfhyjwa4NgLD/ZAPSMDhCh9I2yUIifBYvb/dpRZMS
a7RfvKfW5C+xD54AhyWewOajUxqk2TfJ8zH7j2G9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVAF2H5k6Nc/2Y/i0MpfOD0zRDb4wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzJjYTUyNjRjLTdiZjUtNDI0OC1iNmFkLWRkOWNmNTdhMmJlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPQwDQYJKoZIhvcNAQELBQADggEBAD2uIQHZ3UgpXfN3pzWckbco0ZX6
S94YuGseXOAF/W/PNM8JC9p/Xu25TYASOR1eDBRmaZN5H/3tA9HcT+fkAmq0ZcqO
99dIq9bRlSwt4SS2dkCQVJteObMa8Eu+tUHRicTdaV3e5cH9mwHQJzrSyTzqppFA
Y3L+Jek7OHlNBq/IH1Lix6USdf9faN9Rra7m8/LBlASFhZbrAWjz/PeKaZg0Fy2H
UiqjZeRcj4grW065sKFUSjSAANbRgFRHMcucXYUQpboQ1Cczs9Ri0Etoq2bBwIVQ
LJ4nZHZjOgp/4Hi6cXeUN8F3WrtZzvT5yh8oQLaKolf+soXPthOW8Q3fLYY=
-----END CERTIFICATE-----