Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/8a0cac28-29b8-4996-b010-5eab278cc342.roa
File:                     8a0cac28-29b8-4996-b010-5eab278cc342.roa (raw, json)
Hash identifier:          bffOYUPP+I3Z4d4rrr+AaX8manKt40dAPnAvKgD4mWU=
Subject key identifier:   22:CC:C0:5C:D6:90:34:68:86:9C:D5:22:57:82:12:5A:C7:EB:38:B2
Certificate issuer:       /CN=c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173
Certificate serial:       0A68D3AC997B047B70A3D438D95A3255914D9DF1
Authority key identifier: CC:10:61:27:3F:FF:76:3F:76:D2:DE:E2:85:83:E8:BA:3B:05:C4:30
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/8a0cac28-29b8-4996-b010-5eab278cc342.roa
Signing time:             Sat 18 Oct 2025 00:10:05 +0000
ROA not before:           Sat 18 Oct 2025 00:10:05 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.41.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/n4bWrZ_E5yI9-EHSCubQ_xJCgXM.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/n4bWrZ_E5yI9-EHSCubQ_xJCgXM.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/e5dea660-bf59-4b4c-b9ad-4a6787e03fce.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/e5dea660-bf59-4b4c-b9ad-4a6787e03fce.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/d6b5ad28-1cbc-47ab-904e-45361a5487c3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/d6b5ad28-1cbc-47ab-904e-45361a5487c3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:68:d3:ac:99:7b:04:7b:70:a3:d4:38:d9:5a:32:55:91:4d:9d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173
        Validity
            Not Before: Oct 18 00:10:05 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=56030867960d6d274f3bb00d5c731b5c36ebf81f0a2ee391f7de9ee7f4d1c100, CN=88af7b95-2ef7-49fc-a37d-1b8f0547180d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:72:4f:52:a1:1c:1f:40:8c:4d:59:98:4c:8f:
                    34:ee:45:9c:c6:5f:28:f0:dc:7e:aa:ec:fb:f6:5b:
                    b2:d6:69:cc:1e:57:a9:45:e6:01:17:ac:b5:f5:eb:
                    f4:ed:6c:4e:70:63:47:a9:89:5f:89:a8:99:2c:14:
                    06:fc:f7:a4:7e:68:26:01:d6:e6:9a:51:a2:a2:44:
                    83:cf:b3:7b:81:6b:33:19:cc:4d:a7:a9:7f:d6:1b:
                    28:0e:4f:e2:0f:cc:52:09:af:f6:ab:f3:5f:c3:8e:
                    2c:3d:1f:25:83:18:57:40:da:0b:62:70:5a:df:b6:
                    8d:57:18:29:db:07:3b:2a:b4:8f:8f:43:9f:a8:e5:
                    8a:71:84:d8:00:6a:59:8e:61:11:f1:bd:93:6c:10:
                    08:c3:e2:59:d6:02:a7:9b:02:f8:2c:d8:80:3b:b5:
                    cb:d5:35:89:8b:c5:8a:ac:39:a0:17:11:6a:33:d5:
                    66:19:94:b2:65:07:b7:d4:9e:99:c6:81:b3:1c:79:
                    ad:b6:1f:5d:84:19:40:3b:93:8c:a0:25:1b:82:f8:
                    0a:ee:04:2f:ef:be:3b:4d:6c:20:20:b3:76:4d:d6:
                    8d:18:7e:aa:40:59:07:1f:75:d7:3e:20:12:80:14:
                    e5:fe:9d:5b:7b:68:12:9c:2f:e2:5b:a8:9e:b0:26:
                    17:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:CC:C0:5C:D6:90:34:68:86:9C:D5:22:57:82:12:5A:C7:EB:38:B2
            X509v3 Authority Key Identifier:
                keyid:CC:10:61:27:3F:FF:76:3F:76:D2:DE:E2:85:83:E8:BA:3B:05:C4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/8a0cac28-29b8-4996-b010-5eab278cc342.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/n4bWrZ_E5yI9-EHSCubQ_xJCgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.41.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:1a:a5:7e:e6:df:75:8a:f5:df:b0:41:ad:78:1c:9a:79:28:
         b7:74:90:6e:4e:52:c7:1d:0b:30:83:f6:cd:db:f2:b6:35:2b:
         1a:ed:c0:16:cd:90:6e:25:a5:39:33:de:ac:bb:5d:18:45:b6:
         36:89:f0:15:84:bb:a6:30:ea:0b:03:52:3f:b9:e5:f6:bf:96:
         70:86:26:58:60:70:c6:67:50:5e:98:18:41:31:28:19:f1:50:
         1c:d7:72:46:c3:bb:02:05:3f:36:66:b3:59:62:a9:7d:ec:1f:
         ec:c6:79:33:9a:f3:fa:db:6b:98:89:c1:70:9a:0d:f7:5b:b4:
         7e:f1:f4:c0:19:34:2d:06:1a:20:de:83:69:01:31:b2:25:d7:
         52:56:40:60:57:3c:e7:b6:48:13:61:c8:57:4c:e0:87:ab:bf:
         d2:81:cf:c5:d7:10:8a:b0:6b:3a:7d:9c:0d:7e:72:63:d0:57:
         3d:13:2c:c8:93:97:b0:b7:97:f8:a9:b5:3e:cf:34:52:88:0a:
         b2:5b:0c:bf:fd:e4:4a:8b:a6:c8:97:bc:a8:67:36:86:f4:66:
         55:a4:64:12:4c:3a:99:b7:90:ae:ee:66:ff:0a:9a:a7:68:04:
         b6:bb:ae:d8:e2:25:29:f7:76:06:1e:c3:b2:54:65:6e:4e:5a:
         df:30:71:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCmjTrJl7BHtwo9Q42VoyVZFNnfEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzMxOTQyNGUwMzlmODZkNmFkOWZjNGU3MjIzZGY4NDFk
MjBhZTZkMGZmMTI0MjgxNzMwHhcNMjUxMDE4MDAxMDA1WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjAzMDg2Nzk2MGQ2ZDI3NGYzYmIwMGQ1YzczMWI1YzM2
ZWJmODFmMGEyZWUzOTFmN2RlOWVlN2Y0ZDFjMTAwMS0wKwYDVQQDEyQ4OGFmN2I5
NS0yZWY3LTQ5ZmMtYTM3ZC0xYjhmMDU0NzE4MGQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOck9SoRwfQIxNWZhMjzTuRZzGXyjw3H6q7Pv2W7LWacwe
V6lF5gEXrLX16/TtbE5wY0epiV+JqJksFAb896R+aCYB1uaaUaKiRIPPs3uBazMZ
zE2nqX/WGygOT+IPzFIJr/ar81/Djiw9HyWDGFdA2gticFrfto1XGCnbBzsqtI+P
Q5+o5YpxhNgAalmOYRHxvZNsEAjD4lnWAqebAvgs2IA7tcvVNYmLxYqsOaAXEWoz
1WYZlLJlB7fUnpnGgbMcea22H12EGUA7k4ygJRuC+AruBC/vvjtNbCAgs3ZN1o0Y
fqpAWQcfddc+IBKAFOX+nVt7aBKcL+JbqJ6wJhfJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIszAXNaQNGiGnNUiV4ISWsfrOLIwHwYDVR0jBBgwFoAUzBBhJz//dj92
0t7ihYPoujsFxDAwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Q2YjVhZDI4LTFjYmMtNDdhYi05MDRlLTQ1MzYxYTU0ODdjMy9lNWRlYTY2MC1i
ZjU5LTRiNGMtYjlhZC00YTY3ODdlMDNmY2UvYzMxOTQyNGUwMzlmODZkNmFkOWZj
NGU3MjIzZGY4NDFkMjBhZTZkMGZmMTI0MjgxNzMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmRmNTFjZDItZTZhZi00OTNhLWE4OGEtMzIy
MWQwMWY3ZDkwLzhhMGNhYzI4LTI5YjgtNDk5Ni1iMDEwLTVlYWIyNzhjYzM0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJkZjUxY2QyLWU2YWYtNDkzYS1hODhh
LTMyMjFkMDFmN2Q5MC9uNGJXclpfRTV5STktRUhTQ3ViUV94SkNnWE0uY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADGKWQwDQYJKoZIhvcNAQELBQADggEBADoapX7m33WK9d+wQa14HJp5KLd0
kG5OUscdCzCD9s3b8rY1KxrtwBbNkG4lpTkz3qy7XRhFtjaJ8BWEu6Yw6gsDUj+5
5fa/lnCGJlhgcMZnUF6YGEExKBnxUBzXckbDuwIFPzZms1liqX3sH+zGeTOa8/rb
a5iJwXCaDfdbtH7x9MAZNC0GGiDeg2kBMbIl11JWQGBXPOe2SBNhyFdM4Ierv9KB
z8XXEIqwazp9nA1+cmPQVz0TLMiTl7C3l/iptT7PNFKICrJbDL/95EqLpsiXvKhn
Nob0ZlWkZBJMOpm3kK7uZv8KmqdoBLa7rtjiJSn3dgYew7JUZW5OWt8wcb4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:31:50 2025 by rpki-client