Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/52ad3d25-6525-4bf6-9a67-3ad28a806ae3.roa
File:                     52ad3d25-6525-4bf6-9a67-3ad28a806ae3.roa (raw, json)
Hash identifier:          oc+FVkE1sQe2z9IlO/J1kDXYyrSfFlF1AC2RxfDYvWQ=
Subject key identifier:   A0:CB:3B:BF:CD:19:BB:D1:79:F9:BE:1E:FB:CB:26:BC:A9:10:01:13
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       23F237A1382E678C2EA9E30336E3962341E83910
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/52ad3d25-6525-4bf6-9a67-3ad28a806ae3.roa
Signing time:             Thu 16 Oct 2025 16:35:07 +0000
ROA not before:           Thu 16 Oct 2025 16:35:07 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        3.2.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:f2:37:a1:38:2e:67:8c:2e:a9:e3:03:36:e3:96:23:41:e8:39:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 16:35:07 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=2a827b8dbae7caf97c874b18e8014db164761a18c983ad89b99a0e2f2953f7ce, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:47:9f:fd:57:90:dd:ab:41:c8:ff:ce:70:ca:
                    3b:96:9c:55:8b:a4:e9:38:0b:5e:67:c2:bb:54:6d:
                    c6:40:33:af:c3:15:96:01:6c:69:73:cb:67:e8:f8:
                    1d:4d:75:26:3d:7c:0c:d1:72:57:a5:f0:27:d3:e0:
                    c8:d3:d8:af:9c:fe:06:aa:52:70:81:51:cd:c0:11:
                    07:f5:0f:8b:cf:09:8a:ec:24:10:41:e8:c1:fe:c9:
                    cb:82:15:0e:24:fb:cf:b6:a3:a3:0a:29:33:74:19:
                    ea:15:55:95:c6:94:f8:53:e5:35:20:87:44:7f:40:
                    86:c1:d8:c0:cd:31:04:16:ad:97:bd:bb:9a:80:ef:
                    76:16:85:ba:2b:d7:1a:20:8d:bb:f2:4f:dd:29:2e:
                    4e:73:71:50:fe:aa:48:e1:d3:5d:a6:8c:57:24:3f:
                    83:21:c2:6f:74:91:3c:d2:c5:21:ed:4d:ce:cd:8c:
                    6e:ee:d7:02:3a:99:4c:ad:c6:0c:f1:12:a4:d9:3d:
                    69:ec:02:77:68:31:73:33:0a:a7:f3:e5:b3:01:f8:
                    00:4c:b6:94:60:e9:e2:b1:50:ca:28:6a:de:b5:da:
                    b3:3a:87:27:ac:75:27:f9:1c:d4:99:9a:b4:e8:3e:
                    e1:0e:42:dd:98:3d:2a:a6:fe:a9:f1:ac:c1:61:21:
                    e1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:CB:3B:BF:CD:19:BB:D1:79:F9:BE:1E:FB:CB:26:BC:A9:10:01:13
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/52ad3d25-6525-4bf6-9a67-3ad28a806ae3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:df:dc:57:68:bd:8a:dc:97:6d:23:cf:c5:ad:9e:81:f4:13:
         05:82:fc:94:37:7e:90:f1:d5:4a:e1:82:0a:cb:a4:5d:1c:bc:
         be:33:95:b5:59:3c:a8:29:40:a4:d5:c8:7d:89:f7:71:f3:d3:
         15:b7:96:f2:78:58:5b:5a:da:7f:20:47:12:3a:aa:4c:c4:64:
         4c:c3:68:04:8c:25:3f:30:36:e4:a8:28:1e:c0:b0:2e:e6:4f:
         d3:c2:c8:66:b3:36:43:df:1e:0f:6e:d0:af:62:5c:88:b2:67:
         d8:54:01:4b:0f:63:6e:49:e8:ee:ea:ba:bb:bb:1c:ca:82:7c:
         0d:fe:fb:01:12:b1:ca:06:ba:26:14:17:db:7a:bc:1b:43:cb:
         03:72:17:2c:4d:5e:83:44:a1:9f:4f:46:c7:fb:5c:8d:88:6a:
         72:f0:d5:db:88:fc:e4:8b:ad:20:ee:eb:f7:a1:11:de:00:33:
         75:ba:fd:82:99:53:e4:54:10:39:d3:39:23:18:5d:f8:9a:e5:
         65:3d:06:54:43:84:3b:91:a3:76:76:7b:d6:da:12:e7:3f:19:
         6c:9d:5a:48:1c:5d:d5:3e:f9:e3:49:66:a8:14:69:4b:a5:47:
         6c:3a:94:5b:de:9b:2e:73:1c:9f:5c:1f:02:97:8a:2d:fd:73:
         0c:f5:7c:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI/I3oTguZ4wuqeMDNuOWI0HoORAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTYzNTA3WhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTgyN2I4ZGJhZTdjYWY5N2M4NzRiMThlODAxNGRiMTY0
NzYxYTE4Yzk4M2FkODliOTlhMGUyZjI5NTNmN2NlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8R5/9V5Ddq0HI/85wyjuWnFWLpOk4C15nwrtUbcZAM6/D
FZYBbGlzy2fo+B1NdSY9fAzRclel8CfT4MjT2K+c/gaqUnCBUc3AEQf1D4vPCYrs
JBBB6MH+ycuCFQ4k+8+2o6MKKTN0GeoVVZXGlPhT5TUgh0R/QIbB2MDNMQQWrZe9
u5qA73YWhbor1xogjbvyT90pLk5zcVD+qkjh012mjFckP4Mhwm90kTzSxSHtTc7N
jG7u1wI6mUytxgzxEqTZPWnsAndoMXMzCqfz5bMB+ABMtpRg6eKxUMooat612rM6
hyesdSf5HNSZmrToPuEOQt2YPSqm/qnxrMFhIeFbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoMs7v80Zu9F5+b4e+8smvKkQARMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUyYWQzZDI1LTY1MjUtNGJmNi05YTY3LTNhZDI4YTgwNmFlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAh0wDQYJKoZIhvcNAQELBQADggEBAILf3FdovYrcl20jz8WtnoH0EwWC
/JQ3fpDx1UrhggrLpF0cvL4zlbVZPKgpQKTVyH2J93Hz0xW3lvJ4WFta2n8gRxI6
qkzEZEzDaASMJT8wNuSoKB7AsC7mT9PCyGazNkPfHg9u0K9iXIiyZ9hUAUsPY25J
6O7quru7HMqCfA3++wESscoGuiYUF9t6vBtDywNyFyxNXoNEoZ9PRsf7XI2IanLw
1duI/OSLrSDu6/ehEd4AM3W6/YKZU+RUEDnTOSMYXfia5WU9BlRDhDuRo3Z2e9ba
Euc/GWydWkgcXdU++eNJZqgUaUulR2w6lFvemy5zHJ9cHwKXii39cwz1fMw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:58:47 2025 by rpki-client