Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/854367ff-45b7-4925-99a1-97b01f4fabe8.roa
File:                     854367ff-45b7-4925-99a1-97b01f4fabe8.roa (raw, json)
Hash identifier:          PJcFG+jZM1Ldz8n3lqrsQ7ASgjCH0JpG0whT1mc00io=
Subject key identifier:   43:E8:BE:D2:E4:BC:05:89:D8:D1:19:49:9E:15:2B:28:04:65:A8:B9
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       38340CA7BBBD8312CAEBBCCA0AD09CEC9A55CA24
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/854367ff-45b7-4925-99a1-97b01f4fabe8.roa
Signing time:             Fri 03 Oct 2025 00:00:14 +0000
ROA not before:           Fri 03 Oct 2025 00:00:14 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        216.221.166.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:34:0c:a7:bb:bd:83:12:ca:eb:bc:ca:0a:d0:9c:ec:9a:55:ca:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct  3 00:00:14 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=21063ce1487094561d508469bdefa6964a1d0206186b44093db1f879ae9deb40, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:74:1f:70:ae:ba:55:11:57:ab:37:e7:56:7b:
                    99:c4:cd:b6:b0:57:33:ba:b8:79:e7:2b:54:3e:3d:
                    c6:81:3c:c5:b4:95:cb:aa:ff:9a:58:ad:6f:b7:16:
                    9b:13:3c:dc:8f:af:16:a3:46:b3:49:8b:9e:22:5e:
                    17:81:79:43:a5:03:4c:02:c3:c1:5f:ce:3e:da:87:
                    9a:20:1a:c0:f9:89:a0:49:29:20:80:e9:61:d0:84:
                    4b:51:37:18:3d:09:87:bb:67:a1:69:54:b7:b1:4e:
                    5c:75:e2:9c:6d:68:77:cb:95:09:d7:e0:3a:31:8c:
                    36:34:ad:f0:b8:a2:3b:a5:23:56:6b:73:77:fd:37:
                    bd:fc:db:63:29:4a:58:10:83:18:08:4c:db:52:31:
                    31:c5:a2:e5:e2:7b:d9:f6:4c:95:d8:cc:f7:fd:87:
                    94:7f:7c:71:cd:2d:05:6b:7a:6e:33:00:d3:a3:84:
                    9a:83:5c:7f:48:f0:a6:9d:70:2f:f0:21:c7:73:aa:
                    cb:ec:d5:07:f9:b7:29:4f:5a:24:85:a0:ab:68:c4:
                    51:b8:61:02:50:1c:d7:ad:3c:75:51:5d:5b:d2:28:
                    12:ff:7a:e7:fa:a6:ad:7b:29:71:eb:a4:4d:52:90:
                    60:89:9b:e9:bc:3f:20:ea:8e:0b:5f:0e:28:38:f6:
                    83:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E8:BE:D2:E4:BC:05:89:D8:D1:19:49:9E:15:2B:28:04:65:A8:B9
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/854367ff-45b7-4925-99a1-97b01f4fabe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.221.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:a8:76:40:2b:42:43:92:af:32:b3:e8:9c:b2:26:a7:7a:ca:
         ee:ca:67:86:12:f7:b0:ed:8c:40:fe:4c:9f:00:14:ad:79:cb:
         bd:17:81:da:e1:be:8d:28:20:e5:6a:b5:59:b9:ff:2b:ad:fb:
         58:ef:cc:ad:37:59:5c:bd:9e:bf:4b:fa:6f:7e:99:b6:fa:04:
         a9:48:f8:06:9b:5d:cd:3c:f9:03:c9:cb:03:bf:6d:4f:6a:cc:
         90:f7:6e:f4:52:ab:3f:4b:a8:c3:4f:a6:0e:83:3d:e1:43:de:
         3e:5e:88:40:07:a3:f1:95:4e:42:3e:b3:f7:df:15:fc:03:a2:
         49:ba:cd:ee:df:05:42:9c:1d:48:f1:8d:b7:21:d2:3c:c9:07:
         9d:08:e1:aa:44:f4:ec:80:26:fa:27:84:43:f1:1b:b0:a5:6a:
         d1:98:e2:0d:de:f8:e0:47:62:4b:c2:cd:66:1c:ad:aa:37:8f:
         67:e6:4c:6d:9d:3d:46:90:8c:ca:0d:13:12:1f:cc:bb:77:6b:
         c9:fa:e4:79:70:e2:a5:98:e2:e6:bf:4b:44:55:38:c3:09:b3:
         f0:80:f1:cb:5f:4e:78:8c:bf:11:e7:5b:0e:65:c3:c7:96:5d:
         ab:95:d9:c2:83:e6:63:4e:9a:1b:65:10:e6:d4:17:64:f7:00:
         f7:62:cb:d6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUODQMp7u9gxLK67zKCtCc7JpVyiQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUxMDAzMDAwMDE0WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTA2M2NlMTQ4NzA5NDU2MWQ1MDg0NjliZGVmYTY5NjRh
MWQwMjA2MTg2YjQ0MDkzZGIxZjg3OWFlOWRlYjQwMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4dB9wrrpVEVerN+dWe5nEzbawVzO6uHnnK1Q+PcaBPMW0
lcuq/5pYrW+3FpsTPNyPrxajRrNJi54iXheBeUOlA0wCw8Ffzj7ah5ogGsD5iaBJ
KSCA6WHQhEtRNxg9CYe7Z6FpVLexTlx14pxtaHfLlQnX4DoxjDY0rfC4ojulI1Zr
c3f9N73822MpSlgQgxgITNtSMTHFouXie9n2TJXYzPf9h5R/fHHNLQVrem4zANOj
hJqDXH9I8KadcC/wIcdzqsvs1Qf5tylPWiSFoKtoxFG4YQJQHNetPHVRXVvSKBL/
euf6pq17KXHrpE1SkGCJm+m8PyDqjgtfDig49oObAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ+i+0uS8BYnY0RlJnhUrKARlqLkwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzg1NDM2N2ZmLTQ1YjctNDkyNS05OWExLTk3YjAxZjRmYWJlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHY3aYwDQYJKoZIhvcNAQELBQADggEBAHWodkArQkOSrzKz6JyyJqd6yu7K
Z4YS97DtjED+TJ8AFK15y70Xgdrhvo0oIOVqtVm5/yut+1jvzK03WVy9nr9L+m9+
mbb6BKlI+AabXc08+QPJywO/bU9qzJD3bvRSqz9LqMNPpg6DPeFD3j5eiEAHo/GV
TkI+s/ffFfwDokm6ze7fBUKcHUjxjbch0jzJB50I4apE9OyAJvonhEPxG7ClatGY
4g3e+OBHYkvCzWYcrao3j2fmTG2dPUaQjMoNExIfzLt3a8n65Hlw4qWY4ua/S0RV
OMMJs/CA8ctfTniMvxHnWw5lw8eWXauV2cKD5mNOmhtlEObUF2T3APdiy9Y=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:00:46 2025 by rpki-client