Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5ff4b44a-41c9-4bc0-b77e-520fd1d7927e.roa
File:                     5ff4b44a-41c9-4bc0-b77e-520fd1d7927e.roa (raw, json)
Hash identifier:          xX7YPUzGkiM8cmiogjzh1TkNbCrY7dBpffdNxrJQaq0=
Subject key identifier:   5D:38:25:21:AF:7E:DD:08:87:88:79:D8:87:24:5B:E3:FA:99:6D:28
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       04852A3C4795AAA5C52A521D21622A5E561C0C3F
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5ff4b44a-41c9-4bc0-b77e-520fd1d7927e.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        23.249.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:85:2a:3c:47:95:aa:a5:c5:2a:52:1d:21:62:2a:5e:56:1c:0c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:7b:02:ab:6f:fa:28:6d:91:64:3a:2a:18:
                    96:c1:6f:c2:a1:e6:38:f3:39:b5:52:ce:9d:40:f8:
                    0f:65:60:eb:14:81:c4:1a:34:e3:c7:d4:30:85:91:
                    bf:10:38:18:5e:fb:4a:db:04:18:b3:80:d8:54:e3:
                    0d:ab:59:95:3c:5f:a4:ea:31:37:b1:f6:9f:c5:74:
                    ad:16:27:bf:1c:40:53:86:6d:9c:41:e6:f6:e3:8e:
                    e0:eb:28:2f:6d:69:3c:d4:87:f3:dd:1e:3d:b4:13:
                    19:24:0d:2f:74:09:8e:b4:d4:61:71:d2:f6:f9:08:
                    c4:42:53:f7:8b:aa:15:18:bc:61:9a:91:50:fa:63:
                    02:f4:fa:cb:34:0c:87:75:81:5f:5d:29:59:95:56:
                    d7:5d:1c:e2:22:84:49:fc:e0:59:bc:76:b8:65:41:
                    1e:83:42:dc:37:5e:3a:61:9d:54:cf:8e:bb:32:cd:
                    db:15:42:a6:1c:9a:8d:ba:65:b1:fc:8c:a5:15:cd:
                    eb:e3:0d:85:eb:7a:b7:c3:c9:61:5d:f2:62:80:85:
                    92:a1:ea:f8:12:6b:c3:69:a6:1c:d7:e2:46:48:57:
                    81:1e:9c:99:1e:f3:83:4b:83:68:75:14:b5:62:db:
                    8c:b1:6b:2b:15:d0:0f:3a:61:9b:7c:19:67:97:d0:
                    01:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:38:25:21:AF:7E:DD:08:87:88:79:D8:87:24:5B:E3:FA:99:6D:28
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5ff4b44a-41c9-4bc0-b77e-520fd1d7927e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:45:06:8c:c3:40:75:fd:54:d4:df:44:2d:1a:0f:16:15:8f:
         03:13:65:78:73:62:2c:13:c2:6e:9e:1f:0d:09:05:0f:ac:d0:
         ef:23:71:15:62:54:ee:5d:70:cf:3d:72:73:f1:71:08:62:ee:
         85:66:e2:72:4a:55:85:4f:4a:88:6f:fe:14:6b:d5:49:d8:14:
         52:32:9d:a4:be:ed:78:2e:ab:db:a3:46:74:a5:d9:14:d6:a6:
         62:d5:7f:cc:e5:6f:3b:24:34:64:ff:74:12:21:6e:bc:8d:f5:
         7b:77:2d:44:5f:5e:dd:d1:7e:52:eb:35:e5:15:c5:dc:4e:e5:
         00:ec:9d:39:e7:aa:08:37:34:6e:87:4a:15:1f:0a:cb:0e:10:
         f3:d1:91:24:1f:4f:70:c8:17:ff:8b:0d:f9:c5:5c:92:77:a1:
         cf:55:b3:5c:dc:a5:84:30:72:c9:2e:2a:ba:e7:2a:aa:d7:23:
         66:55:e7:b8:aa:79:42:28:85:28:6c:db:5f:f1:51:c6:80:37:
         92:3e:cf:2e:0c:52:4e:1a:b4:5e:d6:c3:96:8e:e1:72:63:27:
         c4:63:9a:3b:52:f8:3e:c5:e3:57:0f:da:9b:39:f3:d5:2c:9a:
         f4:9c:98:75:5b:61:be:ab:3b:b2:69:f1:a4:0c:8c:46:89:64:
         5b:48:54:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBIUqPEeVqqXFKlIdIWIqXlYcDD8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMTI1MDAwMDAwWhcNMjUwMzAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTA5MzQ4NDI5ZTJiMzliNGRjY2UzOGRhNjczMzRlNGZi
Y2M0MTI3ZjAwMDY2N2U3OGY0MmFmOGU2NTEzYjkxMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpxXsCq2/6KG2RZDoqGJbBb8Kh5jjzObVSzp1A+A9lYOsU
gcQaNOPH1DCFkb8QOBhe+0rbBBizgNhU4w2rWZU8X6TqMTex9p/FdK0WJ78cQFOG
bZxB5vbjjuDrKC9taTzUh/PdHj20ExkkDS90CY601GFx0vb5CMRCU/eLqhUYvGGa
kVD6YwL0+ss0DId1gV9dKVmVVtddHOIihEn84Fm8drhlQR6DQtw3XjphnVTPjrsy
zdsVQqYcmo26ZbH8jKUVzevjDYXrerfDyWFd8mKAhZKh6vgSa8NpphzX4kZIV4Ee
nJke84NLg2h1FLVi24yxaysV0A86YZt8GWeX0AHBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXTglIa9+3QiHiHnYhyRb4/qZbSgwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzVmZjRiNDRhLTQxYzktNGJjMC1iNzdlLTUyMGZkMWQ3OTI3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+dYwDQYJKoZIhvcNAQELBQADggEBAAdFBozDQHX9VNTfRC0aDxYVjwMT
ZXhzYiwTwm6eHw0JBQ+s0O8jcRViVO5dcM89cnPxcQhi7oVm4nJKVYVPSohv/hRr
1UnYFFIynaS+7Xguq9ujRnSl2RTWpmLVf8zlbzskNGT/dBIhbryN9Xt3LURfXt3R
flLrNeUVxdxO5QDsnTnnqgg3NG6HShUfCssOEPPRkSQfT3DIF/+LDfnFXJJ3oc9V
s1zcpYQwcskuKrrnKqrXI2ZV57iqeUIohShs21/xUcaAN5I+zy4MUk4atF7Ww5aO
4XJjJ8RjmjtS+D7F41cP2ps589UsmvScmHVbYb6rO7Jp8aQMjEaJZFtIVG8=
-----END CERTIFICATE-----
Generated at Sun Feb 16 05:48:33 2025 by rpki-client