Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/35efcf72-708d-4456-b1d1-8419a2636e00.roa
File:                     35efcf72-708d-4456-b1d1-8419a2636e00.roa (raw, json)
Hash identifier:          6VrXOdhAIZeODCKM04Zibia6mUpRT/G8NAV8xv5baKY=
Subject key identifier:   B3:2F:FE:85:62:7D:74:F9:F9:1D:47:F3:25:DF:3D:8B:74:CD:A5:CA
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       5EB1834BE164BCDC79EB942BCC95D1AB35BCB018
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/35efcf72-708d-4456-b1d1-8419a2636e00.roa
Signing time:             Tue 21 Oct 2025 12:20:18 +0000
ROA not before:           Tue 21 Oct 2025 12:20:18 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2605:9cc0:f03d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 04 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:b1:83:4b:e1:64:bc:dc:79:eb:94:2b:cc:95:d1:ab:35:bc:b0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Oct 21 12:20:18 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=0fb9bb10982c0905ce883b57e7806cba6ad05911ee8d1a84214c605183c17219, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d4:51:9d:3e:12:ca:4f:b7:ad:f2:73:de:44:
                    f9:fc:b3:c1:23:95:1e:b5:76:7d:c6:ad:f2:7d:2f:
                    45:d2:1b:f6:3a:cb:8b:66:46:d6:34:7b:08:ee:ce:
                    a8:e3:73:70:b8:45:03:7b:e3:31:f6:2f:db:9a:89:
                    fe:33:2c:df:91:d2:ca:78:33:55:6f:01:bc:08:0e:
                    41:cc:09:16:95:d2:70:77:6a:2c:c0:ba:d0:81:e1:
                    61:a7:a5:7c:cc:11:83:2b:4a:e5:36:3f:e5:e6:a4:
                    4c:89:38:3d:1f:06:b8:f3:33:dd:5f:ea:7a:e0:53:
                    fd:b4:f1:ab:2e:fd:52:1a:3f:1d:8c:90:fb:08:fa:
                    e6:e1:f2:94:1b:97:e5:d2:33:86:66:a3:66:6c:82:
                    06:b3:89:66:ca:c6:20:09:0e:8b:59:8c:d3:95:68:
                    54:0f:a9:40:39:f9:f0:02:2a:3a:a2:ff:03:91:b8:
                    8e:13:72:17:a5:c5:d0:3a:d2:e2:62:90:27:cb:dd:
                    75:4c:bd:f7:3e:06:f6:40:87:6a:9f:7b:16:b4:d9:
                    d7:e0:3f:7f:3f:2d:4d:60:a8:a9:dc:5c:4f:77:e7:
                    4b:0c:a7:28:8a:ba:93:a6:39:83:78:88:79:65:35:
                    78:57:1e:b5:29:1f:8a:7c:98:8a:30:30:6a:1c:5b:
                    90:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:2F:FE:85:62:7D:74:F9:F9:1D:47:F3:25:DF:3D:8B:74:CD:A5:CA
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/35efcf72-708d-4456-b1d1-8419a2636e00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:f03d::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:bb:82:c5:bc:d2:9c:b2:cf:60:68:e6:4d:03:5a:e7:bc:7c:
         2c:34:57:c0:35:4e:51:27:ba:73:3f:3b:67:b6:3a:07:af:03:
         48:32:a6:3b:a2:5a:ef:b4:52:84:ad:f7:17:3b:74:21:4c:93:
         ff:39:fd:20:5e:f3:97:d1:b0:74:65:a3:5f:89:85:c7:30:68:
         85:66:20:97:5d:c8:7b:c6:f1:d1:94:42:f3:00:8a:7e:fa:08:
         54:b3:6d:74:35:82:c2:1d:82:69:ca:47:2e:8f:56:23:50:57:
         77:42:3a:df:6d:66:f5:61:9a:7c:c2:72:63:50:68:0f:57:91:
         a5:b5:05:7c:20:2e:b6:63:ec:68:1e:b3:ad:06:72:f6:70:fc:
         3a:2e:73:63:a5:a1:43:40:83:30:ef:75:47:d6:a7:22:b5:31:
         d8:81:8d:8f:2d:f7:b6:d2:ee:b6:a2:e2:4e:d5:8d:e0:45:41:
         1a:e7:c6:76:a7:67:80:eb:93:d3:3b:66:c3:82:c2:a4:39:08:
         eb:be:48:4f:5b:55:10:6e:9f:9e:a3:d7:8a:7d:92:0d:51:af:
         ee:d2:13:ac:16:86:6d:1c:96:8b:eb:4e:6e:e9:e6:22:ee:8a:
         ce:f0:eb:18:0e:a1:3b:11:4b:e5:1a:d6:90:2e:c3:c4:3b:ae:
         a2:06:78:5b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUXrGDS+FkvNx565QrzJXRqzW8sBgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUxMDIxMTIyMDE4WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmI5YmIxMDk4MmMwOTA1Y2U4ODNiNTdlNzgwNmNiYTZh
ZDA1OTExZWU4ZDFhODQyMTRjNjA1MTgzYzE3MjE5MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW1FGdPhLKT7et8nPeRPn8s8EjlR61dn3GrfJ9L0XSG/Y6
y4tmRtY0ewjuzqjjc3C4RQN74zH2L9uaif4zLN+R0sp4M1VvAbwIDkHMCRaV0nB3
aizAutCB4WGnpXzMEYMrSuU2P+XmpEyJOD0fBrjzM91f6nrgU/208asu/VIaPx2M
kPsI+ubh8pQbl+XSM4Zmo2ZsggaziWbKxiAJDotZjNOVaFQPqUA5+fACKjqi/wOR
uI4TchelxdA60uJikCfL3XVMvfc+BvZAh2qfexa02dfgP38/LU1gqKncXE9350sM
pyiKupOmOYN4iHllNXhXHrUpH4p8mIowMGocW5DzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUsy/+hWJ9dPn5HUfzJd89i3TNpcowHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzM1ZWZjZjcyLTcwOGQtNDQ1Ni1iMWQxLTg0MTlhMjYzNmUwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzA8D0wDQYJKoZIhvcNAQELBQADggEBABu7gsW80pyyz2Bo5k0DWue8
fCw0V8A1TlEnunM/O2e2OgevA0gypjuiWu+0UoSt9xc7dCFMk/85/SBe85fRsHRl
o1+JhccwaIVmIJddyHvG8dGUQvMAin76CFSzbXQ1gsIdgmnKRy6PViNQV3dCOt9t
ZvVhmnzCcmNQaA9XkaW1BXwgLrZj7Gges60GcvZw/Douc2OloUNAgzDvdUfWpyK1
MdiBjY8t97bS7rai4k7VjeBFQRrnxnanZ4Drk9M7ZsOCwqQ5COu+SE9bVRBun56j
14p9kg1Rr+7SE6wWhm0clovrTm7p5iLuis7w6xgOoTsRS+Ua1pAuw8Q7rqIGeFs=
-----END CERTIFICATE-----