Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa
File:                     8621c38c-da14-4436-8fad-6252da797f1a.roa (raw, json)
Hash identifier:          oXVq6MsDf4Zp2LKQrfUmzYTeWxzQPYNl1gIpRaJK37U=
Subject key identifier:   C4:A8:F9:A0:EA:BE:26:EA:71:39:F4:E5:F5:75:A6:B7:CD:97:32:89
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       4827650E1DFC113650EB16495F5A95CC87BAC620
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa
Signing time:             Tue 06 May 2025 00:00:13 +0000
ROA not before:           Tue 06 May 2025 00:00:13 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 11 May 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:27:65:0e:1d:fc:11:36:50:eb:16:49:5f:5a:95:cc:87:ba:c6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: May  6 00:00:13 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=ef95576601dbdbbc1e977d839ce95a335e1110ae85640deb0231879715d6c700, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:52:73:98:80:d1:14:a0:a0:09:1b:52:f9:bf:
                    10:7b:b1:b6:16:14:aa:2c:8b:b1:65:40:5c:38:3f:
                    70:9c:49:23:36:41:3a:87:fd:94:89:d6:82:ff:d3:
                    78:bc:c6:39:40:94:ca:a5:35:de:73:0c:e4:58:0e:
                    be:52:8e:6c:96:53:dd:e9:15:74:2d:62:b3:78:a4:
                    e7:8a:f5:35:51:e5:d6:4f:5c:74:7f:c9:e5:55:a0:
                    02:6b:9f:de:1a:9a:2f:75:56:26:1a:0b:7c:aa:e1:
                    c2:da:49:51:84:44:7b:d0:ee:b8:7b:f0:61:85:09:
                    3e:3f:86:7f:30:74:8a:80:de:f9:13:c5:b3:d8:ff:
                    e5:97:75:36:5f:d4:24:ec:9f:96:0a:25:80:c7:1f:
                    2a:7d:5d:32:3a:8d:eb:4d:6a:f8:92:a3:e0:6f:90:
                    6b:b6:83:97:11:79:5e:56:0f:9b:01:f4:55:06:04:
                    13:88:cd:3b:a4:ae:86:50:06:75:b3:c7:e1:5d:a7:
                    86:59:b1:f4:2f:e6:e6:61:ca:c3:3e:1d:cf:86:47:
                    6e:8c:e0:ec:ac:23:37:5f:18:8a:4a:15:dd:76:65:
                    d4:c9:9d:20:14:d8:41:f7:c4:36:96:ac:31:2d:aa:
                    26:1a:08:c5:b8:a2:fb:e7:60:e1:d4:7d:8f:d5:79:
                    0f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A8:F9:A0:EA:BE:26:EA:71:39:F4:E5:F5:75:A6:B7:CD:97:32:89
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:84:de:ce:b8:d9:d6:88:09:2a:5a:a9:65:a7:ab:36:63:0f:
         9a:88:0c:fc:a9:89:88:2b:3a:8d:22:bf:83:2e:1e:98:de:e5:
         5e:76:37:8b:20:71:b9:9a:0e:e4:fd:8d:c0:15:14:a5:10:19:
         25:5a:0b:56:d5:04:1c:3f:03:9c:c6:46:36:46:32:72:4f:97:
         cf:44:7d:9d:2c:94:ba:a0:c2:cd:f6:07:a7:e6:1c:09:52:ff:
         ce:1d:b2:e6:d4:a0:2c:b3:47:09:f0:d1:6f:ee:6e:59:06:43:
         db:fe:5d:34:88:0e:23:56:95:a9:db:55:73:95:fa:df:c9:e1:
         d9:41:fd:8a:0b:70:05:8f:eb:8d:6f:25:9c:f9:67:ab:ed:64:
         ae:fa:15:51:30:be:4e:f5:0e:d7:25:72:bc:5c:fc:e8:9a:87:
         22:3f:ff:a5:1d:47:04:96:7a:81:3a:f6:f4:07:2d:94:d6:d2:
         59:a6:12:15:81:0d:76:0f:c0:52:a4:45:e4:e0:c6:e7:72:cc:
         09:b4:f1:d9:0c:89:c3:f9:98:e2:52:d0:17:11:53:60:82:5a:
         19:23:74:f7:49:8a:e1:f2:a1:e1:2a:10:5c:1d:32:bb:4f:33:
         06:7f:72:d9:67:a7:44:6b:78:df:8c:6e:6c:ef:ff:1d:3c:61:
         42:e8:20:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSCdlDh38ETZQ6xZJX1qVzIe6xiAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNTA2MDAwMDEzWhcNMjUwNjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjk1NTc2NjAxZGJkYmJjMWU5NzdkODM5Y2U5NWEzMzVl
MTExMGFlODU2NDBkZWIwMjMxODc5NzE1ZDZjNzAwMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/UnOYgNEUoKAJG1L5vxB7sbYWFKosi7FlQFw4P3CcSSM2
QTqH/ZSJ1oL/03i8xjlAlMqlNd5zDORYDr5SjmyWU93pFXQtYrN4pOeK9TVR5dZP
XHR/yeVVoAJrn94ami91ViYaC3yq4cLaSVGERHvQ7rh78GGFCT4/hn8wdIqA3vkT
xbPY/+WXdTZf1CTsn5YKJYDHHyp9XTI6jetNaviSo+BvkGu2g5cReV5WD5sB9FUG
BBOIzTukroZQBnWzx+Fdp4ZZsfQv5uZhysM+Hc+GR26M4OysIzdfGIpKFd12ZdTJ
nSAU2EH3xDaWrDEtqiYaCMW4ovvnYOHUfY/VeQ+BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxKj5oOq+JupxOfTl9XWmt82XMokwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzg2MjFjMzhjLWRhMTQtNDQzNi04ZmFkLTYyNTJkYTc5N2YxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+d4wDQYJKoZIhvcNAQELBQADggEBADqE3s642daICSpaqWWnqzZjD5qI
DPypiYgrOo0iv4MuHpje5V52N4sgcbmaDuT9jcAVFKUQGSVaC1bVBBw/A5zGRjZG
MnJPl89EfZ0slLqgws32B6fmHAlS/84dsubUoCyzRwnw0W/ublkGQ9v+XTSIDiNW
lanbVXOV+t/J4dlB/YoLcAWP641vJZz5Z6vtZK76FVEwvk71Dtclcrxc/OiahyI/
/6UdRwSWeoE69vQHLZTW0lmmEhWBDXYPwFKkReTgxudyzAm08dkMicP5mOJS0BcR
U2CCWhkjdPdJiuHyoeEqEFwdMrtPMwZ/ctlnp0RreN+Mbmzv/x08YULoIL4=
-----END CERTIFICATE-----
Generated at Fri May 9 20:24:29 2025 by rpki-client