Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/9fcd9d6a-7272-4c1e-b46c-cc94e58322e4.roa
File:                     9fcd9d6a-7272-4c1e-b46c-cc94e58322e4.roa (raw, json)
Hash identifier:          N/qtFFav//eGOnndohE2emp6c+5o+ZbPFM4bgabgLA0=
Subject key identifier:   A8:E2:B6:20:EF:F9:47:6E:92:B0:52:EB:EE:52:DB:EB:57:85:3C:F8
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       13ACEA35E0E0D77E030191240163F1139DB8D6E8
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/9fcd9d6a-7272-4c1e-b46c-cc94e58322e4.roa
Signing time:             Tue 19 Aug 2025 16:40:21 +0000
ROA not before:           Tue 19 Aug 2025 16:40:21 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ac:ea:35:e0:e0:d7:7e:03:01:91:24:01:63:f1:13:9d:b8:d6:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Aug 19 16:40:21 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=a1a2a1c5ecbe9f0d662c3f168c9af868da99d9ce82a771451d05122b43e5dd70, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c8:f8:23:cb:c3:0b:d9:d8:a4:42:d3:77:21:
                    32:6a:ce:82:91:32:70:4c:97:bf:c1:e2:78:e6:8e:
                    f0:37:63:b0:93:8a:03:89:39:c1:7a:5c:97:15:36:
                    e5:f3:b2:e8:4e:07:db:7a:28:3f:99:6e:40:1d:be:
                    f9:c6:77:53:38:cf:f3:38:cb:94:eb:93:4c:d5:d4:
                    38:95:bb:c2:a7:23:48:3b:2e:74:ed:cb:60:03:1d:
                    6d:3b:e5:cc:cd:d0:83:27:6d:3c:35:1d:a5:29:22:
                    54:ee:22:b3:5e:eb:8a:4c:dc:df:f0:38:76:bb:5b:
                    b7:b4:01:df:3f:07:97:3d:d1:9b:49:cf:0b:24:ae:
                    b0:4a:a0:fd:94:ab:9f:d8:56:cc:d1:37:ff:23:74:
                    2d:70:a5:ba:e0:fb:18:2d:63:c9:f2:22:09:a9:69:
                    e0:b7:a8:88:72:2d:b2:26:d9:2e:dc:e2:bb:95:91:
                    69:b3:ac:49:25:2b:ab:33:b9:57:69:bc:42:1c:7f:
                    c4:fd:6f:f8:c6:db:0c:8c:fc:88:64:c5:c8:46:12:
                    33:ad:33:9f:c8:97:9e:58:f5:f2:3a:25:8b:7e:81:
                    0c:88:42:36:fc:fa:48:05:65:4d:56:d8:78:6a:a9:
                    bf:d5:3f:59:69:a8:41:f0:30:3c:a3:6c:fb:86:a4:
                    b5:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E2:B6:20:EF:F9:47:6E:92:B0:52:EB:EE:52:DB:EB:57:85:3C:F8
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/9fcd9d6a-7272-4c1e-b46c-cc94e58322e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:26:6d:70:d0:b0:62:f2:14:ed:ac:86:4d:11:65:f5:e2:77:
         50:21:05:50:2a:1a:7b:69:0a:a3:79:db:37:88:cd:13:dc:6d:
         a7:21:0b:2d:c6:23:52:3c:23:39:07:23:b4:78:45:79:87:4a:
         bd:ad:c5:55:f5:27:24:5b:3a:c0:5d:f8:5c:57:ef:13:f1:67:
         bd:95:73:56:1c:ba:d1:ef:25:cb:d0:e4:86:53:4d:a0:9f:6a:
         7a:9d:79:d8:d8:09:00:96:66:8e:ed:d0:ef:58:20:51:9c:4e:
         26:ec:bb:00:72:40:c5:f7:be:c9:f1:8a:79:c6:5e:3e:69:9e:
         6f:6d:19:25:26:52:eb:e8:e9:98:2d:e2:4b:9f:ff:f8:2b:20:
         fc:44:51:4f:aa:dd:6a:9c:8d:52:cf:43:c1:da:27:88:98:b7:
         5b:e6:11:2e:ec:71:9a:71:78:65:30:a9:8a:9c:b1:76:d7:76:
         24:2a:66:bd:25:27:d0:54:2d:4c:a1:a6:18:2a:2a:bb:3f:d5:
         66:59:9e:ad:cb:92:b3:e0:39:9e:da:66:8d:e6:28:d9:ce:d0:
         2c:78:f6:2c:a7:fe:ff:1a:79:58:79:d5:9d:b0:09:d2:f6:32:
         5d:05:e2:8c:aa:86:87:74:6c:d1:10:11:bb:14:e4:b1:90:6d:
         1d:1e:0e:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE6zqNeDg134DAZEkAWPxE5241ugwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwODE5MTY0MDIxWhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMWEyYTFjNWVjYmU5ZjBkNjYyYzNmMTY4YzlhZjg2OGRh
OTlkOWNlODJhNzcxNDUxZDA1MTIyYjQzZTVkZDcwMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1yPgjy8ML2dikQtN3ITJqzoKRMnBMl7/B4njmjvA3Y7CT
igOJOcF6XJcVNuXzsuhOB9t6KD+ZbkAdvvnGd1M4z/M4y5Trk0zV1DiVu8KnI0g7
LnTty2ADHW075czN0IMnbTw1HaUpIlTuIrNe64pM3N/wOHa7W7e0Ad8/B5c90ZtJ
zwskrrBKoP2Uq5/YVszRN/8jdC1wpbrg+xgtY8nyIgmpaeC3qIhyLbIm2S7c4ruV
kWmzrEklK6szuVdpvEIcf8T9b/jG2wyM/IhkxchGEjOtM5/Il55Y9fI6JYt+gQyI
Qjb8+kgFZU1W2Hhqqb/VP1lpqEHwMDyjbPuGpLWHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqOK2IO/5R26SsFLr7lLb61eFPPgwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzlmY2Q5ZDZhLTcyNzItNGMxZS1iNDZjLWNjOTRlNTgzMjJlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAwwDQYJKoZIhvcNAQELBQADggEBAAEmbXDQsGLyFO2shk0RZfXid1Ah
BVAqGntpCqN52zeIzRPcbachCy3GI1I8IzkHI7R4RXmHSr2txVX1JyRbOsBd+FxX
7xPxZ72Vc1YcutHvJcvQ5IZTTaCfanqdedjYCQCWZo7t0O9YIFGcTibsuwByQMX3
vsnxinnGXj5pnm9tGSUmUuvo6Zgt4kuf//grIPxEUU+q3WqcjVLPQ8HaJ4iYt1vm
ES7scZpxeGUwqYqcsXbXdiQqZr0lJ9BULUyhphgqKrs/1WZZnq3LkrPgOZ7aZo3m
KNnO0Cx49iyn/v8aeVh51Z2wCdL2Ml0F4oyqhod0bNEQEbsU5LGQbR0eDno=
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:15:42 2025 by rpki-client