Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/498f334e-4dc8-4118-b1a1-4c9a15d14b92.roa
File:                     498f334e-4dc8-4118-b1a1-4c9a15d14b92.roa (raw, json)
Hash identifier:          qMVj+PrzZDw/Jyi7nk821UBEIYQVvUSA1DFjuFAvxKo=
Subject key identifier:   87:86:A3:C0:C5:21:69:A8:C5:A7:43:D7:91:6A:28:04:41:BC:E6:E8
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       0DA782328108AFABB7378578272FEE25500FF667
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/498f334e-4dc8-4118-b1a1-4c9a15d14b92.roa
Signing time:             Sat 04 Oct 2025 00:20:04 +0000
ROA not before:           Sat 04 Oct 2025 00:20:04 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:a7:82:32:81:08:af:ab:b7:37:85:78:27:2f:ee:25:50:0f:f6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct  4 00:20:04 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=d254cc9bf2e5051b5805010ae2abfcaf4a3cda8376fa94303fb5b93d7d15b3ba, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9b:9c:5d:9e:81:06:90:b8:03:37:6d:59:47:
                    3e:eb:81:ae:48:97:30:0f:82:d4:ed:c1:01:9b:1a:
                    99:b4:5e:56:bf:6d:df:f6:4e:41:a1:4b:96:83:f3:
                    c0:6f:06:47:07:79:63:e0:41:2c:17:0f:f6:41:e9:
                    10:c6:7b:d8:08:86:3f:a0:6c:dc:44:b3:b9:d4:7c:
                    e9:e1:be:d4:74:2a:0b:ee:aa:45:6a:13:cf:d6:6c:
                    5d:23:68:7e:0c:b2:1f:b7:bb:29:b3:f5:10:a7:8a:
                    c7:eb:0b:3a:5a:9b:f6:a8:ca:56:67:d0:1a:29:51:
                    94:a0:5d:fc:7f:60:95:7e:83:b0:dc:e3:cd:ed:99:
                    c5:de:49:1d:65:8e:83:81:a3:e6:76:9b:49:ec:86:
                    9d:de:c9:2c:db:96:01:3e:bb:91:5d:6c:0d:20:87:
                    24:29:f3:31:86:84:2d:26:f2:e0:1f:e6:c1:c8:22:
                    6c:ed:28:bd:16:ce:28:58:91:15:6f:74:d6:53:81:
                    a8:6d:77:3b:e4:2d:41:c8:c8:c7:a3:06:16:68:26:
                    e7:0e:0e:a2:ae:6b:22:1f:72:af:4b:61:9f:f9:55:
                    26:9b:aa:4e:3b:ea:45:16:0b:d5:d2:d2:da:8e:ed:
                    56:53:d2:09:21:bb:95:89:56:e7:60:9c:64:80:84:
                    35:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:86:A3:C0:C5:21:69:A8:C5:A7:43:D7:91:6A:28:04:41:BC:E6:E8
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/498f334e-4dc8-4118-b1a1-4c9a15d14b92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:2b:0d:d5:8d:86:ab:9d:f5:23:fc:dd:c6:42:a3:0b:d1:34:
         e9:7d:5a:49:93:7e:ea:ef:76:14:a8:22:97:2d:df:7c:e5:52:
         e8:d3:47:ef:f9:42:94:f6:9f:14:33:9c:3d:ba:f9:78:ab:10:
         ad:1b:b3:02:8f:c7:bd:75:33:e5:0c:ff:f0:5b:aa:97:ac:9b:
         a3:d0:71:8c:31:6a:63:61:16:ee:8b:5a:ea:e5:e0:74:c4:90:
         8f:d2:e1:7a:14:e0:a6:eb:ef:9f:0b:c0:3c:c4:22:43:24:8f:
         73:cf:eb:98:d5:74:e4:03:a5:89:86:9a:f7:23:7b:1f:52:cd:
         4e:e2:07:a1:7e:95:7c:33:f5:c6:4e:9a:21:0a:d0:43:15:63:
         8c:1b:43:56:2f:fc:92:4b:b9:f5:34:55:c8:88:6d:a3:f3:cd:
         cb:45:59:90:ef:88:2e:ef:04:36:73:53:38:16:2b:6b:04:70:
         e1:91:f5:e4:0c:dd:98:87:aa:e5:ea:f9:29:0c:43:9a:8b:20:
         8a:13:eb:49:1e:e1:87:85:be:c3:a8:d3:67:3d:0c:a7:4a:ef:
         ec:81:fd:03:64:78:c8:ff:e9:0a:40:0b:30:90:59:8c:9b:1e:
         ae:c1:d7:5f:a7:49:a5:9d:d6:37:6e:34:24:2d:8f:34:55:f3:
         39:d9:84:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDaeCMoEIr6u3N4V4Jy/uJVAP9mcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUxMDA0MDAyMDA0WhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMjU0Y2M5YmYyZTUwNTFiNTgwNTAxMGFlMmFiZmNhZjRh
M2NkYTgzNzZmYTk0MzAzZmI1YjkzZDdkMTViM2JhMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVm5xdnoEGkLgDN21ZRz7rga5IlzAPgtTtwQGbGpm0Xla/
bd/2TkGhS5aD88BvBkcHeWPgQSwXD/ZB6RDGe9gIhj+gbNxEs7nUfOnhvtR0Kgvu
qkVqE8/WbF0jaH4Msh+3uymz9RCnisfrCzpam/aoylZn0BopUZSgXfx/YJV+g7Dc
483tmcXeSR1ljoOBo+Z2m0nshp3eySzblgE+u5FdbA0ghyQp8zGGhC0m8uAf5sHI
ImztKL0WzihYkRVvdNZTgahtdzvkLUHIyMejBhZoJucODqKuayIfcq9LYZ/5VSab
qk476kUWC9XS0tqO7VZT0gkhu5WJVudgnGSAhDXXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh4ajwMUhaajFp0PXkWooBEG85ugwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzQ5OGYzMzRlLTRkYzgtNDExOC1iMWExLTRjOWExNWQxNGI5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM37owDQYJKoZIhvcNAQELBQADggEBACYrDdWNhqud9SP83cZCowvRNOl9
WkmTfurvdhSoIpct33zlUujTR+/5QpT2nxQznD26+XirEK0bswKPx711M+UM//Bb
qpesm6PQcYwxamNhFu6LWurl4HTEkI/S4XoU4Kbr758LwDzEIkMkj3PP65jVdOQD
pYmGmvcjex9SzU7iB6F+lXwz9cZOmiEK0EMVY4wbQ1Yv/JJLufU0VciIbaPzzctF
WZDviC7vBDZzUzgWK2sEcOGR9eQM3ZiHquXq+SkMQ5qLIIoT60ke4YeFvsOo02c9
DKdK7+yB/QNkeMj/6QpACzCQWYybHq7B11+nSaWd1jduNCQtjzRV8znZhLI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:20:05 2025 by rpki-client