Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/fa37fece-cb6b-47c4-9fdb-04a4117bc583.roa
File:                     fa37fece-cb6b-47c4-9fdb-04a4117bc583.roa (raw, json)
Hash identifier:          aVRAY/5VNElARluBQn0+YbJmKey4YnrELUs/2buBzCw=
Subject key identifier:   E8:26:4E:22:58:96:79:B8:D3:48:9A:5F:B7:C8:17:76:3E:EF:E9:B2
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       05EF48978FA2D3C1096E6E9CA95CA983C3C0F964
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/fa37fece-cb6b-47c4-9fdb-04a4117bc583.roa
Signing time:             Mon 21 Jul 2025 15:20:12 +0000
ROA not before:           Mon 21 Jul 2025 15:20:12 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:ef:48:97:8f:a2:d3:c1:09:6e:6e:9c:a9:5c:a9:83:c3:c0:f9:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jul 21 15:20:12 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=4085d999a84c116a26e5397f3391eaa01e2b3b2a7d222891d28c98138ba43d9c, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3c:15:df:6a:2e:6f:74:b7:6e:a7:16:37:98:
                    d6:0c:6e:77:1b:73:3c:f2:40:22:76:52:7c:9f:4d:
                    82:ca:aa:a5:39:49:4c:b4:13:26:53:40:f8:39:d1:
                    e4:a1:fb:60:5e:a3:bf:9a:2e:5c:a6:da:1d:8d:0e:
                    f2:b6:f8:e5:81:bd:fc:f0:26:c6:f2:71:ba:15:a5:
                    34:29:1b:68:48:6c:2a:24:67:3d:ac:4a:eb:fd:fd:
                    ce:7c:2b:6a:64:4e:aa:0c:52:97:20:c1:26:26:b9:
                    8b:3e:7f:7b:75:a4:16:4a:9d:39:24:9c:f5:8e:3c:
                    d9:61:99:01:f0:98:e2:c5:61:ce:02:c9:22:ea:49:
                    18:cd:93:d3:22:99:dd:9d:05:65:b2:bf:9a:13:2a:
                    a2:01:ed:86:35:6e:6b:e7:7f:ac:10:3d:0f:ba:62:
                    7f:da:de:b1:56:53:85:80:86:10:f5:8e:ad:c9:15:
                    f3:dc:47:36:d0:05:b6:30:7f:e8:b0:ab:7b:d4:88:
                    43:fa:20:c8:8c:68:4e:9b:34:c8:84:b9:9a:4d:7e:
                    86:4b:04:69:2a:b9:75:97:52:6c:80:46:04:fc:d5:
                    33:44:85:b7:bd:ab:1a:14:b9:46:13:f2:31:77:ce:
                    62:5b:4f:7d:f2:1b:a0:19:9f:40:c5:5f:a5:b7:4a:
                    7d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:26:4E:22:58:96:79:B8:D3:48:9A:5F:B7:C8:17:76:3E:EF:E9:B2
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/fa37fece-cb6b-47c4-9fdb-04a4117bc583.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:1c:d3:a3:49:2d:4a:95:55:10:71:91:2c:55:15:3a:f2:d9:
         51:ca:c8:94:fc:73:18:15:c3:bf:32:e1:1c:da:aa:1b:4f:13:
         9d:ae:2e:9c:02:0b:77:f9:2a:fd:59:f2:dd:e6:ae:a4:22:58:
         59:a6:4f:a3:46:2d:b0:5f:70:5f:a5:f5:21:18:86:9c:cb:bd:
         fc:44:00:1b:da:da:4b:8f:e0:71:3b:53:60:52:01:a4:4d:38:
         c5:05:4a:17:1b:d5:09:3b:dd:26:e8:c7:de:71:cc:2c:2c:e4:
         2a:7f:e0:a0:26:14:1e:59:57:e6:74:98:bd:79:15:85:38:30:
         e8:f2:e7:82:6d:32:cd:e7:ac:66:39:35:ea:0f:90:2d:b2:97:
         2a:9e:6c:2a:1f:45:da:ec:0a:44:3f:c6:3c:d8:da:b0:ef:51:
         c5:89:0b:f6:c8:19:a4:04:f0:41:12:b2:bd:36:c7:49:a4:9b:
         10:6e:08:ef:8a:6e:a1:62:f1:39:72:b0:91:ab:97:68:e9:b1:
         b4:49:df:30:24:ac:04:52:b0:7d:bb:11:9d:46:67:db:84:cf:
         7e:8c:5f:d4:1f:0b:77:ed:74:3c:1c:66:78:0e:ed:f0:d5:ef:
         65:cd:5d:22:01:8f:df:0e:d7:b2:4f:d8:c3:b9:7d:ff:f8:4c:
         c0:ff:3a:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBe9Il4+i08EJbm6cqVypg8PA+WQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNzIxMTUyMDEyWhcNMjUwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDg1ZDk5OWE4NGMxMTZhMjZlNTM5N2YzMzkxZWFhMDFl
MmIzYjJhN2QyMjI4OTFkMjhjOTgxMzhiYTQzZDljMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjPBXfai5vdLdupxY3mNYMbncbczzyQCJ2UnyfTYLKqqU5
SUy0EyZTQPg50eSh+2Beo7+aLlym2h2NDvK2+OWBvfzwJsbycboVpTQpG2hIbCok
Zz2sSuv9/c58K2pkTqoMUpcgwSYmuYs+f3t1pBZKnTkknPWOPNlhmQHwmOLFYc4C
ySLqSRjNk9Mimd2dBWWyv5oTKqIB7YY1bmvnf6wQPQ+6Yn/a3rFWU4WAhhD1jq3J
FfPcRzbQBbYwf+iwq3vUiEP6IMiMaE6bNMiEuZpNfoZLBGkquXWXUmyARgT81TNE
hbe9qxoUuUYT8jF3zmJbT33yG6AZn0DFX6W3Sn3rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6CZOIliWebjTSJpft8gXdj7v6bIwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2ZhMzdmZWNlLWNiNmItNDdjNC05ZmRiLTA0YTQxMTdiYzU4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM378wDQYJKoZIhvcNAQELBQADggEBAEIc06NJLUqVVRBxkSxVFTry2VHK
yJT8cxgVw78y4RzaqhtPE52uLpwCC3f5Kv1Z8t3mrqQiWFmmT6NGLbBfcF+l9SEY
hpzLvfxEABva2kuP4HE7U2BSAaRNOMUFShcb1Qk73Sbox95xzCws5Cp/4KAmFB5Z
V+Z0mL15FYU4MOjy54JtMs3nrGY5NeoPkC2ylyqebCofRdrsCkQ/xjzY2rDvUcWJ
C/bIGaQE8EESsr02x0mkmxBuCO+KbqFi8TlysJGrl2jpsbRJ3zAkrARSsH27EZ1G
Z9uEz36MX9QfC3ftdDwcZngO7fDV72XNXSIBj98O17JP2MO5ff/4TMD/OmY=
-----END CERTIFICATE-----