Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/fecb6982-06d4-4bb4-a59c-59982eb1b971.roa
File:                     fecb6982-06d4-4bb4-a59c-59982eb1b971.roa (raw, json)
Hash identifier:          +SA7It1dqC89jD66A8vkqKcydD01+8a1hxDHERkUL/U=
Subject key identifier:   76:EA:10:3C:B1:1F:DD:25:44:47:AF:2B:3E:8F:6F:40:BB:23:88:E6
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       501BB1AE63EC0D8CCF3A2C13528710389BCCA57E
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/fecb6982-06d4-4bb4-a59c-59982eb1b971.roa
Signing time:             Tue 24 Jun 2025 15:00:08 +0000
ROA not before:           Tue 24 Jun 2025 15:00:08 +0000
ROA not after:            Tue 29 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:1b:b1:ae:63:ec:0d:8c:cf:3a:2c:13:52:87:10:38:9b:cc:a5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jun 24 15:00:08 2025 GMT
            Not After : Jul 29 23:59:59 2025 GMT
        Subject: serialNumber=db6c2f2aa7591bf3948542bc0ba6c53ed41290cb8e0bb9f7c32015012d9b9780, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e2:7a:ff:4b:92:25:d2:9c:be:56:8d:ef:65:
                    69:81:14:78:63:29:68:a0:43:2d:4a:76:25:d3:28:
                    6c:38:6d:18:c2:cc:51:5e:bb:bd:fd:14:49:b1:1a:
                    50:17:46:8f:7b:38:81:05:64:77:61:e6:de:1b:79:
                    bc:80:cc:e9:c2:10:71:41:33:17:80:73:68:34:a8:
                    3a:10:f8:70:51:0b:04:f0:42:fd:fa:f1:7d:35:84:
                    38:a1:8d:59:5f:f3:8b:45:dd:ce:93:ec:62:e0:10:
                    9e:e5:7b:b2:54:f6:c6:8d:fb:fa:87:7e:a4:2c:63:
                    f5:b6:a7:00:93:f1:e0:aa:97:be:32:5e:c9:96:0e:
                    50:c9:a5:76:79:08:9f:8f:b7:14:2f:67:b9:46:48:
                    dc:f9:df:aa:b6:65:3e:62:0b:eb:a3:d2:32:38:51:
                    a6:7e:a8:93:3c:2e:d9:ce:f7:75:08:bf:bb:74:3b:
                    7e:ce:4e:19:90:c9:7a:a7:33:0c:93:a3:e1:f4:98:
                    fa:66:e0:02:80:d8:9d:da:da:9b:45:7f:b9:0f:43:
                    33:9a:0d:8b:7f:60:d6:5e:21:2c:c7:29:d8:96:af:
                    dd:ff:18:d1:8a:76:61:f4:07:88:01:ae:cb:2c:c9:
                    17:05:f6:ec:1f:bb:41:57:81:18:2a:b1:19:91:64:
                    cb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:EA:10:3C:B1:1F:DD:25:44:47:AF:2B:3E:8F:6F:40:BB:23:88:E6
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/fecb6982-06d4-4bb4-a59c-59982eb1b971.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:0e:7c:da:5b:7c:23:5e:da:02:9b:8d:07:2a:bc:cc:97:bb:
         6c:19:21:5d:98:57:10:e2:a0:34:cc:86:39:1e:ce:9a:6c:4b:
         bd:12:04:16:45:18:1e:86:c1:9f:8b:13:b2:58:66:c5:6a:ce:
         ae:9d:02:bc:53:a9:e3:e8:35:47:3b:bb:17:36:90:41:96:47:
         9c:32:f4:c6:41:56:6f:67:9e:0c:85:8d:20:5d:d1:16:af:19:
         53:92:73:96:3f:99:bd:7a:38:df:0c:07:92:80:51:9b:e9:4c:
         22:5f:94:d1:81:47:79:95:08:96:69:8d:17:d6:79:c4:f9:bf:
         1f:93:01:3e:35:95:4d:b7:1e:d2:15:ed:76:60:74:3b:97:14:
         88:34:d5:49:3d:0c:e0:ae:e7:a0:c4:d9:65:ac:aa:12:33:16:
         03:0a:fd:5b:00:08:6e:7b:e1:4a:fa:90:c7:1e:75:bf:52:17:
         53:e5:28:22:97:b2:56:56:99:77:21:9c:d3:73:ff:12:53:52:
         35:8f:6e:d5:af:b7:d1:90:b7:8f:57:2e:90:29:f3:ae:bd:03:
         9c:ba:10:75:00:8b:a0:93:38:29:09:a5:c5:21:69:20:cd:99:
         43:fe:e9:38:33:f8:d4:e5:01:ed:82:75:ba:60:bb:e6:e2:bd:
         cd:01:53:a9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUBuxrmPsDYzPOiwTUocQOJvMpX4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNjI0MTUwMDA4WhcNMjUwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjZjMmYyYWE3NTkxYmYzOTQ4NTQyYmMwYmE2YzUzZWQ0
MTI5MGNiOGUwYmI5ZjdjMzIwMTUwMTJkOWI5NzgwMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc4nr/S5Il0py+Vo3vZWmBFHhjKWigQy1KdiXTKGw4bRjC
zFFeu739FEmxGlAXRo97OIEFZHdh5t4bebyAzOnCEHFBMxeAc2g0qDoQ+HBRCwTw
Qv368X01hDihjVlf84tF3c6T7GLgEJ7le7JU9saN+/qHfqQsY/W2pwCT8eCql74y
XsmWDlDJpXZ5CJ+PtxQvZ7lGSNz536q2ZT5iC+uj0jI4UaZ+qJM8LtnO93UIv7t0
O37OThmQyXqnMwyTo+H0mPpm4AKA2J3a2ptFf7kPQzOaDYt/YNZeISzHKdiWr93/
GNGKdmH0B4gBrsssyRcF9uwfu0FXgRgqsRmRZMutAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUduoQPLEf3SVER68rPo9vQLsjiOYwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2ZlY2I2OTgyLTA2ZDQtNGJiNC1hNTljLTU5OTgyZWIxYjk3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEjYB4wDQYJKoZIhvcNAQELBQADggEBAJwOfNpbfCNe2gKbjQcqvMyXu2wZ
IV2YVxDioDTMhjkezppsS70SBBZFGB6GwZ+LE7JYZsVqzq6dArxTqePoNUc7uxc2
kEGWR5wy9MZBVm9nngyFjSBd0RavGVOSc5Y/mb16ON8MB5KAUZvpTCJflNGBR3mV
CJZpjRfWecT5vx+TAT41lU23HtIV7XZgdDuXFIg01Uk9DOCu56DE2WWsqhIzFgMK
/VsACG574Ur6kMcedb9SF1PlKCKXslZWmXchnNNz/xJTUjWPbtWvt9GQt49XLpAp
8669A5y6EHUAi6CTOCkJpcUhaSDNmUP+6Tgz+NTlAe2Cdbpgu+bivc0BU6k=
-----END CERTIFICATE-----