Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/b326c7a6-462a-48ed-a5a5-2dd5652bb7dd.roa
File:                     b326c7a6-462a-48ed-a5a5-2dd5652bb7dd.roa (raw, json)
Hash identifier:          PHwZ/PDMKsAqg/KhrSicFj/k3ECp6DOAA2XzyAtzorI=
Subject key identifier:   C5:90:5A:AD:69:36:28:EB:B7:BE:06:A5:6C:19:A2:52:0A:3A:46:D8
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       55B2E17AC3D255D4E66613DB408DDB121BCB8D08
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/b326c7a6-462a-48ed-a5a5-2dd5652bb7dd.roa
Signing time:             Fri 26 Sep 2025 18:00:10 +0000
ROA not before:           Fri 26 Sep 2025 18:00:10 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:b2:e1:7a:c3:d2:55:d4:e6:66:13:db:40:8d:db:12:1b:cb:8d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Sep 26 18:00:10 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=bcc2d5fb6fc873a34f242727f416e0e5bc7490b718cd94408a651134b3a1b022, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cb:10:30:6d:d8:fb:e8:6d:08:ac:b1:73:e8:
                    2b:7c:3d:d4:91:95:5f:ae:f8:99:9b:47:ec:d4:41:
                    45:08:d7:f0:4f:4b:3e:1a:73:d9:33:a4:3d:f6:9e:
                    a6:2a:17:c5:2d:57:aa:3d:0f:76:27:bf:7b:7e:a3:
                    04:de:3f:41:c4:16:df:b9:69:74:d7:86:18:47:61:
                    78:f8:60:bb:de:0a:f4:33:67:4b:37:4b:78:9e:c5:
                    9b:65:a3:2d:96:01:b4:08:ec:2b:2b:30:1c:5e:c0:
                    95:2b:ae:b8:08:e9:94:4b:0a:7d:63:0e:3c:3c:40:
                    a7:76:bd:e3:1a:2c:6d:84:3c:61:06:0a:68:a9:92:
                    7b:f3:30:92:34:46:d0:40:e8:32:2b:78:b2:e9:7d:
                    90:d4:04:54:ad:82:b5:2f:93:0e:23:b0:91:c4:32:
                    a7:07:69:b6:fd:6f:91:27:19:01:ab:89:fb:7a:92:
                    76:dd:50:3a:a8:a5:d7:9a:0a:36:cd:f7:4a:a0:60:
                    5f:f3:6a:97:4d:80:c2:60:a0:ad:5c:3f:c0:d4:41:
                    a0:5d:49:91:cc:d4:95:17:a9:1f:a6:5b:8f:da:ad:
                    aa:4d:42:54:6d:e8:4c:0e:ec:5a:e7:8b:bc:41:e7:
                    0f:d2:66:e6:e4:61:14:81:3d:b7:47:3a:b6:74:16:
                    5d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:90:5A:AD:69:36:28:EB:B7:BE:06:A5:6C:19:A2:52:0A:3A:46:D8
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/b326c7a6-462a-48ed-a5a5-2dd5652bb7dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:ed:01:da:00:57:3f:bf:74:73:7e:e5:74:5d:f9:4a:f7:48:
         3b:99:88:15:47:f6:70:ae:82:22:d4:eb:c2:d6:1b:d9:6f:92:
         c4:ae:ba:d5:d1:ad:f5:86:0c:3e:03:cc:07:05:ef:5c:a5:06:
         8c:16:fe:24:10:d9:86:be:8e:e3:26:c9:9e:0f:cc:2e:81:03:
         70:51:ae:6b:8e:00:31:00:86:c4:f2:7e:d3:c8:96:d7:cd:3a:
         84:c0:c7:68:41:cf:af:6e:3f:2a:83:b3:d6:e7:fe:25:9b:5b:
         a6:8d:41:29:98:aa:34:bc:03:6f:d9:54:fb:c4:30:25:70:99:
         a9:0c:f2:cc:28:95:fb:63:d4:f4:68:bb:2c:76:b8:33:19:41:
         7d:e9:df:e5:c3:63:12:24:c6:94:e2:f8:52:ce:28:fd:56:ef:
         98:d1:8d:d9:67:90:85:03:e0:5a:f7:ca:74:41:54:d2:da:b8:
         15:a8:82:13:17:2c:97:52:aa:2b:e9:09:f0:7c:bb:e7:f7:dd:
         1a:12:7e:55:68:f3:98:35:6a:fd:01:4e:86:53:46:3b:19:dd:
         fa:73:20:aa:bc:c3:e4:d2:77:f8:b8:01:71:63:bf:78:af:98:
         39:81:ee:25:23:37:54:61:be:4c:bd:a9:fc:34:1c:61:5d:cb:
         74:78:ff:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVbLhesPSVdTmZhPbQI3bEhvLjQgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwOTI2MTgwMDEwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2MyZDVmYjZmYzg3M2EzNGYyNDI3MjdmNDE2ZTBlNWJj
NzQ5MGI3MThjZDk0NDA4YTY1MTEzNGIzYTFiMDIyMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIyxAwbdj76G0IrLFz6Ct8PdSRlV+u+JmbR+zUQUUI1/BP
Sz4ac9kzpD32nqYqF8UtV6o9D3Ynv3t+owTeP0HEFt+5aXTXhhhHYXj4YLveCvQz
Z0s3S3iexZtloy2WAbQI7CsrMBxewJUrrrgI6ZRLCn1jDjw8QKd2veMaLG2EPGEG
CmipknvzMJI0RtBA6DIreLLpfZDUBFStgrUvkw4jsJHEMqcHabb9b5EnGQGrift6
knbdUDqopdeaCjbN90qgYF/zapdNgMJgoK1cP8DUQaBdSZHM1JUXqR+mW4/arapN
QlRt6EwO7Frni7xB5w/SZubkYRSBPbdHOrZ0Fl0HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxZBarWk2KOu3vgalbBmiUgo6RtgwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2IzMjZjN2E2LTQ2MmEtNDhlZC1hNWE1LTJkZDU2NTJiYjdkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYC8wDQYJKoZIhvcNAQELBQADggEBABHtAdoAVz+/dHN+5XRd+Ur3SDuZ
iBVH9nCugiLU68LWG9lvksSuutXRrfWGDD4DzAcF71ylBowW/iQQ2Ya+juMmyZ4P
zC6BA3BRrmuOADEAhsTyftPIltfNOoTAx2hBz69uPyqDs9bn/iWbW6aNQSmYqjS8
A2/ZVPvEMCVwmakM8swolftj1PRouyx2uDMZQX3p3+XDYxIkxpTi+FLOKP1W75jR
jdlnkIUD4Fr3ynRBVNLauBWoghMXLJdSqivpCfB8u+f33RoSflVo85g1av0BToZT
RjsZ3fpzIKq8w+TSd/i4AXFjv3ivmDmB7iUjN1Rhvky9qfw0HGFdy3R4/7Q=
-----END CERTIFICATE-----