Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8ded9a1a-a724-4f04-af2d-845ce1bd9da0.roa
File:                     8ded9a1a-a724-4f04-af2d-845ce1bd9da0.roa (raw, json)
Hash identifier:          LhcYKdUEv3yZoRy34m2U2wwIwPHc30nNvOW6qlL8pBc=
Subject key identifier:   04:C6:8B:2B:5C:BE:34:61:74:8D:C2:64:5A:F3:00:00:75:02:05:9A
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       6747626E94F1E0A8A17056A453A12E1E9F974CC9
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8ded9a1a-a724-4f04-af2d-845ce1bd9da0.roa
Signing time:             Sat 24 May 2025 00:30:15 +0000
ROA not before:           Sat 24 May 2025 00:30:15 +0000
ROA not after:            Sat 28 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.96.18.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 08 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:47:62:6e:94:f1:e0:a8:a1:70:56:a4:53:a1:2e:1e:9f:97:4c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: May 24 00:30:15 2025 GMT
            Not After : Jun 28 23:59:59 2025 GMT
        Subject: serialNumber=216532521307fd5c0884ab634d922a1d2b26f1b32d886ced59040328c5b0cdfc, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a9:f0:f8:be:05:e2:68:4b:25:b5:a9:85:3b:
                    68:5a:5d:6f:99:d1:71:d3:b5:49:41:42:a5:fc:7b:
                    03:75:c7:cf:21:63:91:3b:5d:5f:64:58:43:88:75:
                    7c:34:34:2d:9a:12:ab:dc:b0:40:c5:42:cd:3c:dd:
                    c4:63:a7:1e:85:0e:75:7a:19:fc:36:06:9c:d5:11:
                    38:1e:2a:82:f3:3b:65:b1:fc:fa:08:c1:de:00:70:
                    fc:9a:b6:15:0c:b6:be:31:9f:7a:e2:1c:54:b2:31:
                    62:33:65:6f:94:43:f5:a4:00:66:f8:f7:2b:91:f0:
                    0c:05:e7:01:f5:57:88:c1:42:97:be:87:27:24:79:
                    89:e2:08:69:e4:a3:a5:0a:5a:c3:d3:8e:85:b6:51:
                    f6:5d:72:9e:05:cf:51:69:bc:02:e0:53:f0:13:a0:
                    da:34:5c:a9:29:54:38:d4:ae:f0:c0:6d:a4:d3:e0:
                    bf:c3:a2:97:46:f5:18:82:c0:12:4b:d6:6f:3b:13:
                    9b:c7:87:e7:dc:3f:7b:d9:84:49:e7:ab:e6:1a:87:
                    94:57:eb:34:ae:f1:ca:bf:ae:f8:3c:fc:9d:4f:1c:
                    67:79:01:0a:77:3f:47:3d:33:76:56:1a:a5:57:f5:
                    13:2d:e5:b8:9b:e7:40:39:27:b7:c6:f4:1f:96:7f:
                    2f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:C6:8B:2B:5C:BE:34:61:74:8D:C2:64:5A:F3:00:00:75:02:05:9A
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/8ded9a1a-a724-4f04-af2d-845ce1bd9da0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:ec:a5:1a:67:84:3a:b1:e8:b8:5b:c4:e6:c1:ac:65:15:09:
         09:5f:ee:5b:5e:6d:fd:05:77:55:d3:33:5f:b5:d7:43:fa:74:
         b3:a8:94:d3:f3:59:5e:7b:14:ec:b0:40:b4:55:20:99:e8:9e:
         16:3b:50:ae:2f:ce:8f:b3:68:2d:98:a1:24:51:c3:6c:86:f9:
         62:7a:29:df:9a:6e:cc:a4:9e:9a:dc:1c:7d:5b:d9:3b:fb:e1:
         28:56:8a:b2:6f:c9:da:f3:42:7e:16:86:58:79:40:a0:98:bb:
         5d:c2:5b:8a:73:a6:2a:b8:95:1b:94:8b:26:de:f0:db:a6:05:
         29:06:33:7b:c3:8f:f6:bd:f8:c1:8b:76:a8:a6:be:14:a8:69:
         39:49:1b:17:7c:3c:f1:8c:69:b0:68:64:a8:73:09:86:46:69:
         24:0b:6f:3b:f9:46:90:9c:fc:0a:72:bf:50:aa:0c:dc:54:ef:
         62:9c:a1:e7:81:90:25:30:8e:78:62:99:5b:be:a2:a0:62:02:
         a4:99:92:7b:af:10:4b:dd:19:ac:f6:d8:bd:47:30:d1:c4:a6:
         b7:78:5b:36:17:97:aa:8f:bc:ae:ad:d9:5f:6d:40:30:bc:e1:
         67:50:64:1b:41:d4:64:fb:e4:96:8f:56:e2:75:7d:82:2d:d6:
         ac:db:5e:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ0dibpTx4KihcFakU6EuHp+XTMkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNTI0MDAzMDE1WhcNMjUwNjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTY1MzI1MjEzMDdmZDVjMDg4NGFiNjM0ZDkyMmExZDJi
MjZmMWIzMmQ4ODZjZWQ1OTA0MDMyOGM1YjBjZGZjMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTqfD4vgXiaEsltamFO2haXW+Z0XHTtUlBQqX8ewN1x88h
Y5E7XV9kWEOIdXw0NC2aEqvcsEDFQs083cRjpx6FDnV6Gfw2BpzVETgeKoLzO2Wx
/PoIwd4AcPyathUMtr4xn3riHFSyMWIzZW+UQ/WkAGb49yuR8AwF5wH1V4jBQpe+
hyckeYniCGnko6UKWsPTjoW2UfZdcp4Fz1FpvALgU/AToNo0XKkpVDjUrvDAbaTT
4L/DopdG9RiCwBJL1m87E5vHh+fcP3vZhEnnq+Yah5RX6zSu8cq/rvg8/J1PHGd5
AQp3P0c9M3ZWGqVX9RMt5bib50A5J7fG9B+Wfy+tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBMaLK1y+NGF0jcJkWvMAAHUCBZowHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzhkZWQ5YTFhLWE3MjQtNGYwNC1hZjJkLTg0NWNlMWJkOWRhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEjYBIwDQYJKoZIhvcNAQELBQADggEBAIzspRpnhDqx6LhbxObBrGUVCQlf
7ltebf0Fd1XTM1+110P6dLOolNPzWV57FOywQLRVIJnonhY7UK4vzo+zaC2YoSRR
w2yG+WJ6Kd+absyknprcHH1b2Tv74ShWirJvydrzQn4Whlh5QKCYu13CW4pzpiq4
lRuUiybe8NumBSkGM3vDj/a9+MGLdqimvhSoaTlJGxd8PPGMabBoZKhzCYZGaSQL
bzv5RpCc/Apyv1CqDNxU72KcoeeBkCUwjnhimVu+oqBiAqSZknuvEEvdGaz22L1H
MNHEprd4WzYXl6qPvK6t2V9tQDC84WdQZBtB1GT75JaPVuJ1fYIt1qzbXgY=
-----END CERTIFICATE-----