Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/cff2aad7-f173-47b6-ad48-6f279ff321d1.roa
File:                     cff2aad7-f173-47b6-ad48-6f279ff321d1.roa (raw, json)
Hash identifier:          jmjRfIriEtGxWhMuKmP0ZtQGNfkttOoxkpjldDs1BUk=
Subject key identifier:   E0:08:D8:3D:C1:C3:0C:CA:C2:D4:C8:2E:7E:9C:DD:7C:B2:56:AA:CD
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       3419F92A7ED0341BB750D59D2F18264A59E9B56C
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/cff2aad7-f173-47b6-ad48-6f279ff321d1.roa
Signing time:             Fri 15 Aug 2025 00:20:07 +0000
ROA not before:           Fri 15 Aug 2025 00:20:07 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:19:f9:2a:7e:d0:34:1b:b7:50:d5:9d:2f:18:26:4a:59:e9:b5:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Aug 15 00:20:07 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=325e7da8018a217de73fe23df511b5e41e04a77d2e84e55fad957b8c17e6bf93, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:84:05:86:4a:dc:fb:6c:84:56:eb:9c:80:29:
                    1f:a5:8a:b6:c9:0f:ce:a6:a4:16:f2:b0:a1:eb:66:
                    44:25:f6:a9:12:19:72:8c:9b:74:68:c7:bb:ae:2d:
                    ba:f0:24:33:7c:bb:59:60:cd:72:9b:09:dd:60:18:
                    00:22:90:a9:9d:06:57:2f:6c:f2:a9:9a:db:87:d6:
                    ce:bb:ca:9b:7b:e8:12:98:b8:08:56:46:b6:2f:97:
                    02:46:d2:8a:26:1c:4b:49:6b:51:a6:10:35:fe:c2:
                    fb:5b:5e:98:c7:11:1f:51:dc:d5:7d:79:98:16:b6:
                    3d:41:59:dc:90:f4:4b:f6:69:63:60:60:c2:96:e9:
                    5d:41:67:1d:19:55:7a:8c:da:96:d5:47:65:b6:8c:
                    e3:e4:42:0d:7a:7e:a2:f8:de:1e:fc:cd:7d:83:c8:
                    f4:eb:4a:51:05:4f:2f:3c:a6:f4:df:54:35:28:40:
                    5b:71:95:9b:1b:17:bd:c6:d1:d1:fb:b6:f5:68:77:
                    ea:67:50:39:3c:2a:45:08:2e:83:32:aa:91:26:10:
                    d9:66:e0:56:16:d3:b0:6b:c5:96:2d:af:22:84:29:
                    d6:b9:84:ea:61:7a:44:c6:b8:f5:7e:f7:36:ed:c6:
                    64:e5:08:12:83:49:2a:35:95:8f:1b:a2:ba:1e:fd:
                    12:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:08:D8:3D:C1:C3:0C:CA:C2:D4:C8:2E:7E:9C:DD:7C:B2:56:AA:CD
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/cff2aad7-f173-47b6-ad48-6f279ff321d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:3d:38:b4:f2:f1:e5:d1:00:4d:6d:a6:3b:b2:05:51:3c:d8:
         01:99:82:7d:52:2e:69:d6:db:73:7d:c8:46:3c:ca:d5:81:71:
         4a:f5:8c:45:9e:77:42:b4:70:64:f8:54:8d:f3:48:3b:d7:43:
         09:a4:d0:b1:c4:d5:b6:7a:f6:2f:90:e7:19:f9:28:31:02:df:
         cd:64:f2:26:28:28:39:bb:c1:18:98:97:d0:67:50:12:1e:8b:
         3e:16:86:bd:a8:0a:32:49:ef:11:97:bd:de:58:64:ca:f0:7e:
         2d:6b:70:80:e8:86:b6:29:e6:46:8f:9f:04:c7:cc:ad:dd:2a:
         a8:fe:5b:73:8d:6b:02:a0:d3:39:5c:0f:b7:12:a7:49:a6:78:
         e9:1a:d5:5b:a0:b1:5c:28:de:21:01:af:8e:7d:28:73:90:8d:
         53:dc:56:b6:72:3c:7d:4c:91:d9:00:b4:c4:23:5a:81:91:e1:
         bd:fd:61:f5:dc:bd:13:0d:56:d9:07:84:9c:a4:6e:ee:e0:59:
         fb:ad:b4:05:b1:74:a0:f0:4a:7b:1a:73:7e:cb:72:2b:52:ab:
         1e:3c:9d:17:8d:ac:18:e5:d0:fe:75:8b:79:03:b2:fe:69:95:
         78:2a:1e:7e:26:5c:c0:ea:52:bd:5a:22:9c:63:e6:80:8d:e2:
         24:d3:1e:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNBn5Kn7QNBu3UNWdLxgmSlnptWwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwODE1MDAyMDA3WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjVlN2RhODAxOGEyMTdkZTczZmUyM2RmNTExYjVlNDFl
MDRhNzdkMmU4NGU1NWZhZDk1N2I4YzE3ZTZiZjkzMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCchAWGStz7bIRW65yAKR+lirbJD86mpBbysKHrZkQl9qkS
GXKMm3Rox7uuLbrwJDN8u1lgzXKbCd1gGAAikKmdBlcvbPKpmtuH1s67ypt76BKY
uAhWRrYvlwJG0oomHEtJa1GmEDX+wvtbXpjHER9R3NV9eZgWtj1BWdyQ9Ev2aWNg
YMKW6V1BZx0ZVXqM2pbVR2W2jOPkQg16fqL43h78zX2DyPTrSlEFTy88pvTfVDUo
QFtxlZsbF73G0dH7tvVod+pnUDk8KkUILoMyqpEmENlm4FYW07BrxZYtryKEKda5
hOphekTGuPV+9zbtxmTlCBKDSSo1lY8boroe/RKHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4AjYPcHDDMrC1MgufpzdfLJWqs0wHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2NmZjJhYWQ3LWYxNzMtNDdiNi1hZDQ4LTZmMjc5ZmYzMjFkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+dQwDQYJKoZIhvcNAQELBQADggEBAFg9OLTy8eXRAE1tpjuyBVE82AGZ
gn1SLmnW23N9yEY8ytWBcUr1jEWed0K0cGT4VI3zSDvXQwmk0LHE1bZ69i+Q5xn5
KDEC381k8iYoKDm7wRiYl9BnUBIeiz4Whr2oCjJJ7xGXvd5YZMrwfi1rcIDohrYp
5kaPnwTHzK3dKqj+W3ONawKg0zlcD7cSp0mmeOka1VugsVwo3iEBr459KHOQjVPc
VrZyPH1MkdkAtMQjWoGR4b39YfXcvRMNVtkHhJykbu7gWfuttAWxdKDwSnsac37L
citSqx48nReNrBjl0P51i3kDsv5plXgqHn4mXMDqUr1aIpxj5oCN4iTTHsM=
-----END CERTIFICATE-----