Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d8a6715-13ee-4768-9a6e-26ffac180236.roa
File:                     4d8a6715-13ee-4768-9a6e-26ffac180236.roa (raw, json)
Hash identifier:          505Um8ftRbmAyZXcOJITIiwKGowKTVvFQFK9slijY/w=
Subject key identifier:   97:B1:E8:51:22:1A:B6:6D:F5:7E:62:39:1C:83:01:63:96:5C:3F:98
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       459225BF18B53430DBB34EA535308342230013EF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d8a6715-13ee-4768-9a6e-26ffac180236.roa
Signing time:             Tue 23 Sep 2025 16:52:29 +0000
ROA not before:           Tue 23 Sep 2025 16:52:29 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        128.125.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:92:25:bf:18:b5:34:30:db:b3:4e:a5:35:30:83:42:23:00:13:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 16:52:29 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=dd28fd11de10e7710be959de9e1c412129d07ded84a039ad846dad7c2e5b5bcd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:57:01:fd:31:81:01:50:10:97:28:69:5b:cb:
                    13:b2:b8:0e:fa:b6:46:42:2c:0e:f4:c9:96:5e:d7:
                    6b:6c:d8:e6:fc:f5:22:1d:7d:a0:b0:da:f8:58:bb:
                    60:2d:ed:1c:34:67:e0:c9:e3:0d:4b:74:da:95:7d:
                    38:d7:e9:14:4d:0e:b9:3f:04:08:88:09:9f:11:5d:
                    36:83:c4:d0:d1:81:24:42:00:06:26:2c:99:af:10:
                    ee:e9:e3:57:ea:9d:6a:bf:28:75:8e:eb:88:1e:7b:
                    07:de:55:0d:b8:3b:39:1f:6b:7d:2a:a8:18:27:79:
                    8d:7d:6a:59:cc:c7:ed:63:b1:bd:48:94:e7:fb:17:
                    79:71:3b:72:7a:fa:63:fd:ae:df:39:5a:11:69:47:
                    2d:bb:eb:8e:6a:1d:29:64:e9:29:bd:c1:d4:6d:d4:
                    56:40:e2:f0:6a:f5:98:3d:40:75:d7:cc:5e:04:ba:
                    f9:ef:8f:66:c4:0a:15:e9:73:fe:ba:43:61:a7:a4:
                    d5:5d:6b:f2:04:2e:87:1d:39:c0:62:12:dd:17:39:
                    82:86:94:45:c2:d2:ef:08:a4:37:3f:6f:e2:95:d9:
                    31:7d:01:47:af:b6:d0:52:20:fa:f1:aa:c2:b2:66:
                    cc:9c:b2:3a:cf:02:2f:d2:26:23:f3:4b:da:e8:63:
                    7b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:B1:E8:51:22:1A:B6:6D:F5:7E:62:39:1C:83:01:63:96:5C:3F:98
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d8a6715-13ee-4768-9a6e-26ffac180236.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.125.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         80:17:f8:b0:54:a9:fc:2d:82:e2:e4:8f:d0:02:1a:a1:e2:1d:
         61:a7:72:10:8b:a9:48:8c:de:d6:93:bc:4b:81:f7:ec:33:76:
         4c:24:db:61:dd:38:02:de:2e:f3:32:f4:86:1e:dd:a9:61:4f:
         5f:2b:4f:9c:56:9d:db:aa:4f:43:a0:f4:3a:82:95:75:14:dd:
         53:bc:b0:96:ab:12:7e:0f:69:e2:ab:d1:26:8e:3c:51:86:6c:
         82:05:bf:93:7e:80:3b:67:7b:3e:88:4f:d2:ee:b3:98:72:60:
         b2:50:70:39:3b:f7:87:4b:bc:88:5b:c2:64:10:8b:85:b8:f3:
         7a:a6:b9:7e:36:61:28:1f:a6:ab:30:29:f7:d2:3b:73:d6:4c:
         03:2d:99:31:25:eb:e3:60:8e:9a:fb:39:3f:04:55:86:43:73:
         61:ed:2c:8f:7e:39:13:e1:92:08:5d:bb:b0:56:67:7b:d7:d3:
         0b:3d:77:24:93:37:6b:d1:20:49:77:79:62:8d:3b:f0:b3:0b:
         af:67:58:0c:40:48:e6:94:6d:db:9d:dc:92:02:d9:6a:90:f5:
         01:84:17:77:bd:13:db:0d:dc:b2:84:82:d1:da:df:39:42:78:
         85:5d:ea:89:eb:a4:35:18:28:70:cb:36:6e:93:75:de:11:ea:
         f5:56:fa:1b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURZIlvxi1NDDbs06lNTCDQiMAE+8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMTY1MjI5WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDI4ZmQxMWRlMTBlNzcxMGJlOTU5ZGU5ZTFjNDEyMTI5
ZDA3ZGVkODRhMDM5YWQ4NDZkYWQ3YzJlNWI1YmNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0VwH9MYEBUBCXKGlbyxOyuA76tkZCLA70yZZe12ts2Ob8
9SIdfaCw2vhYu2At7Rw0Z+DJ4w1LdNqVfTjX6RRNDrk/BAiICZ8RXTaDxNDRgSRC
AAYmLJmvEO7p41fqnWq/KHWO64geewfeVQ24Ozkfa30qqBgneY19alnMx+1jsb1I
lOf7F3lxO3J6+mP9rt85WhFpRy27645qHSlk6Sm9wdRt1FZA4vBq9Zg9QHXXzF4E
uvnvj2bEChXpc/66Q2GnpNVda/IELocdOcBiEt0XOYKGlEXC0u8IpDc/b+KV2TF9
AUevttBSIPrxqsKyZsycsjrPAi/SJiPzS9roY3vZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUl7HoUSIatm31fmI5HIMBY5ZcP5gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRkOGE2NzE1LTEzZWUtNDc2OC05YTZlLTI2ZmZhYzE4MDIzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCAfTANBgkqhkiG9w0BAQsFAAOCAQEAgBf4sFSp/C2C4uSP0AIaoeIdYady
EIupSIze1pO8S4H37DN2TCTbYd04At4u8zL0hh7dqWFPXytPnFad26pPQ6D0OoKV
dRTdU7ywlqsSfg9p4qvRJo48UYZsggW/k36AO2d7PohP0u6zmHJgslBwOTv3h0u8
iFvCZBCLhbjzeqa5fjZhKB+mqzAp99I7c9ZMAy2ZMSXr42COmvs5PwRVhkNzYe0s
j345E+GSCF27sFZne9fTCz13JJM3a9EgSXd5Yo078LMLr2dYDEBI5pRt253ckgLZ
apD1AYQXd70T2w3csoSC0drfOUJ4hV3qieukNRgocMs2bpN13hHq9Vb6Gw==
-----END CERTIFICATE-----
Generated at Sat Oct 18 00:14:34 2025 by rpki-client