Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ebd968d3-ce48-4118-aed7-b938cd13153f.roa
File:                     ebd968d3-ce48-4118-aed7-b938cd13153f.roa (raw, json)
Hash identifier:          7Fds12V/wxVsPzZFyq9mnfB4qQY4UvSjLXlWvw5N9V8=
Subject key identifier:   32:AA:3D:5C:ED:D4:AB:7F:CC:D0:2A:53:46:F9:18:8C:52:C0:AD:C1
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       1B7624A1BFE9D879329372E7818BBE4B0D1B751D
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ebd968d3-ce48-4118-aed7-b938cd13153f.roa
Signing time:             Fri 15 Aug 2025 00:21:05 +0000
ROA not before:           Fri 15 Aug 2025 00:21:05 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.169.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:76:24:a1:bf:e9:d8:79:32:93:72:e7:81:8b:be:4b:0d:1b:75:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Aug 15 00:21:05 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=29a1a954c827d4ed8c844b7830b3c08667af2f2b3012266b1c1056de0e4538e5, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2d:a8:ff:2f:7c:5b:e1:44:f6:23:c1:6f:76:
                    6e:7f:e3:58:a0:dd:0e:9b:2e:3d:08:cb:2f:a4:2e:
                    69:40:c7:48:94:1c:52:23:95:ff:19:0c:54:1f:0d:
                    e4:ed:44:b5:77:29:0a:ed:36:c0:ec:d8:92:1d:a0:
                    f7:ba:77:81:c2:6f:24:a1:62:4e:ed:93:41:d7:9d:
                    cb:86:55:27:1a:2e:b9:2e:50:d4:39:7a:01:68:9b:
                    b3:aa:55:56:23:e6:30:04:71:f6:34:19:74:2b:6a:
                    0c:8c:85:6b:be:09:23:72:1a:54:e3:17:b0:35:60:
                    19:b4:6e:6b:2e:f7:76:bb:eb:0c:54:51:45:9c:00:
                    86:7f:6f:58:a0:22:4f:26:02:e3:67:30:b8:27:b9:
                    e0:c4:95:40:71:0a:63:23:b7:81:52:9d:5c:0e:f4:
                    ab:95:67:4a:70:36:cd:af:47:73:bd:66:83:ec:bf:
                    e7:3d:67:ce:ca:97:f3:62:51:a1:62:e7:cd:ac:ba:
                    36:8b:4b:5b:84:8e:51:69:fa:f6:ee:12:ff:20:48:
                    03:cc:71:1d:b1:ef:02:4b:c0:be:57:93:00:27:13:
                    4e:9d:ef:55:9b:a3:0b:48:a9:80:c1:0a:67:bd:f1:
                    88:37:ea:b8:0b:68:b6:fe:57:21:b3:fb:c3:52:54:
                    8a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AA:3D:5C:ED:D4:AB:7F:CC:D0:2A:53:46:F9:18:8C:52:C0:AD:C1
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ebd968d3-ce48-4118-aed7-b938cd13153f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.169.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:a5:80:3c:ba:8b:d3:f2:74:26:2d:4d:c9:d5:7d:96:6d:da:
         3b:6c:46:50:76:ec:3f:f8:73:a8:92:dc:94:c9:d8:05:17:10:
         a6:82:8c:9c:0a:0b:44:3d:e7:da:4a:bb:b3:20:d3:94:36:61:
         06:27:d3:ec:27:1c:37:81:61:16:17:90:09:e2:4d:91:82:69:
         e9:00:57:ee:75:2f:32:11:99:a4:44:70:ba:73:dd:0f:57:bf:
         2b:52:ba:22:19:e0:ff:c2:7b:1a:85:aa:17:bc:62:a9:25:5d:
         c6:3b:0f:f9:ee:c9:68:38:8e:fc:88:88:e3:c9:23:3b:1e:19:
         6b:b4:b1:a2:8d:31:4d:da:12:1c:91:53:cd:8f:59:73:7d:c6:
         d6:c7:7d:65:b0:c9:17:8f:dd:dd:88:65:6f:26:ca:2b:42:ec:
         85:f1:ec:e7:95:56:97:8c:19:78:6b:ba:39:0f:58:a7:0e:a1:
         f6:51:8d:08:df:03:d1:bd:96:41:9a:25:b5:1c:91:5c:75:fb:
         0a:bb:6e:10:9f:b3:bc:6b:4d:63:e5:fb:24:5e:92:9b:73:9d:
         f5:48:30:60:59:a8:ec:89:7a:50:43:9e:68:a1:f0:c1:c8:e0:
         aa:6c:68:a2:2a:7b:e7:e2:25:3e:38:40:0c:cf:14:55:d1:24:
         dd:78:58:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG3Ykob/p2Hkyk3LngYu+Sw0bdR0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwODE1MDAyMTA1WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOWExYTk1NGM4MjdkNGVkOGM4NDRiNzgzMGIzYzA4NjY3
YWYyZjJiMzAxMjI2NmIxYzEwNTZkZTBlNDUzOGU1MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsLaj/L3xb4UT2I8Fvdm5/41ig3Q6bLj0Iyy+kLmlAx0iU
HFIjlf8ZDFQfDeTtRLV3KQrtNsDs2JIdoPe6d4HCbyShYk7tk0HXncuGVScaLrku
UNQ5egFom7OqVVYj5jAEcfY0GXQragyMhWu+CSNyGlTjF7A1YBm0bmsu93a76wxU
UUWcAIZ/b1igIk8mAuNnMLgnueDElUBxCmMjt4FSnVwO9KuVZ0pwNs2vR3O9ZoPs
v+c9Z87Kl/NiUaFi582sujaLS1uEjlFp+vbuEv8gSAPMcR2x7wJLwL5XkwAnE06d
71WbowtIqYDBCme98Yg36rgLaLb+VyGz+8NSVIoXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMqo9XO3Uq3/M0CpTRvkYjFLArcEwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2ViZDk2OGQzLWNlNDgtNDExOC1hZWQ3LWI5MzhjZDEzMTUzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABFqeQwDQYJKoZIhvcNAQELBQADggEBAEalgDy6i9PydCYtTcnVfZZt2jts
RlB27D/4c6iS3JTJ2AUXEKaCjJwKC0Q959pKu7Mg05Q2YQYn0+wnHDeBYRYXkAni
TZGCaekAV+51LzIRmaREcLpz3Q9XvytSuiIZ4P/CexqFqhe8YqklXcY7D/nuyWg4
jvyIiOPJIzseGWu0saKNMU3aEhyRU82PWXN9xtbHfWWwyReP3d2IZW8myitC7IXx
7OeVVpeMGXhrujkPWKcOofZRjQjfA9G9lkGaJbUckVx1+wq7bhCfs7xrTWPl+yRe
kptznfVIMGBZqOyJelBDnmih8MHI4KpsaKIqe+fiJT44QAzPFFXRJN14WEE=
-----END CERTIFICATE-----