Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5d3a71cd-9e0f-47d1-bfef-bb2990fa9963.roa
File:                     5d3a71cd-9e0f-47d1-bfef-bb2990fa9963.roa (raw, json)
Hash identifier:          3VgnlsJW2EgM2y10sopGuvcIOA9PQ5xwirgyUfrKD7M=
Subject key identifier:   95:58:CC:6D:91:F3:A6:38:79:86:F6:A9:51:9E:10:73:F9:AD:65:AA
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       3C4C5794B938B50B48A9B001EA7E0E4E96960AF8
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5d3a71cd-9e0f-47d1-bfef-bb2990fa9963.roa
Signing time:             Mon 06 Oct 2025 17:20:11 +0000
ROA not before:           Mon 06 Oct 2025 17:20:11 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:4c:57:94:b9:38:b5:0b:48:a9:b0:01:ea:7e:0e:4e:96:96:0a:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Oct  6 17:20:11 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=e2963988cf7661c7befc700b3f00b04f5cc576ebfdcdab72e70404ac632ed3a0, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:cf:88:68:b1:ad:c5:70:e9:b8:78:8e:ab:cc:
                    1d:c1:ad:40:74:ff:bc:f8:cd:b6:21:14:ad:fc:3e:
                    31:2d:34:6b:05:01:7e:35:32:65:b5:f4:bf:c6:a7:
                    1b:0a:b5:db:d2:85:4e:a5:31:03:b5:44:65:6e:5e:
                    18:28:cd:ca:d5:04:4d:ef:5a:c8:7b:e6:19:6f:4c:
                    00:7b:dc:2e:8f:8b:d0:23:a7:39:8e:ce:25:e8:5d:
                    5e:7a:7a:37:05:df:b4:d6:a1:c3:3b:4d:c1:b4:7a:
                    2b:b7:8f:86:2a:a8:89:c6:91:9a:65:24:da:2c:70:
                    45:4f:3e:81:a2:b7:8c:1d:a0:cd:10:06:45:e4:b2:
                    da:ba:be:76:fc:89:3e:87:03:3f:fe:f9:8f:45:d6:
                    56:46:e8:a6:1b:bf:8a:eb:d9:6c:24:54:e5:23:ef:
                    c4:b2:0c:53:84:22:45:db:f0:d7:ae:1c:f7:c9:4a:
                    2a:87:dd:46:65:6a:57:d0:fc:16:ca:5f:43:6c:2b:
                    1c:ca:77:4a:22:ae:3a:40:6e:8b:41:26:fa:3e:13:
                    9c:19:f2:bc:35:6d:93:58:84:59:14:4a:8d:50:1f:
                    78:72:6d:b6:c1:af:bc:87:c5:f3:64:7d:a8:ab:08:
                    b9:85:12:b0:c9:68:8a:f0:76:c8:67:84:02:41:60:
                    b5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:58:CC:6D:91:F3:A6:38:79:86:F6:A9:51:9E:10:73:F9:AD:65:AA
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5d3a71cd-9e0f-47d1-bfef-bb2990fa9963.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:41:87:15:fa:d4:6f:a3:e9:90:99:d3:32:fd:bd:e4:d9:48:
         4b:95:c9:a8:89:a3:2f:94:5a:65:1c:7d:7b:5b:b6:3e:67:e7:
         23:26:ef:18:a4:50:b3:fb:f4:ff:7e:87:d6:fb:c3:75:ba:0c:
         98:f2:c3:8c:7c:e6:7b:4b:00:60:9f:c7:69:87:20:c5:a6:ab:
         82:15:ba:3e:0a:92:a2:29:f2:44:f9:25:cf:95:f3:ee:c7:86:
         52:54:3a:f1:05:e1:a6:e7:7d:20:a0:d4:92:81:f6:b0:76:cb:
         54:15:b7:06:7a:80:df:57:89:e8:f0:cd:04:5f:6d:04:98:34:
         2c:27:5f:07:49:bc:ad:e6:15:a5:49:31:2d:0c:9f:35:c3:ea:
         67:b2:b8:99:a7:5e:39:97:a2:bb:fe:cd:1a:dc:1e:4f:8e:67:
         8d:67:8d:20:3e:44:26:a8:e7:94:bc:c7:4e:87:94:3f:84:d8:
         ff:8a:b0:6c:20:5f:99:53:dc:d8:2b:6c:7c:57:6a:26:12:7c:
         fa:0d:d2:ac:d7:fe:ce:62:35:0a:1a:5b:16:5f:01:90:30:29:
         2e:ad:92:af:6f:8c:f7:af:50:46:dc:8a:70:e4:f8:18:ba:ff:
         93:f2:db:db:fb:1f:77:a7:45:70:aa:73:8d:de:09:52:06:cc:
         d7:91:0f:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPExXlLk4tQtIqbAB6n4OTpaWCvgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUxMDA2MTcyMDExWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjk2Mzk4OGNmNzY2MWM3YmVmYzcwMGIzZjAwYjA0ZjVj
YzU3NmViZmRjZGFiNzJlNzA0MDRhYzYzMmVkM2EwMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxz4hosa3FcOm4eI6rzB3BrUB0/7z4zbYhFK38PjEtNGsF
AX41MmW19L/GpxsKtdvShU6lMQO1RGVuXhgozcrVBE3vWsh75hlvTAB73C6Pi9Aj
pzmOziXoXV56ejcF37TWocM7TcG0eiu3j4YqqInGkZplJNoscEVPPoGit4wdoM0Q
BkXkstq6vnb8iT6HAz/++Y9F1lZG6KYbv4rr2WwkVOUj78SyDFOEIkXb8NeuHPfJ
SiqH3UZlalfQ/BbKX0NsKxzKd0oirjpAbotBJvo+E5wZ8rw1bZNYhFkUSo1QH3hy
bbbBr7yHxfNkfairCLmFErDJaIrwdshnhAJBYLU7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlVjMbZHzpjh5hvapUZ4Qc/mtZaowHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzVkM2E3MWNkLTllMGYtNDdkMS1iZmVmLWJiMjk5MGZhOTk2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYP0wDQYJKoZIhvcNAQELBQADggEBAHVBhxX61G+j6ZCZ0zL9veTZSEuV
yaiJoy+UWmUcfXtbtj5n5yMm7xikULP79P9+h9b7w3W6DJjyw4x85ntLAGCfx2mH
IMWmq4IVuj4KkqIp8kT5Jc+V8+7HhlJUOvEF4abnfSCg1JKB9rB2y1QVtwZ6gN9X
iejwzQRfbQSYNCwnXwdJvK3mFaVJMS0MnzXD6meyuJmnXjmXorv+zRrcHk+OZ41n
jSA+RCao55S8x06HlD+E2P+KsGwgX5lT3NgrbHxXaiYSfPoN0qzX/s5iNQoaWxZf
AZAwKS6tkq9vjPevUEbcinDk+Bi6/5Py29v7H3enRXCqc43eCVIGzNeRDwI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:58:36 2025 by rpki-client