Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa
File:                     3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa (raw, json)
Hash identifier:          PgX4L0drpFqZ3cEeAFF3o8+MJOz06tmiajJCRvxJSho=
Subject key identifier:   04:53:5E:E1:6F:2B:ED:8B:51:11:36:27:3A:11:B9:BC:11:B8:ED:69
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       2FF58D0DFC8371DF5AC2709CE94FC294EFF29C3D
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa
Signing time:             Tue 09 Sep 2025 00:21:09 +0000
ROA not before:           Tue 09 Sep 2025 00:21:09 +0000
ROA not after:            Tue 14 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Sep 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:f5:8d:0d:fc:83:71:df:5a:c2:70:9c:e9:4f:c2:94:ef:f2:9c:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Sep  9 00:21:09 2025 GMT
            Not After : Oct 14 23:59:59 2025 GMT
        Subject: serialNumber=a77441122794c32ccc6fd263b3a55bd80f01f92828dd3eee917ea8902380abbc, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7c:bf:8f:22:c6:dd:0f:3f:a9:99:21:a7:0d:
                    49:47:e0:9c:de:9a:90:66:65:76:39:9a:48:99:89:
                    dc:66:6b:ad:a0:55:e4:08:a3:86:96:51:0e:64:4b:
                    95:a6:2b:cd:c6:8f:f2:fb:29:aa:9d:1a:10:1d:d7:
                    c1:f2:94:be:ce:6f:16:bf:8c:6c:19:f4:57:cd:b2:
                    47:30:3e:ee:97:ed:25:dc:be:7e:40:8a:e2:f8:58:
                    32:19:a1:89:39:f9:9b:6c:26:44:b1:e0:a5:97:1e:
                    e1:d1:05:2b:36:8f:09:92:9f:77:29:76:a1:d8:bd:
                    5f:42:91:8e:97:4a:7d:2d:19:e1:9d:b9:ce:4a:62:
                    68:3d:9f:69:5d:43:68:af:12:a8:bd:79:f7:b2:a2:
                    c4:15:8a:3e:a8:4a:ce:70:fd:c0:5e:9b:0c:a6:ee:
                    7c:fd:44:12:e4:df:49:82:ae:4e:fa:12:d9:75:d1:
                    13:74:02:2b:39:75:09:45:50:b4:46:d6:54:4c:37:
                    7d:19:0b:34:20:58:81:6d:1c:c0:60:70:2a:51:66:
                    97:da:16:ce:09:58:44:51:54:f4:0c:a6:17:12:e0:
                    5a:39:10:6e:4b:da:cb:ea:7e:b9:71:7f:02:a6:d7:
                    bc:51:20:53:8f:0f:8c:13:5d:63:f0:7c:93:ab:27:
                    9e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:53:5E:E1:6F:2B:ED:8B:51:11:36:27:3A:11:B9:BC:11:B8:ED:69
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/3ad2ae9c-d505-4b53-8a03-c0034602d40e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:fe:2a:f1:73:37:b5:3b:c4:ce:16:1b:d9:a8:d3:ad:fe:a4:
         da:e2:04:27:59:61:39:a9:e9:0c:76:3e:6a:04:48:4f:cd:a3:
         84:25:e5:45:78:5b:d3:86:af:0f:03:c3:66:73:f0:25:70:cc:
         75:45:30:5c:78:02:59:ae:6c:f1:4f:90:61:fd:da:9a:a1:71:
         a8:c8:75:4a:9a:2e:4a:10:5b:19:68:a5:1c:84:e7:df:c9:eb:
         b1:ce:87:19:2e:da:34:99:e8:6a:80:10:91:1b:45:4d:64:35:
         49:07:74:30:39:b7:24:31:18:f8:b9:ed:69:c7:aa:fa:65:78:
         a1:84:9f:aa:c0:98:81:a1:9f:33:25:36:5e:0d:cf:26:a9:f7:
         63:ca:4e:be:50:39:c8:e8:a3:38:3f:08:72:82:e6:c5:fe:8c:
         a8:a5:c5:4f:57:bd:9b:05:8c:2d:de:94:68:28:2e:cf:4e:10:
         ea:c9:dc:86:c3:4e:40:86:43:33:94:a8:e9:ae:26:00:7d:a3:
         08:c4:83:1d:91:12:8e:88:e2:65:69:81:17:6d:8a:fd:d6:5a:
         09:22:18:45:19:69:2d:b2:bb:c2:52:88:f0:4e:1f:5b:40:c7:
         0a:9d:d3:53:78:2c:36:e1:57:e4:d3:01:3b:eb:61:19:b8:35:
         8b:60:64:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL/WNDfyDcd9awnCc6U/ClO/ynD0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwOTA5MDAyMTA5WhcNMjUxMDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzc0NDExMjI3OTRjMzJjY2M2ZmQyNjNiM2E1NWJkODBm
MDFmOTI4MjhkZDNlZWU5MTdlYTg5MDIzODBhYmJjMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCofL+PIsbdDz+pmSGnDUlH4JzempBmZXY5mkiZidxma62g
VeQIo4aWUQ5kS5WmK83Gj/L7KaqdGhAd18HylL7Obxa/jGwZ9FfNskcwPu6X7SXc
vn5AiuL4WDIZoYk5+ZtsJkSx4KWXHuHRBSs2jwmSn3cpdqHYvV9CkY6XSn0tGeGd
uc5KYmg9n2ldQ2ivEqi9efeyosQVij6oSs5w/cBemwym7nz9RBLk30mCrk76Etl1
0RN0Ais5dQlFULRG1lRMN30ZCzQgWIFtHMBgcCpRZpfaFs4JWERRVPQMphcS4Fo5
EG5L2svqfrlxfwKm17xRIFOPD4wTXWPwfJOrJ56TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBFNe4W8r7YtRETYnOhG5vBG47WkwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzNhZDJhZTljLWQ1MDUtNGI1My04YTAzLWMwMDM0NjAyZDQwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX++AwDQYJKoZIhvcNAQELBQADggEBADj+KvFzN7U7xM4WG9mo063+pNri
BCdZYTmp6Qx2PmoESE/No4Ql5UV4W9OGrw8Dw2Zz8CVwzHVFMFx4AlmubPFPkGH9
2pqhcajIdUqaLkoQWxlopRyE59/J67HOhxku2jSZ6GqAEJEbRU1kNUkHdDA5tyQx
GPi57WnHqvpleKGEn6rAmIGhnzMlNl4Nzyap92PKTr5QOcjoozg/CHKC5sX+jKil
xU9XvZsFjC3elGgoLs9OEOrJ3IbDTkCGQzOUqOmuJgB9owjEgx2REo6I4mVpgRdt
iv3WWgkiGEUZaS2yu8JSiPBOH1tAxwqd01N4LDbhV+TTATvrYRm4NYtgZB8=
-----END CERTIFICATE-----
Generated at Tue Sep 16 16:13:46 2025 by rpki-client