Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3e0dace3-0e2a-4252-8c92-4c7eec4c3588.roa
File:                     3e0dace3-0e2a-4252-8c92-4c7eec4c3588.roa (raw, json)
Hash identifier:          hxe1ibiAhKDKay4rNkzg8EupVkCbL1BDPL1/WhuuQzc=
Subject key identifier:   C6:F2:D2:4A:06:A3:D3:54:92:E3:86:37:C5:19:A9:29:7C:74:2C:E2
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       24AC3D2CCB0C81B784BBE2B195A6374612DFE1B2
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3e0dace3-0e2a-4252-8c92-4c7eec4c3588.roa
Signing time:             Tue 24 Jun 2025 00:00:12 +0000
ROA not before:           Tue 24 Jun 2025 00:00:12 +0000
ROA not after:            Tue 29 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.221.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ac:3d:2c:cb:0c:81:b7:84:bb:e2:b1:95:a6:37:46:12:df:e1:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jun 24 00:00:12 2025 GMT
            Not After : Jul 29 23:59:59 2025 GMT
        Subject: serialNumber=4791df9186539b74c9442aa00b2ad759de4dac90b6c5999ee950a6463c470fb6, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ea:b5:64:0a:5c:53:fa:d6:08:37:25:56:36:
                    05:c3:b9:4e:85:6e:a5:a8:14:c2:de:48:fd:99:77:
                    a8:3a:b6:d4:b4:9d:d4:e8:99:ec:dc:b9:d6:46:28:
                    5c:1e:af:02:8e:03:73:b9:2a:4c:78:50:7a:dd:27:
                    ef:f2:61:3a:c0:f3:cc:72:c4:ad:51:14:cb:c3:e8:
                    a3:8b:77:5a:1e:d0:9c:45:7a:87:a0:0d:dd:f2:4b:
                    2f:47:70:f3:f4:63:c2:f8:2e:f2:e2:ed:ea:c3:dc:
                    ac:55:13:ca:5a:b1:f5:3e:12:b4:a9:a7:67:de:4a:
                    12:5c:00:e1:a4:e5:ef:d8:88:68:d2:ad:9c:df:f0:
                    33:5d:4c:cd:72:a7:61:56:5b:7c:0d:35:b6:57:ac:
                    6d:ba:1d:65:12:cf:d8:36:f4:26:8c:2a:88:47:ff:
                    25:da:3d:9e:6a:a0:c1:9a:3d:dc:cd:98:6a:cd:a2:
                    c6:17:2b:b2:74:c1:34:de:9e:cf:f8:67:1d:8a:26:
                    d9:54:bb:81:a1:be:7c:b0:d8:63:4b:c2:fa:c8:50:
                    b1:99:48:a2:d3:b7:55:8e:05:67:c2:11:cb:cd:2e:
                    9c:11:e6:38:e9:27:5a:9a:56:0a:46:3e:3a:ff:2b:
                    36:d5:c6:ad:e1:47:91:12:5b:2c:88:3d:1d:50:f5:
                    2c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:F2:D2:4A:06:A3:D3:54:92:E3:86:37:C5:19:A9:29:7C:74:2C:E2
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3e0dace3-0e2a-4252-8c92-4c7eec4c3588.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.221.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         18:aa:a9:eb:a8:36:e7:9a:dc:36:24:01:9b:2e:98:21:38:78:
         3a:31:73:c9:a4:bc:4c:3b:1c:a9:71:99:f5:16:af:cb:7e:f7:
         8a:cf:1d:9c:3a:d5:72:d1:d0:db:15:12:96:7d:04:9c:e6:db:
         b6:0e:09:81:25:b9:19:5e:20:52:e5:cc:c9:cd:8b:49:4f:f2:
         63:48:fb:09:70:17:ae:1e:87:6c:1e:6b:29:93:8d:1e:8b:c2:
         26:c2:b6:43:a3:21:37:08:c0:80:3f:03:98:5d:65:ef:16:ac:
         50:67:bb:9f:73:2f:eb:56:23:3b:c8:26:44:76:89:e3:c2:3c:
         ae:f4:fd:39:75:7c:7d:76:43:1a:e3:a3:dc:1f:66:3a:4a:0f:
         2a:56:2c:80:c3:db:5b:f1:e1:fe:5e:79:d7:8f:6c:da:23:c8:
         b5:6e:03:dd:40:d0:d4:de:5b:b4:30:bc:ca:c5:45:0f:7d:9f:
         ea:86:be:ca:b9:3e:f7:0b:8b:ca:64:cc:b8:56:fd:e0:b0:62:
         4d:1c:4b:cb:de:1c:04:7f:6f:20:92:15:3c:8c:47:11:b4:6f:
         03:9d:dc:7f:d8:08:0a:be:21:c5:d1:36:77:f3:45:26:6d:4e:
         9f:96:38:f9:bb:25:04:0e:a6:6e:a9:a6:1c:35:62:c7:44:5f:
         f2:d3:33:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJKw9LMsMgbeEu+KxlaY3RhLf4bIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNjI0MDAwMDEyWhcNMjUwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzkxZGY5MTg2NTM5Yjc0Yzk0NDJhYTAwYjJhZDc1OWRl
NGRhYzkwYjZjNTk5OWVlOTUwYTY0NjNjNDcwZmI2MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC86rVkClxT+tYINyVWNgXDuU6FbqWoFMLeSP2Zd6g6ttS0
ndTomezcudZGKFwerwKOA3O5Kkx4UHrdJ+/yYTrA88xyxK1RFMvD6KOLd1oe0JxF
eoegDd3ySy9HcPP0Y8L4LvLi7erD3KxVE8pasfU+ErSpp2feShJcAOGk5e/YiGjS
rZzf8DNdTM1yp2FWW3wNNbZXrG26HWUSz9g29CaMKohH/yXaPZ5qoMGaPdzNmGrN
osYXK7J0wTTens/4Zx2KJtlUu4Ghvnyw2GNLwvrIULGZSKLTt1WOBWfCEcvNLpwR
5jjpJ1qaVgpGPjr/KzbVxq3hR5ESWyyIPR1Q9Sz9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxvLSSgaj01SS44Y3xRmpKXx0LOIwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzNlMGRhY2UzLTBlMmEtNDI1Mi04YzkyLTRjN2VlYzRjMzU4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPY3agwDQYJKoZIhvcNAQELBQADggEBABiqqeuoNuea3DYkAZsumCE4eDox
c8mkvEw7HKlxmfUWr8t+94rPHZw61XLR0NsVEpZ9BJzm27YOCYEluRleIFLlzMnN
i0lP8mNI+wlwF64eh2weaymTjR6LwibCtkOjITcIwIA/A5hdZe8WrFBnu59zL+tW
IzvIJkR2iePCPK70/Tl1fH12Qxrjo9wfZjpKDypWLIDD21vx4f5eedePbNojyLVu
A91A0NTeW7QwvMrFRQ99n+qGvsq5PvcLi8pkzLhW/eCwYk0cS8veHAR/byCSFTyM
RxG0bwOd3H/YCAq+IcXRNnfzRSZtTp+WOPm7JQQOpm6pphw1YsdEX/LTM+k=
-----END CERTIFICATE-----
Generated at Mon Jun 30 20:20:44 2025 by rpki-client