Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/32c53391-9c3f-4b16-925f-978e804a33ba.roa
File:                     32c53391-9c3f-4b16-925f-978e804a33ba.roa (raw, json)
Hash identifier:          udjvx93Lor5rsRR6t3VVlpq9kOptdWdTDNutNelL5sw=
Subject key identifier:   69:B8:ED:08:53:BE:DD:0E:5B:63:99:C7:3C:22:A2:09:95:D0:83:33
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       5B393C4CE6C9DDD0632BE17969C04FA7AF3CD8AA
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/32c53391-9c3f-4b16-925f-978e804a33ba.roa
Signing time:             Mon 06 Oct 2025 15:20:06 +0000
ROA not before:           Mon 06 Oct 2025 15:20:06 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.110.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:39:3c:4c:e6:c9:dd:d0:63:2b:e1:79:69:c0:4f:a7:af:3c:d8:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct  6 15:20:06 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=d17f1c565e8455c6f77c37d4338d05283cfbefa8eb89e6d399d3a511f41f8533, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c8:28:39:0f:8a:0b:20:02:11:ec:61:15:62:
                    bf:01:7a:d1:21:98:ee:34:7a:e4:a3:55:91:01:4d:
                    97:ed:0b:c2:ab:c5:2d:53:94:ba:8e:33:1c:19:34:
                    53:da:75:9b:b8:bc:42:27:aa:13:52:f6:c5:ea:cc:
                    67:6c:79:23:93:3b:db:5e:9a:8d:c6:e3:0f:9c:a3:
                    91:c6:1e:cb:a8:cf:54:46:99:f4:f5:cb:98:67:4c:
                    28:68:76:a0:37:d4:2d:08:6c:af:45:3a:a5:7f:d2:
                    f3:6d:d6:47:a2:3a:8a:8d:c9:07:19:af:e1:31:ff:
                    29:4b:82:a5:86:9b:b3:85:26:3e:49:6d:1e:eb:97:
                    f1:90:e4:10:b6:ed:43:c1:f9:a1:b3:5d:85:1e:95:
                    70:e4:01:de:5c:97:ce:f4:e6:6c:da:1e:0e:0b:c3:
                    a2:8c:83:47:24:6c:30:2f:e7:ec:f7:5d:d1:02:f0:
                    9a:c3:77:93:64:d4:5c:77:fd:93:66:8a:8e:ff:09:
                    8e:9c:10:14:3e:43:b5:31:29:85:4d:9f:5a:2b:7c:
                    f3:83:a4:7b:8d:75:6a:93:d9:b2:94:9c:31:39:d3:
                    6f:85:46:c5:03:0c:18:90:5e:e2:c5:f2:c6:13:bc:
                    6c:02:72:a4:48:6d:8a:7e:a3:e3:70:28:9e:c3:ab:
                    c6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B8:ED:08:53:BE:DD:0E:5B:63:99:C7:3C:22:A2:09:95:D0:83:33
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/32c53391-9c3f-4b16-925f-978e804a33ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         84:42:77:3f:ba:f1:17:a6:f8:b6:21:dc:7a:2e:b3:0a:17:33:
         e4:24:e5:80:a0:d2:c2:3c:a5:9b:d0:c3:42:8f:03:1c:10:6e:
         4b:4c:e3:74:fd:b4:69:68:a9:ad:31:1b:de:4a:f1:e1:94:60:
         35:5d:ab:df:77:e2:e6:fb:4c:1a:17:d5:42:45:73:ea:7b:aa:
         32:f9:d9:25:39:53:fc:15:8b:6d:a4:5c:58:1c:7e:b6:c5:8d:
         34:26:0c:17:52:c0:90:d1:c7:21:59:da:4b:0c:30:c9:cc:e8:
         24:c2:29:8c:09:c5:b1:eb:55:f5:3d:c7:33:3e:f6:66:05:fe:
         59:5b:fc:fd:ce:65:79:ee:7e:af:e7:0d:d9:77:dc:82:6d:01:
         24:dc:fe:74:f7:a6:ac:46:4d:9c:be:fc:8a:09:f0:dd:52:dd:
         ce:38:de:af:09:bc:0d:73:0f:b8:aa:b1:db:57:3b:8b:55:db:
         93:c9:a4:d4:53:40:2e:ea:4f:76:47:67:69:5c:ba:ef:35:8c:
         62:39:e7:e1:51:fa:ea:e5:81:4e:0e:95:0b:56:ee:d0:79:bb:
         38:af:6f:2c:84:63:b1:db:29:68:3d:a7:e3:72:a3:19:49:dc:
         45:4e:3c:28:6a:90:e9:ea:bd:6a:ba:7c:c3:e6:72:1f:6b:7d:
         d2:de:c4:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWzk8TObJ3dBjK+F5acBPp6882KowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUxMDA2MTUyMDA2WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTdmMWM1NjVlODQ1NWM2Zjc3YzM3ZDQzMzhkMDUyODNj
ZmJlZmE4ZWI4OWU2ZDM5OWQzYTUxMWY0MWY4NTMzMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPyCg5D4oLIAIR7GEVYr8BetEhmO40euSjVZEBTZftC8Kr
xS1TlLqOMxwZNFPadZu4vEInqhNS9sXqzGdseSOTO9temo3G4w+co5HGHsuoz1RG
mfT1y5hnTChodqA31C0IbK9FOqV/0vNt1keiOoqNyQcZr+Ex/ylLgqWGm7OFJj5J
bR7rl/GQ5BC27UPB+aGzXYUelXDkAd5cl8705mzaHg4Lw6KMg0ckbDAv5+z3XdEC
8JrDd5Nk1Fx3/ZNmio7/CY6cEBQ+Q7UxKYVNn1orfPODpHuNdWqT2bKUnDE502+F
RsUDDBiQXuLF8sYTvGwCcqRIbYp+o+NwKJ7Dq8Y1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUabjtCFO+3Q5bY5nHPCKiCZXQgzMwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzMyYzUzMzkxLTljM2YtNGIxNi05MjVmLTk3OGU4MDRhMzNiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYYbkAwDQYJKoZIhvcNAQELBQADggEBAIRCdz+68Rem+LYh3HouswoXM+Qk
5YCg0sI8pZvQw0KPAxwQbktM43T9tGloqa0xG95K8eGUYDVdq9934ub7TBoX1UJF
c+p7qjL52SU5U/wVi22kXFgcfrbFjTQmDBdSwJDRxyFZ2ksMMMnM6CTCKYwJxbHr
VfU9xzM+9mYF/llb/P3OZXnufq/nDdl33IJtASTc/nT3pqxGTZy+/IoJ8N1S3c44
3q8JvA1zD7iqsdtXO4tV25PJpNRTQC7qT3ZHZ2lcuu81jGI55+FR+urlgU4OlQtW
7tB5uzivbyyEY7HbKWg9p+NyoxlJ3EVOPChqkOnqvWq6fMPmch9rfdLexKU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:55:20 2025 by rpki-client