Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa
File:                     8621c38c-da14-4436-8fad-6252da797f1a.roa (raw, json)
Hash identifier:          VZgn8I5gRuFDLJ1zBGeYU+SyMXxzzgElliHAY+HX4M4=
Subject key identifier:   6D:E2:78:5A:D3:46:A3:8E:E1:55:58:E9:0F:56:F6:D3:D8:87:84:9C
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       539725547631E51FD97586B20F26ECD243595C1F
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa
Signing time:             Mon 21 Jul 2025 15:20:46 +0000
ROA not before:           Mon 21 Jul 2025 15:20:46 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:97:25:54:76:31:e5:1f:d9:75:86:b2:0f:26:ec:d2:43:59:5c:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jul 21 15:20:46 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=38d052d2c8adfe998723f36efb1c55a16624eb27425031912f7a742ce9f6511e, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:70:c5:ff:02:4f:be:9d:13:e3:ae:3d:d7:71:
                    dc:90:2b:66:15:6a:af:e7:5b:1a:ae:dc:8b:4c:42:
                    2d:c8:77:8b:be:2e:f8:de:6e:47:c2:4f:93:28:dd:
                    26:37:87:1d:75:9d:14:d6:7c:37:ff:1e:f3:cb:44:
                    60:f7:cc:fa:42:af:b4:0a:d8:5d:ca:af:46:cb:c7:
                    38:7c:fe:43:d0:ca:fb:69:5e:31:e8:11:a3:7e:ff:
                    25:df:73:9e:82:c8:bc:ec:70:26:0d:51:e2:67:f2:
                    d9:71:df:2a:c2:91:28:95:34:c1:d6:33:7e:26:89:
                    76:36:21:b5:59:18:1c:fb:62:0b:fb:06:72:b5:2f:
                    9b:2a:09:54:79:26:ff:b7:e5:01:91:55:a1:d6:e0:
                    b7:b1:9a:d4:da:46:2c:33:ad:2c:01:c9:28:d6:ff:
                    f5:de:75:9b:54:a0:82:01:66:9f:6b:fd:71:86:c8:
                    62:cc:fe:ad:a3:95:06:7e:dc:69:10:ea:34:7c:18:
                    28:5e:57:02:bb:f9:dd:44:2b:7e:14:e9:9f:81:8c:
                    e4:d8:6e:e8:68:9d:0d:d7:10:6d:ea:56:26:6c:f5:
                    80:17:e6:a2:6f:81:d3:68:d0:d3:38:4f:f3:09:66:
                    40:f2:f2:49:a7:0e:b1:72:d8:a6:5d:08:ee:5f:95:
                    4c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E2:78:5A:D3:46:A3:8E:E1:55:58:E9:0F:56:F6:D3:D8:87:84:9C
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:79:50:7f:45:cb:96:0e:38:b3:6d:c7:59:4d:c0:c6:0c:f7:
         d1:0f:27:5d:a0:12:74:09:5b:7b:ab:8f:4c:ee:3d:8e:e9:4a:
         ab:04:36:5c:06:3b:bc:90:26:3b:8c:22:b5:7e:f0:64:b3:3e:
         33:37:1d:0f:4e:24:92:d9:1e:fe:a1:6e:87:db:d9:d7:8e:7d:
         aa:62:30:d6:57:e0:ec:7a:5b:d2:13:08:cf:47:1b:e3:83:d6:
         8e:82:49:21:67:e6:f7:f8:22:2e:e7:71:03:e3:fe:65:fb:9a:
         1a:2d:b0:f8:ec:21:4b:32:15:4a:59:84:d2:b9:aa:cf:69:90:
         6d:86:50:1d:1a:ff:77:3a:e6:c2:f8:eb:53:cf:63:b1:af:3b:
         14:e2:5e:10:84:2c:49:26:8d:2b:c9:24:f4:d4:75:bc:b8:de:
         5c:5c:d0:4f:7c:4c:d5:20:56:9e:c4:78:18:56:07:5c:b7:d6:
         b4:3a:22:78:14:f5:8d:0c:8b:12:2d:b4:8f:e2:80:8d:65:84:
         5b:8e:6a:db:35:eb:80:12:5f:ec:ff:93:f7:cf:91:bf:56:57:
         34:82:8a:ef:79:0e:04:82:cf:26:7a:1d:a9:3a:e8:6d:c6:3e:
         3b:f0:79:3e:7d:6f:99:75:94:0a:27:27:d0:02:e6:bb:95:dc:
         6d:e9:b6:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU5clVHYx5R/ZdYayDybs0kNZXB8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNzIxMTUyMDQ2WhcNMjUwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOGQwNTJkMmM4YWRmZTk5ODcyM2YzNmVmYjFjNTVhMTY2
MjRlYjI3NDI1MDMxOTEyZjdhNzQyY2U5ZjY1MTFlMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqcMX/Ak++nRPjrj3XcdyQK2YVaq/nWxqu3ItMQi3Id4u+
LvjebkfCT5Mo3SY3hx11nRTWfDf/HvPLRGD3zPpCr7QK2F3Kr0bLxzh8/kPQyvtp
XjHoEaN+/yXfc56CyLzscCYNUeJn8tlx3yrCkSiVNMHWM34miXY2IbVZGBz7Ygv7
BnK1L5sqCVR5Jv+35QGRVaHW4LexmtTaRiwzrSwBySjW//XedZtUoIIBZp9r/XGG
yGLM/q2jlQZ+3GkQ6jR8GCheVwK7+d1EK34U6Z+BjOTYbuhonQ3XEG3qViZs9YAX
5qJvgdNo0NM4T/MJZkDy8kmnDrFy2KZdCO5flUyNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbeJ4WtNGo47hVVjpD1b209iHhJwwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzg2MjFjMzhjLWRhMTQtNDQzNi04ZmFkLTYyNTJkYTc5N2YxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+d4wDQYJKoZIhvcNAQELBQADggEBAEx5UH9Fy5YOOLNtx1lNwMYM99EP
J12gEnQJW3urj0zuPY7pSqsENlwGO7yQJjuMIrV+8GSzPjM3HQ9OJJLZHv6hbofb
2deOfapiMNZX4Ox6W9ITCM9HG+OD1o6CSSFn5vf4Ii7ncQPj/mX7mhotsPjsIUsy
FUpZhNK5qs9pkG2GUB0a/3c65sL461PPY7GvOxTiXhCELEkmjSvJJPTUdby43lxc
0E98TNUgVp7EeBhWB1y31rQ6IngU9Y0MixIttI/igI1lhFuOats164ASX+z/k/fP
kb9WVzSCiu95DgSCzyZ6Hak66G3GPjvweT59b5l1lAonJ9AC5ruV3G3ptsk=
-----END CERTIFICATE-----