Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa
File:                     93da312c-9a87-4802-ae6d-e784f74c131d.roa (raw, json)
Hash identifier:          A2hq+dlt4lrNA6Ne0Q3ZpsOYuvpwC2U6qgyaOl78T6o=
Subject key identifier:   3B:34:B6:E8:09:8D:7B:7C:70:F4:9C:20:B4:DF:81:98:F6:C4:DF:D8
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       4EFF5097D14DB45E91B5DD844A7D84415FB9650C
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa
Signing time:             Fri 26 Sep 2025 18:00:04 +0000
ROA not before:           Fri 26 Sep 2025 18:00:04 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ff:50:97:d1:4d:b4:5e:91:b5:dd:84:4a:7d:84:41:5f:b9:65:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Sep 26 18:00:04 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=72c7077ea6558a0920b6a6d6ef031aada3dcf9e1a41432ed1f484fa54e91b4e8, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:99:8b:bd:b7:ca:88:c8:f3:8f:2d:3c:24:82:
                    cc:eb:33:0b:15:1b:b1:4a:15:b3:f7:16:af:e6:0d:
                    cc:ea:f4:66:61:87:ab:03:7b:69:f5:99:75:d2:b4:
                    6a:3b:d6:03:09:c8:6b:c7:ae:d8:47:f9:db:2f:43:
                    67:77:f2:22:c3:68:36:83:0d:3d:5f:cd:2d:af:36:
                    c6:6f:cc:84:4b:9e:5e:c1:e5:d7:5d:83:5e:e7:c6:
                    2a:75:6b:df:40:6b:30:51:47:c0:bc:5f:1b:38:bb:
                    36:46:1e:e1:f6:06:76:53:6b:21:f5:96:df:7e:36:
                    a7:f5:d7:ba:d1:b3:86:66:b5:5d:b9:3e:7e:b7:4b:
                    4e:65:7f:41:8a:8b:7f:65:97:d7:b7:ef:69:4c:18:
                    1d:8a:3b:6b:fd:e1:1c:2a:ad:be:1c:39:6f:13:2a:
                    53:2b:81:1c:2b:67:14:3a:05:ee:61:a1:0e:57:b7:
                    67:21:9d:bb:35:ed:a8:f9:a7:c1:10:c3:e7:33:da:
                    e8:c8:f4:7f:ec:f4:ec:0e:57:29:3b:bd:be:3b:2e:
                    b3:42:61:11:99:ed:98:d0:eb:89:70:ea:cb:bb:b3:
                    55:07:93:7d:38:e6:aa:39:d8:02:72:20:66:ad:8d:
                    33:97:c7:c4:5c:df:bb:0e:e5:b5:ee:07:9e:77:dd:
                    5e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:34:B6:E8:09:8D:7B:7C:70:F4:9C:20:B4:DF:81:98:F6:C4:DF:D8
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/93da312c-9a87-4802-ae6d-e784f74c131d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a1:a9:74:82:21:ec:0e:8d:c8:d6:09:e2:7d:7d:21:07:3f:
         ee:8c:e6:fe:6b:1d:5e:29:18:ec:fa:c6:11:09:84:c1:4a:fe:
         d3:51:e9:4d:ac:17:f0:6d:27:cc:20:b3:8c:a3:91:f5:88:43:
         48:6c:bc:e4:da:4d:da:28:74:45:d0:0c:ff:e2:37:c9:c3:5a:
         bb:d9:a4:25:ef:2a:f1:dc:2d:4e:ec:ec:47:76:f1:6a:f5:8d:
         97:d6:2f:37:43:b5:9e:58:7c:29:cd:9a:98:78:59:a9:07:19:
         55:f8:b3:d1:26:01:2a:46:29:32:03:b9:d4:6e:62:47:af:58:
         0a:f4:e9:08:d8:92:b8:8f:60:fd:ac:e4:f0:7e:67:c9:c6:58:
         ae:39:89:28:77:12:06:f2:f8:0c:e2:5d:74:71:20:0f:d7:85:
         20:4f:6f:4f:1a:5f:71:ae:7a:4e:c5:5a:1e:19:90:f7:16:a5:
         e6:df:9f:ce:81:7b:d6:cb:91:10:2c:30:a3:c8:f5:68:bf:11:
         57:e6:e9:a9:63:b8:35:49:b0:6e:f9:31:7e:4e:6d:3b:55:36:
         1e:cb:db:79:e7:ca:7b:10:e4:21:43:94:6e:5d:98:85:66:33:
         85:83:da:0c:92:1c:63:28:d6:a1:e2:08:59:ea:d6:e4:84:c9:
         9e:36:82:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTv9Ql9FNtF6Rtd2ESn2EQV+5ZQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwOTI2MTgwMDA0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MmM3MDc3ZWE2NTU4YTA5MjBiNmE2ZDZlZjAzMWFhZGEz
ZGNmOWUxYTQxNDMyZWQxZjQ4NGZhNTRlOTFiNGU4MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwmYu9t8qIyPOPLTwkgszrMwsVG7FKFbP3Fq/mDczq9GZh
h6sDe2n1mXXStGo71gMJyGvHrthH+dsvQ2d38iLDaDaDDT1fzS2vNsZvzIRLnl7B
5dddg17nxip1a99AazBRR8C8Xxs4uzZGHuH2BnZTayH1lt9+Nqf117rRs4ZmtV25
Pn63S05lf0GKi39ll9e372lMGB2KO2v94Rwqrb4cOW8TKlMrgRwrZxQ6Be5hoQ5X
t2chnbs17aj5p8EQw+cz2ujI9H/s9OwOVyk7vb47LrNCYRGZ7ZjQ64lw6su7s1UH
k3045qo52AJyIGatjTOXx8Rc37sO5bXuB5533V5VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOzS26AmNe3xw9JwgtN+BmPbE39gwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzkzZGEzMTJjLTlhODctNDgwMi1hZTZkLWU3ODRmNzRjMTMxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAQwDQYJKoZIhvcNAQELBQADggEBAI+hqXSCIewOjcjWCeJ9fSEHP+6M
5v5rHV4pGOz6xhEJhMFK/tNR6U2sF/BtJ8wgs4yjkfWIQ0hsvOTaTdoodEXQDP/i
N8nDWrvZpCXvKvHcLU7s7Ed28Wr1jZfWLzdDtZ5YfCnNmph4WakHGVX4s9EmASpG
KTIDudRuYkevWAr06QjYkriPYP2s5PB+Z8nGWK45iSh3Egby+AziXXRxIA/XhSBP
b08aX3Guek7FWh4ZkPcWpebfn86Be9bLkRAsMKPI9Wi/EVfm6aljuDVJsG75MX5O
bTtVNh7L23nnynsQ5CFDlG5dmIVmM4WD2gySHGMo1qHiCFnq1uSEyZ42gp8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:18:54 2025 by rpki-client