Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2800c70c-6ec1-4d86-a916-4850deb2dfaa.roa
File:                     2800c70c-6ec1-4d86-a916-4850deb2dfaa.roa (raw, json)
Hash identifier:          a3wLGVbLeTAqyMCMXsGAumk/Z15VBmHUtDTCaS2/0iI=
Subject key identifier:   FD:EF:3D:3F:B7:7C:D0:E3:84:D4:BF:AA:FC:5B:B9:25:89:3D:F3:19
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       55C85B85267EA6E97A942B0FA88C8D0C09FA1D5D
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2800c70c-6ec1-4d86-a916-4850deb2dfaa.roa
Signing time:             Tue 04 Nov 2025 00:30:16 +0000
ROA not before:           Tue 04 Nov 2025 00:30:16 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c8:5b:85:26:7e:a6:e9:7a:94:2b:0f:a8:8c:8d:0c:09:fa:1d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Nov  4 00:30:16 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=0afbf00a90f388d978a2bb53d75359393c5e0eb05389883dad14801099be59b0, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fa:97:47:dd:31:a8:6f:6c:04:7b:c4:cd:e4:
                    b5:1a:63:18:87:b7:e8:c0:6d:f5:73:af:67:8e:93:
                    62:8e:39:28:48:81:a0:13:d7:33:47:cb:d3:e5:ec:
                    df:c8:73:8e:aa:b6:88:06:04:ad:64:f7:1b:48:c5:
                    5c:0c:eb:8c:5f:60:90:ca:cd:d7:e1:2e:96:27:4b:
                    b6:c0:78:2a:29:04:4f:dc:8b:2d:2c:d3:b7:d1:be:
                    3d:08:b1:da:60:db:49:b3:46:0d:06:a9:7a:13:bd:
                    83:7f:68:90:17:db:ae:71:97:ec:84:7e:93:cd:5b:
                    23:f1:17:8f:66:fa:c6:58:d7:73:64:1b:5f:dc:c4:
                    16:e0:d5:e3:35:62:fa:19:a7:28:e3:c9:22:eb:2c:
                    04:85:6f:51:5f:71:ec:49:6f:20:8b:c2:ba:98:00:
                    f2:65:2f:c4:01:90:59:8c:67:9b:90:38:b0:29:23:
                    91:cc:55:7a:43:da:f6:88:ba:0a:7c:64:28:4b:2a:
                    25:ea:5a:95:e0:22:45:a7:25:1a:68:bb:41:be:1d:
                    e4:d7:05:72:71:96:2a:6c:7e:a3:97:0b:7d:d2:f7:
                    ca:a6:76:e6:23:8b:ff:0d:f3:cf:89:fe:75:9b:ba:
                    a3:fc:ac:6b:4e:f3:d1:ca:ff:77:0e:60:e7:6b:e6:
                    e1:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EF:3D:3F:B7:7C:D0:E3:84:D4:BF:AA:FC:5B:B9:25:89:3D:F3:19
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2800c70c-6ec1-4d86-a916-4850deb2dfaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:70:95:b8:c6:73:77:94:b5:e7:0f:6f:ef:f5:f6:3d:de:40:
         1c:9f:bd:bc:50:c2:b8:65:8c:88:c5:17:55:8e:11:28:37:ea:
         d9:6e:e3:ef:18:76:02:10:36:a8:1d:59:57:21:41:a1:f0:b6:
         65:79:d9:97:47:3d:5d:7d:ec:6d:e8:1d:0d:fa:7d:ca:15:da:
         9b:62:38:f7:53:87:ce:21:2d:32:8a:c1:82:0b:32:bd:aa:93:
         47:40:05:4b:ec:fd:d9:b0:5c:44:fc:b0:6b:ae:ae:6d:96:1c:
         a8:94:95:30:78:0d:ec:b2:f1:19:a6:f4:01:6b:08:6b:6e:47:
         53:b1:e7:50:0c:e6:40:3e:ee:e5:3f:ff:a7:94:4a:91:fa:a7:
         07:1f:41:88:b9:55:d6:fe:8f:0d:de:d5:bb:b7:ec:8a:33:02:
         a7:b5:14:45:a1:29:71:5a:74:ff:b0:54:07:2e:c2:c3:3f:2b:
         2a:1e:5c:5e:94:0f:20:2f:f7:d4:05:38:89:59:b4:82:ae:d2:
         69:05:05:3e:4e:32:9f:33:0d:cd:3c:bd:c2:79:03:bd:38:8c:
         3c:36:98:f8:72:38:20:9d:9e:f6:ac:08:a7:27:e9:a9:ed:a2:
         38:13:12:49:9a:a5:60:b3:41:93:d8:97:2b:13:74:9a:c0:91:
         5c:c3:9a:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVchbhSZ+pul6lCsPqIyNDAn6HV0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUxMTA0MDAzMDE2WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWZiZjAwYTkwZjM4OGQ5NzhhMmJiNTNkNzUzNTkzOTNj
NWUwZWIwNTM4OTg4M2RhZDE0ODAxMDk5YmU1OWIwMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp+pdH3TGob2wEe8TN5LUaYxiHt+jAbfVzr2eOk2KOOShI
gaAT1zNHy9Pl7N/Ic46qtogGBK1k9xtIxVwM64xfYJDKzdfhLpYnS7bAeCopBE/c
iy0s07fRvj0Isdpg20mzRg0GqXoTvYN/aJAX265xl+yEfpPNWyPxF49m+sZY13Nk
G1/cxBbg1eM1YvoZpyjjySLrLASFb1FfcexJbyCLwrqYAPJlL8QBkFmMZ5uQOLAp
I5HMVXpD2vaIugp8ZChLKiXqWpXgIkWnJRpou0G+HeTXBXJxlipsfqOXC33S98qm
duYji/8N88+J/nWbuqP8rGtO89HK/3cOYOdr5uHTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/e89P7d80OOE1L+q/Fu5JYk98xkwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzI4MDBjNzBjLTZlYzEtNGQ4Ni1hOTE2LTQ4NTBkZWIyZGZhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYAgwDQYJKoZIhvcNAQELBQADggEBADRwlbjGc3eUtecPb+/19j3eQByf
vbxQwrhljIjFF1WOESg36tlu4+8YdgIQNqgdWVchQaHwtmV52ZdHPV197G3oHQ36
fcoV2ptiOPdTh84hLTKKwYILMr2qk0dABUvs/dmwXET8sGuurm2WHKiUlTB4Deyy
8Rmm9AFrCGtuR1Ox51AM5kA+7uU//6eUSpH6pwcfQYi5Vdb+jw3e1bu37IozAqe1
FEWhKXFadP+wVAcuwsM/KyoeXF6UDyAv99QFOIlZtIKu0mkFBT5OMp8zDc08vcJ5
A704jDw2mPhyOCCdnvasCKcn6antojgTEkmapWCzQZPYlysTdJrAkVzDmh4=
-----END CERTIFICATE-----