Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa
File:                     2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa (raw, json)
Hash identifier:          HA3cMiT91tCT9EuYC8YxpMJKYBZOM2cPDcDRD2HYo7E=
Subject key identifier:   E7:F8:45:E6:67:31:60:85:15:0B:50:1D:45:7B:76:03:5A:5A:C1:8C
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       1DFAFDC0225445FBE525256706F593B8236AD5C6
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa
Signing time:             Mon 21 Jul 2025 16:30:17 +0000
ROA not before:           Mon 21 Jul 2025 16:30:17 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     801
IP address blocks:        35.96.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:fa:fd:c0:22:54:45:fb:e5:25:25:67:06:f5:93:b8:23:6a:d5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jul 21 16:30:17 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=9a781211bf00d6a8d1850570748ca6ed48ca65a6f083e50c3980e733b9f41718, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:df:3c:ed:19:d7:49:10:33:a9:d5:97:13:3e:
                    aa:2d:00:b5:aa:1c:6e:07:d5:24:db:7b:01:7c:6e:
                    09:2a:ce:c4:0c:76:5e:d0:b5:dd:8f:7b:5d:8c:3d:
                    79:41:20:5f:d3:c3:2c:8d:90:09:30:99:6a:8a:62:
                    9b:32:7c:2c:09:07:ab:b8:c2:7f:31:7f:66:90:66:
                    1a:b3:88:54:4d:27:f9:61:82:4f:5c:24:08:26:74:
                    df:9c:37:39:79:0e:26:dd:63:3e:88:5f:1a:96:c0:
                    eb:bf:c2:04:bf:23:7f:8c:4f:06:55:cf:ea:9f:57:
                    79:5b:eb:a0:ee:87:94:4f:71:d3:ef:4f:17:8d:89:
                    66:60:17:84:34:f7:1f:19:86:4d:aa:56:62:21:c3:
                    dc:1a:1d:8e:6a:b8:7b:13:55:63:a1:fb:64:a5:8f:
                    28:82:fd:26:88:8e:f8:1d:af:1b:00:48:c8:f7:30:
                    a1:da:3e:a8:7f:63:2f:2f:7d:75:af:26:a4:ca:da:
                    45:03:30:17:99:5b:e3:7b:b3:74:bd:40:44:c9:6e:
                    4d:8a:16:bd:87:84:b7:15:1a:84:ab:a6:21:ca:cd:
                    ad:76:ca:c8:41:97:85:e9:5c:91:ae:a6:32:7e:87:
                    97:85:d2:80:cb:20:b4:76:76:38:ac:63:0d:73:11:
                    6f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F8:45:E6:67:31:60:85:15:0B:50:1D:45:7B:76:03:5A:5A:C1:8C
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2c3d7247-e07b-4d1c-a6ee-ebaa13fbd9cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:4f:bf:93:5b:7a:11:e3:7f:d3:33:8f:a3:4a:4c:1e:12:d3:
         22:2a:32:d4:89:1a:c1:57:d6:f2:00:4b:13:3e:16:06:4e:96:
         b1:c1:cd:3e:3b:c6:8f:c8:3d:50:96:14:f1:b0:a9:20:bb:b5:
         39:e7:02:bf:04:d9:91:88:64:89:ec:1f:0f:f4:39:09:27:d5:
         dd:db:7b:a2:ee:04:07:02:f9:5b:cb:7c:1a:c9:69:b4:58:67:
         7b:f7:4a:16:c4:b4:42:fe:cc:e2:11:92:de:d3:3a:93:a5:c4:
         56:42:17:7a:1b:20:0b:d1:1c:cf:55:89:d1:e3:4a:f1:1d:35:
         3b:51:c9:ae:ad:51:a4:de:d3:e4:c9:b7:b0:85:c9:88:e9:38:
         e0:2c:df:78:89:7a:10:ab:5b:da:9f:e3:d0:f4:4b:86:07:a0:
         5b:e3:27:01:94:70:25:63:b0:bd:74:ce:52:b8:d5:dd:41:9a:
         c5:ae:cb:ef:bc:c6:21:22:f0:0b:8a:cd:44:66:ae:d8:01:25:
         af:51:04:d4:6f:f5:2d:18:49:f1:37:b5:33:29:09:79:37:60:
         40:37:6c:17:69:9b:65:b1:a1:39:06:42:27:9c:dc:a6:50:80:
         ad:59:eb:13:aa:d7:3a:da:79:32:69:44:cd:35:06:19:8d:10:
         88:9f:d2:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHfr9wCJURfvlJSVnBvWTuCNq1cYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNzIxMTYzMDE3WhcNMjUwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTc4MTIxMWJmMDBkNmE4ZDE4NTA1NzA3NDhjYTZlZDQ4
Y2E2NWE2ZjA4M2U1MGMzOTgwZTczM2I5ZjQxNzE4MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDG3zztGddJEDOp1ZcTPqotALWqHG4H1STbewF8bgkqzsQM
dl7Qtd2Pe12MPXlBIF/TwyyNkAkwmWqKYpsyfCwJB6u4wn8xf2aQZhqziFRNJ/lh
gk9cJAgmdN+cNzl5DibdYz6IXxqWwOu/wgS/I3+MTwZVz+qfV3lb66Duh5RPcdPv
TxeNiWZgF4Q09x8Zhk2qVmIhw9waHY5quHsTVWOh+2SljyiC/SaIjvgdrxsASMj3
MKHaPqh/Yy8vfXWvJqTK2kUDMBeZW+N7s3S9QETJbk2KFr2HhLcVGoSrpiHKza12
yshBl4XpXJGupjJ+h5eF0oDLILR2djisYw1zEW/JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5/hF5mcxYIUVC1AdRXt2A1pawYwwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzJjM2Q3MjQ3LWUwN2ItNGQxYy1hNmVlLWViYWExM2ZiZDljYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPYwDQYJKoZIhvcNAQELBQADggEBAIdPv5NbehHjf9Mzj6NKTB4S0yIq
MtSJGsFX1vIASxM+FgZOlrHBzT47xo/IPVCWFPGwqSC7tTnnAr8E2ZGIZInsHw/0
OQkn1d3be6LuBAcC+VvLfBrJabRYZ3v3ShbEtEL+zOIRkt7TOpOlxFZCF3obIAvR
HM9VidHjSvEdNTtRya6tUaTe0+TJt7CFyYjpOOAs33iJehCrW9qf49D0S4YHoFvj
JwGUcCVjsL10zlK41d1BmsWuy++8xiEi8AuKzURmrtgBJa9RBNRv9S0YSfE3tTMp
CXk3YEA3bBdpm2WxoTkGQiec3KZQgK1Z6xOq1zraeTJpRM01BhmNEIif0qw=
-----END CERTIFICATE-----
Generated at Fri Jul 25 17:16:22 2025 by rpki-client