Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/f174f360-a3ca-4335-8414-4727cef110a8.roa
File:                     f174f360-a3ca-4335-8414-4727cef110a8.roa (raw, json)
Hash identifier:          qKVVxi0WALX1WRgcfM4W84WzQA6qObkQTpxXU8W6yXE=
Subject key identifier:   A3:AD:60:B8:E3:08:40:A9:EF:1C:D3:72:66:93:AE:C2:62:00:FE:D4
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       16817568F471EA0882C7F4A03D09626AF241C8F8
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/f174f360-a3ca-4335-8414-4727cef110a8.roa
Signing time:             Sat 04 Oct 2025 00:20:54 +0000
ROA not before:           Sat 04 Oct 2025 00:20:54 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:81:75:68:f4:71:ea:08:82:c7:f4:a0:3d:09:62:6a:f2:41:c8:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct  4 00:20:54 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=7298b8a00aec3f144091e18b7809dddff086496674ba102c9607e79753452629, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b5:c6:b3:57:98:63:34:da:ac:0e:d6:b1:6e:
                    cf:9c:d5:14:d3:3b:19:8a:e4:c3:a3:8d:0d:ca:e3:
                    d7:76:c8:1d:0c:58:0d:f2:1f:cf:4a:31:c4:86:0a:
                    6f:4c:c4:1d:8a:29:ae:4c:49:0b:8a:7e:0f:f2:35:
                    e4:14:23:45:24:2f:a2:5c:f6:68:2d:86:5f:b6:e7:
                    1d:63:a0:72:05:51:aa:46:17:51:f8:b7:c5:49:ff:
                    eb:7b:d0:10:bb:50:37:35:38:d5:86:3f:06:d4:02:
                    65:8d:19:6f:60:5d:81:62:1a:28:58:b8:12:4f:0a:
                    81:f1:24:7e:84:e3:fb:39:67:fa:19:a8:34:e7:f5:
                    a8:76:c5:99:4c:4e:66:23:f8:46:1b:46:d4:0c:f4:
                    3e:eb:36:c3:48:ce:c6:37:bd:a4:c0:aa:bc:28:f2:
                    4e:bc:5d:5a:a5:a4:12:84:74:3f:af:43:3e:92:df:
                    08:4c:ca:25:98:f1:d6:05:fe:73:9d:1d:42:58:43:
                    d5:31:d8:07:7a:de:cd:29:20:46:9f:c6:a0:db:99:
                    15:1c:dc:c2:96:06:02:9f:36:a0:c1:3e:3a:f2:d9:
                    68:d6:3d:44:f4:60:c1:5c:d3:b8:0a:5b:cb:da:05:
                    2e:6d:72:a9:ad:e2:7c:bf:a2:f8:63:a8:14:17:2c:
                    4f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AD:60:B8:E3:08:40:A9:EF:1C:D3:72:66:93:AE:C2:62:00:FE:D4
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/f174f360-a3ca-4335-8414-4727cef110a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b7:ef:ee:b4:ef:d8:18:42:e6:11:4a:b5:68:a4:21:fe:54:
         e4:c8:d8:a7:37:59:50:14:49:c6:46:4b:39:a8:04:8f:6d:51:
         c9:61:7d:eb:b2:6d:ec:a1:43:81:ad:62:fd:1e:f8:2b:63:ee:
         af:ad:d9:6a:d2:80:10:7a:a3:69:32:3e:71:e0:04:3d:48:f6:
         9f:4b:f6:d9:6e:55:93:92:c3:b0:2e:0c:3c:dc:dc:d5:b4:ec:
         69:0b:af:d0:8e:17:ab:88:cc:a2:bb:e8:f8:45:64:bb:c1:2e:
         f2:29:4f:ca:5d:e2:16:af:78:06:3e:67:b5:7b:86:74:a7:01:
         d1:ce:b6:c1:2c:8a:bd:50:42:86:32:48:77:94:3f:53:8f:04:
         ff:e0:c8:93:51:1a:c0:0f:c9:53:29:23:c5:31:3f:9f:c8:7f:
         be:54:00:c4:35:18:f2:dd:5a:8d:6d:e8:ef:44:07:07:71:59:
         35:17:7a:be:50:c5:98:21:4e:c9:99:a8:1c:f7:8a:44:17:3e:
         9c:81:14:9b:0e:05:c4:db:d2:51:d8:fb:ed:d3:80:75:89:58:
         4f:27:cf:2b:9a:fe:4f:98:84:df:c3:f1:23:a2:4f:44:b8:4f:
         fc:9d:de:17:30:26:6f:a7:2e:20:d9:3a:d2:13:a6:33:2d:7e:
         19:8e:02:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFoF1aPRx6giCx/SgPQliavJByPgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUxMDA0MDAyMDU0WhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Mjk4YjhhMDBhZWMzZjE0NDA5MWUxOGI3ODA5ZGRkZmYw
ODY0OTY2NzRiYTEwMmM5NjA3ZTc5NzUzNDUyNjI5MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+tcazV5hjNNqsDtaxbs+c1RTTOxmK5MOjjQ3K49d2yB0M
WA3yH89KMcSGCm9MxB2KKa5MSQuKfg/yNeQUI0UkL6Jc9mgthl+25x1joHIFUapG
F1H4t8VJ/+t70BC7UDc1ONWGPwbUAmWNGW9gXYFiGihYuBJPCoHxJH6E4/s5Z/oZ
qDTn9ah2xZlMTmYj+EYbRtQM9D7rNsNIzsY3vaTAqrwo8k68XVqlpBKEdD+vQz6S
3whMyiWY8dYF/nOdHUJYQ9Ux2Ad63s0pIEafxqDbmRUc3MKWBgKfNqDBPjry2WjW
PUT0YMFc07gKW8vaBS5tcqmt4ny/ovhjqBQXLE/NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo61guOMIQKnvHNNyZpOuwmIA/tQwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2YxNzRmMzYwLWEzY2EtNDMzNS04NDE0LTQ3MjdjZWYxMTBhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+dUwDQYJKoZIhvcNAQELBQADggEBAEe37+6079gYQuYRSrVopCH+VOTI
2Kc3WVAUScZGSzmoBI9tUclhfeuybeyhQ4GtYv0e+Ctj7q+t2WrSgBB6o2kyPnHg
BD1I9p9L9tluVZOSw7AuDDzc3NW07GkLr9COF6uIzKK76PhFZLvBLvIpT8pd4hav
eAY+Z7V7hnSnAdHOtsEsir1QQoYySHeUP1OPBP/gyJNRGsAPyVMpI8UxP5/If75U
AMQ1GPLdWo1t6O9EBwdxWTUXer5QxZghTsmZqBz3ikQXPpyBFJsOBcTb0lHY++3T
gHWJWE8nzyua/k+YhN/D8SOiT0S4T/yd3hcwJm+nLiDZOtITpjMtfhmOAvM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:37:23 2025 by rpki-client