Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bfd96660-29cf-4054-a14e-cd48975d08b4.roa
File:                     bfd96660-29cf-4054-a14e-cd48975d08b4.roa (raw, json)
Hash identifier:          /qCwBJ8o2wt7r3nm8MoEBm0SGqYwKxlpRXoWBzuJiFU=
Subject key identifier:   02:72:CA:CF:35:C0:F6:41:74:13:70:BE:BB:E0:4A:72:76:DF:22:91
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       113D7547D646B797976B16448C1F6C818AD1B7DB
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bfd96660-29cf-4054-a14e-cd48975d08b4.roa
Signing time:             Mon 06 Oct 2025 17:37:39 +0000
ROA not before:           Mon 06 Oct 2025 17:37:39 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.24.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:3d:75:47:d6:46:b7:97:97:6b:16:44:8c:1f:6c:81:8a:d1:b7:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Oct  6 17:37:39 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=22536b7ca69440be2417970aa8a8133dbaaac4280bf2016b1fe310d318104dbc, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:60:75:ea:f3:39:9e:55:60:41:03:1b:fc:9d:
                    b2:61:a9:64:27:03:95:89:b0:b8:60:21:60:ea:9a:
                    fc:4f:56:f3:8e:a8:7f:52:1f:ea:bb:45:28:05:b1:
                    c6:f3:fb:7d:c0:79:9f:fd:67:7e:73:f0:3e:5d:2f:
                    a1:a5:66:ad:92:49:03:6a:88:15:57:17:e6:08:80:
                    60:52:ea:ef:7d:f3:51:9f:66:c8:ce:06:e3:e7:62:
                    36:17:5c:1a:52:89:32:1a:fa:e3:08:77:6a:69:c7:
                    a2:4d:ea:ba:78:fd:60:32:c9:7f:d0:8f:83:93:14:
                    fe:29:f9:81:0e:bc:4a:9f:83:f1:47:c6:45:93:9b:
                    ff:e0:83:78:42:48:e4:20:c4:97:48:04:23:ca:a6:
                    1f:aa:b3:c7:74:b0:fa:d0:a9:7f:2b:f6:57:0b:63:
                    5a:53:03:1e:60:43:d0:e0:8d:93:8c:95:46:3f:cb:
                    31:26:df:0c:24:2b:59:db:92:d7:f6:05:17:1d:67:
                    2a:3a:fd:c9:08:ed:19:a1:81:9f:b8:68:80:2f:c5:
                    0a:ce:f2:11:83:24:52:7d:29:9e:43:2d:f0:43:95:
                    60:44:d5:24:39:71:46:8f:c4:dd:09:86:1f:f4:f8:
                    b8:e0:b0:1d:ee:4a:0d:ce:25:e2:48:bc:f3:ed:1b:
                    18:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:72:CA:CF:35:C0:F6:41:74:13:70:BE:BB:E0:4A:72:76:DF:22:91
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bfd96660-29cf-4054-a14e-cd48975d08b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:ab:ae:d8:71:93:0d:ad:ba:7e:1d:2b:2b:cd:ab:c6:e7:e4:
         84:14:71:24:20:1d:91:f4:61:0c:10:69:6e:a2:97:d4:ff:c3:
         a3:20:73:66:b7:d8:01:29:1e:67:93:83:a4:be:70:2f:cb:f3:
         1b:c2:1e:53:16:97:1d:09:d0:a0:cb:bd:bd:80:29:a1:00:c0:
         d2:a6:c6:68:0a:c9:37:25:9f:84:55:e3:bc:7a:b1:e7:1f:e2:
         6b:be:b9:b7:a1:68:16:4b:49:46:dd:87:02:5f:31:2f:46:63:
         cd:dc:c6:49:83:a6:cf:49:7f:97:a0:fa:4a:06:c2:85:8a:69:
         93:dd:66:64:8e:10:e2:dc:36:0c:4e:c5:03:e4:b1:cb:50:00:
         8e:48:cd:c5:8d:e0:5e:96:a9:71:b4:74:6b:82:e8:8f:44:52:
         09:d9:29:7c:b3:ad:a6:cf:9d:15:d5:b7:0a:9b:68:5a:f9:f3:
         84:42:e8:e2:36:f9:b4:65:b2:4b:cd:83:d5:1c:7d:73:be:45:
         b5:56:1c:08:05:af:11:f7:c3:51:83:89:d8:aa:f4:0c:fc:4d:
         0d:5e:7e:bf:45:13:9d:b1:f8:dc:39:9f:fa:4e:70:06:d6:2b:
         28:8e:93:88:20:fd:bd:88:b8:a4:61:a8:cd:07:4e:2d:1d:9f:
         97:bc:66:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUET11R9ZGt5eXaxZEjB9sgYrRt9swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUxMDA2MTczNzM5WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjUzNmI3Y2E2OTQ0MGJlMjQxNzk3MGFhOGE4MTMzZGJh
YWFjNDI4MGJmMjAxNmIxZmUzMTBkMzE4MTA0ZGJjMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJYHXq8zmeVWBBAxv8nbJhqWQnA5WJsLhgIWDqmvxPVvOO
qH9SH+q7RSgFscbz+33AeZ/9Z35z8D5dL6GlZq2SSQNqiBVXF+YIgGBS6u9981Gf
ZsjOBuPnYjYXXBpSiTIa+uMId2ppx6JN6rp4/WAyyX/Qj4OTFP4p+YEOvEqfg/FH
xkWTm//gg3hCSOQgxJdIBCPKph+qs8d0sPrQqX8r9lcLY1pTAx5gQ9DgjZOMlUY/
yzEm3wwkK1nbktf2BRcdZyo6/ckI7RmhgZ+4aIAvxQrO8hGDJFJ9KZ5DLfBDlWBE
1SQ5cUaPxN0Jhh/0+LjgsB3uSg3OJeJIvPPtGxgTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAnLKzzXA9kF0E3C+u+BKcnbfIpEwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2JmZDk2NjYwLTI5Y2YtNDA1NC1hMTRlLWNkNDg5NzVkMDhiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEjYBgwDQYJKoZIhvcNAQELBQADggEBAHGrrthxkw2tun4dKyvNq8bn5IQU
cSQgHZH0YQwQaW6il9T/w6Mgc2a32AEpHmeTg6S+cC/L8xvCHlMWlx0J0KDLvb2A
KaEAwNKmxmgKyTcln4RV47x6secf4mu+ubehaBZLSUbdhwJfMS9GY83cxkmDps9J
f5eg+koGwoWKaZPdZmSOEOLcNgxOxQPksctQAI5IzcWN4F6WqXG0dGuC6I9EUgnZ
KXyzrabPnRXVtwqbaFr584RC6OI2+bRlskvNg9UcfXO+RbVWHAgFrxH3w1GDidiq
9Az8TQ1efr9FE52x+Nw5n/pOcAbWKyiOk4gg/b2IuKRhqM0HTi0dn5e8ZvM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:59:08 2025 by rpki-client