Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ebd968d3-ce48-4118-aed7-b938cd13153f.roa
File:                     ebd968d3-ce48-4118-aed7-b938cd13153f.roa (raw, json)
Hash identifier:          gcJdFxyKG0X0h20ZyUu2OwTB/AZHueI2sUdVu1vKGJU=
Subject key identifier:   60:E0:5B:EF:5D:BE:3B:FA:52:D9:D2:E6:B3:C1:07:D8:87:2F:D8:C8
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       7DDE826E99862A23659C9460F47A751AFFF4965A
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ebd968d3-ce48-4118-aed7-b938cd13153f.roa
Signing time:             Tue 06 May 2025 00:01:03 +0000
ROA not before:           Tue 06 May 2025 00:01:03 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.169.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 12 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:de:82:6e:99:86:2a:23:65:9c:94:60:f4:7a:75:1a:ff:f4:96:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: May  6 00:01:03 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=299bfa0c0136e5a956557a2ff62a6bcdedbbfb2818c870e9fb48f058db4f5745, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:09:dd:96:ce:4c:dc:e2:5f:1c:cb:45:38:57:
                    40:38:ad:86:e6:61:8d:e5:90:d4:0d:1b:99:77:38:
                    9d:9d:7f:c8:d2:64:3b:c5:5a:ac:ce:f7:3a:d3:7c:
                    54:88:d8:3a:33:98:c2:38:a2:df:39:95:7b:4f:2e:
                    38:97:f8:32:04:5c:72:08:11:dc:87:fa:dc:da:d1:
                    62:0e:0b:65:2b:39:fc:53:e7:9b:58:6a:95:0f:47:
                    a0:4e:ba:69:cb:7a:d8:0e:f6:16:97:8f:f2:8f:10:
                    82:4e:72:4c:1f:da:88:3e:f6:5d:ca:1e:0e:f5:e8:
                    b2:68:eb:13:49:08:02:e6:4e:4e:22:37:9a:e2:72:
                    f0:22:82:80:03:c8:b0:70:6f:cc:9c:63:1d:32:02:
                    b2:48:df:27:ee:29:a4:eb:e7:1c:77:52:12:47:00:
                    72:7b:3f:f0:f5:5b:2c:38:aa:6e:d6:c7:49:5d:29:
                    19:8c:b7:c9:0e:79:1f:8d:36:29:5e:65:d7:d5:57:
                    8d:8b:da:bd:c0:2d:e4:a5:5c:4c:22:5b:ea:a0:75:
                    57:c0:5f:c4:98:68:aa:c3:51:9b:3c:58:42:f4:ab:
                    0b:f5:70:59:c1:35:d0:a9:b5:11:64:59:6c:bd:c5:
                    99:f0:81:b4:69:12:bd:8e:f4:90:bf:93:1b:37:de:
                    62:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E0:5B:EF:5D:BE:3B:FA:52:D9:D2:E6:B3:C1:07:D8:87:2F:D8:C8
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ebd968d3-ce48-4118-aed7-b938cd13153f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.169.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:38:f4:bf:41:6e:21:ac:e9:a8:84:eb:de:0b:1c:a9:8a:53:
         75:7a:95:5f:d6:39:4d:ae:1b:a3:8d:36:8e:34:24:63:31:dc:
         e0:21:53:a0:1a:ff:84:84:cf:b0:b3:5b:76:22:14:37:30:9f:
         65:de:2a:5d:95:84:09:94:a8:b1:0b:79:4e:7e:cb:4a:76:4c:
         c3:2b:b6:0d:f5:5a:e5:47:62:e3:db:b7:83:a5:fc:a1:a9:90:
         31:58:dd:e4:1d:db:6c:ed:c1:68:c4:a6:4c:24:c2:e9:f0:a6:
         8b:02:11:ef:8b:62:f9:ea:07:a6:d1:63:27:9c:0f:1a:07:48:
         e9:c1:33:a3:1d:8a:93:1e:b0:56:05:4d:e7:f1:09:d7:a5:1e:
         4d:67:fb:d2:22:c0:dc:85:76:7b:b2:44:2a:2f:30:00:36:b4:
         47:dd:38:b8:a6:b4:93:10:60:0b:e8:05:b7:b8:d3:ea:62:5a:
         7a:27:24:eb:9d:df:9a:a6:97:68:e8:8c:3b:a8:8b:18:91:dd:
         fe:4f:ed:26:d9:ce:f4:12:c6:89:ab:8a:4d:90:f8:76:d4:4e:
         50:07:99:5f:c7:d0:f3:a7:ce:55:53:94:34:73:0a:29:99:c9:
         43:95:7b:d9:86:62:7d:dc:fe:3d:75:10:03:c2:c6:7e:59:04:
         94:24:6f:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfd6CbpmGKiNlnJRg9Hp1Gv/0llowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNTA2MDAwMTAzWhcNMjUwNjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTliZmEwYzAxMzZlNWE5NTY1NTdhMmZmNjJhNmJjZGVk
YmJmYjI4MThjODcwZTlmYjQ4ZjA1OGRiNGY1NzQ1MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTCd2Wzkzc4l8cy0U4V0A4rYbmYY3lkNQNG5l3OJ2df8jS
ZDvFWqzO9zrTfFSI2DozmMI4ot85lXtPLjiX+DIEXHIIEdyH+tza0WIOC2UrOfxT
55tYapUPR6BOumnLetgO9haXj/KPEIJOckwf2og+9l3KHg716LJo6xNJCALmTk4i
N5ricvAigoADyLBwb8ycYx0yArJI3yfuKaTr5xx3UhJHAHJ7P/D1Wyw4qm7Wx0ld
KRmMt8kOeR+NNileZdfVV42L2r3ALeSlXEwiW+qgdVfAX8SYaKrDUZs8WEL0qwv1
cFnBNdCptRFkWWy9xZnwgbRpEr2O9JC/kxs33mLhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYOBb712+O/pS2dLms8EH2Icv2MgwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2ViZDk2OGQzLWNlNDgtNDExOC1hZWQ3LWI5MzhjZDEzMTUzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABFqeQwDQYJKoZIhvcNAQELBQADggEBABg49L9BbiGs6aiE694LHKmKU3V6
lV/WOU2uG6ONNo40JGMx3OAhU6Aa/4SEz7CzW3YiFDcwn2XeKl2VhAmUqLELeU5+
y0p2TMMrtg31WuVHYuPbt4Ol/KGpkDFY3eQd22ztwWjEpkwkwunwposCEe+LYvnq
B6bRYyecDxoHSOnBM6MdipMesFYFTefxCdelHk1n+9IiwNyFdnuyRCovMAA2tEfd
OLimtJMQYAvoBbe40+piWnonJOud35qml2jojDuoixiR3f5P7SbZzvQSxomrik2Q
+HbUTlAHmV/H0POnzlVTlDRzCimZyUOVe9mGYn3c/j11EAPCxn5ZBJQkbxE=
-----END CERTIFICATE-----