Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/3fd6117b-5f6b-43fe-bf0a-b66f8d35e456.roa
File:                     3fd6117b-5f6b-43fe-bf0a-b66f8d35e456.roa (raw, json)
Hash identifier:          P6EtsO2hUe9sLMGPuKXWV51HmmG0Hfbq8cYFf5iFUfs=
Subject key identifier:   48:16:3F:07:37:D9:91:23:A0:3E:A8:E2:F1:4C:AF:2A:30:DB:F1:45
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       11473085FDB509A415570A0A0D1567E269601CF6
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/3fd6117b-5f6b-43fe-bf0a-b66f8d35e456.roa
Signing time:             Mon 01 Sep 2025 15:50:32 +0000
ROA not before:           Mon 01 Sep 2025 15:50:32 +0000
ROA not after:            Mon 06 Oct 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        96.127.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 09 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:47:30:85:fd:b5:09:a4:15:57:0a:0a:0d:15:67:e2:69:60:1c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Sep  1 15:50:32 2025 GMT
            Not After : Oct  6 23:59:59 2025 GMT
        Subject: serialNumber=20a00af004738e29ce880b9b531343228fa601e64b440394e10131bb346ded7b, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:11:c0:23:6b:51:fd:ff:61:6b:72:64:78:6f:
                    22:71:df:ca:10:4a:28:40:b4:6a:d5:13:10:16:dd:
                    2e:d0:52:6d:e4:56:43:d2:a3:44:a4:7e:b2:52:4f:
                    38:19:f2:0a:54:15:f1:8f:92:c1:78:ee:e8:66:68:
                    58:08:24:fb:e1:12:4d:cd:de:af:25:40:2a:f2:26:
                    72:a5:5c:34:68:9b:8b:77:fe:d6:3f:cb:1f:81:dc:
                    f7:e5:76:0b:0a:f4:e6:23:79:16:cc:96:e0:6f:cf:
                    32:78:42:72:0e:00:b9:98:88:ea:30:3a:ff:5a:29:
                    99:23:d8:d7:25:50:75:f0:e8:64:cd:a5:d1:ff:66:
                    5d:87:20:7a:f7:24:81:45:dd:ce:03:04:e0:2c:90:
                    3a:6a:15:3b:cf:cc:90:37:a5:87:59:9b:12:e5:31:
                    9f:95:09:69:5e:be:a7:ec:91:e5:ad:2c:67:3c:d8:
                    22:cf:17:0d:c0:66:d8:a9:36:38:d4:9d:3d:e8:20:
                    a4:d1:fe:24:3c:48:77:54:4f:7f:d1:1a:7e:1c:7b:
                    ce:0a:ec:98:d4:74:a2:77:7b:24:82:13:bb:81:80:
                    2a:be:34:4c:72:a4:fd:71:57:37:b1:0e:78:ac:e6:
                    87:10:01:8b:77:8d:01:d1:33:3c:38:85:a9:cf:5d:
                    e4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:16:3F:07:37:D9:91:23:A0:3E:A8:E2:F1:4C:AF:2A:30:DB:F1:45
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/3fd6117b-5f6b-43fe-bf0a-b66f8d35e456.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         56:bb:a5:b9:72:a9:3f:83:f0:32:85:8c:b8:30:e2:64:95:f8:
         a7:da:7c:a2:b4:ec:aa:7d:ef:cc:d4:05:41:47:fb:83:fa:b5:
         c1:e4:bb:d6:84:56:60:a3:b0:26:51:ba:49:d8:f3:4d:e4:f2:
         c7:c4:66:10:dc:f9:d8:6a:67:8d:63:e9:95:49:f5:f4:10:b3:
         00:7f:73:12:17:41:4c:53:61:d9:b7:3b:61:ff:69:56:6e:84:
         9f:15:e3:1f:76:94:71:83:c4:34:ca:c5:cc:a5:69:95:e4:75:
         d3:98:e1:f4:ff:a4:8c:ae:e0:dc:83:c2:29:10:a9:fa:88:72:
         48:f0:bb:1c:e0:09:8d:5d:d8:ba:a6:be:17:a5:df:f8:32:77:
         48:07:bd:d2:53:90:77:81:74:90:f9:b7:42:f3:bf:01:c6:1d:
         c8:19:71:31:27:7f:0c:a2:f9:52:c3:92:91:34:94:77:48:4d:
         99:f4:78:9b:6f:2e:6a:1b:c1:6c:e7:54:87:6c:9a:39:e6:2b:
         51:f2:c9:b4:04:4d:e0:82:30:be:d8:ef:a8:dc:55:d9:ec:43:
         3b:10:29:e3:d6:1e:ef:5c:b6:d5:8f:8b:ff:e0:9c:4e:23:e2:
         8e:a7:db:7d:7b:14:6a:63:d8:7c:f5:9d:98:1d:8e:f7:3c:3b:
         29:0e:5a:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEUcwhf21CaQVVwoKDRVn4mlgHPYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwOTAxMTU1MDMyWhcNMjUxMDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMGEwMGFmMDA0NzM4ZTI5Y2U4ODBiOWI1MzEzNDMyMjhm
YTYwMWU2NGI0NDAzOTRlMTAxMzFiYjM0NmRlZDdiMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKEcAja1H9/2FrcmR4byJx38oQSihAtGrVExAW3S7QUm3k
VkPSo0SkfrJSTzgZ8gpUFfGPksF47uhmaFgIJPvhEk3N3q8lQCryJnKlXDRom4t3
/tY/yx+B3PfldgsK9OYjeRbMluBvzzJ4QnIOALmYiOowOv9aKZkj2NclUHXw6GTN
pdH/Zl2HIHr3JIFF3c4DBOAskDpqFTvPzJA3pYdZmxLlMZ+VCWlevqfskeWtLGc8
2CLPFw3AZtipNjjUnT3oIKTR/iQ8SHdUT3/RGn4ce84K7JjUdKJ3eySCE7uBgCq+
NExypP1xVzexDnis5ocQAYt3jQHRMzw4hanPXeR1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSBY/BzfZkSOgPqji8UyvKjDb8UUwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzNmZDYxMTdiLTVmNmItNDNmZS1iZjBhLWI2NmY4ZDM1ZTQ1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVgfyAwDQYJKoZIhvcNAQELBQADggEBAFa7pblyqT+D8DKFjLgw4mSV+Kfa
fKK07Kp978zUBUFH+4P6tcHku9aEVmCjsCZRuknY803k8sfEZhDc+dhqZ41j6ZVJ
9fQQswB/cxIXQUxTYdm3O2H/aVZuhJ8V4x92lHGDxDTKxcylaZXkddOY4fT/pIyu
4NyDwikQqfqIckjwuxzgCY1d2Lqmvhel3/gyd0gHvdJTkHeBdJD5t0LzvwHGHcgZ
cTEnfwyi+VLDkpE0lHdITZn0eJtvLmobwWznVIdsmjnmK1HyybQETeCCML7Y76jc
VdnsQzsQKePWHu9cttWPi//gnE4j4o6n2317FGpj2Hz1nZgdjvc8OykOWtA=
-----END CERTIFICATE-----
Generated at Sun Sep 7 11:15:11 2025 by rpki-client