Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/93d7471b-56b1-4f53-982e-a84765e52ef3.roa
File:                     93d7471b-56b1-4f53-982e-a84765e52ef3.roa (raw, json)
Hash identifier:          E+0ruCfm9ZPJjtZuSAy0ARjW6RfGo4a/oAzbk9wWYFI=
Subject key identifier:   EF:20:0F:AE:B3:C7:CE:12:C9:B2:31:9D:61:82:A8:4B:D2:E0:79:D3
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       04623032585AEC6BEEC05B0EAD43F3F2AF753DE5
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/93d7471b-56b1-4f53-982e-a84765e52ef3.roa
Signing time:             Wed 29 Oct 2025 00:10:13 +0000
ROA not before:           Wed 29 Oct 2025 00:10:13 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:62:30:32:58:5a:ec:6b:ee:c0:5b:0e:ad:43:f3:f2:af:75:3d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct 29 00:10:13 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=f57ccdaf673fca05a3c88312b31599bcbc63303c01457c602640bee39e8f4a48, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:27:1d:2e:77:f8:e7:b5:05:f2:b3:a0:09:3d:
                    59:8e:4a:10:f0:cc:8b:9f:09:e8:ed:9c:b2:b5:85:
                    31:b4:5b:f8:d2:34:b0:79:9a:0b:11:05:43:37:3f:
                    fa:a5:a6:98:28:d1:ce:d4:04:43:94:6b:dc:e2:f1:
                    ae:88:0f:a0:38:c8:a5:d2:fb:fb:be:b7:0d:60:c7:
                    5b:07:09:31:23:0f:30:68:81:f2:5b:2e:7f:bd:d9:
                    be:d6:c9:f3:95:b0:15:e8:c5:7d:a0:43:4e:0f:93:
                    4d:f2:ec:5c:ba:0e:b4:c0:37:3a:c9:2e:ab:0e:4b:
                    86:c7:c1:1d:f4:75:63:dc:15:ce:42:01:8b:09:44:
                    f9:75:26:dd:f3:f4:3d:3d:39:17:e2:fe:7c:43:31:
                    8c:ac:9f:1b:06:e6:69:69:56:db:58:eb:04:47:ca:
                    04:27:0c:0f:08:6c:0c:90:44:5e:11:79:82:27:91:
                    bc:f1:37:2e:6d:05:81:67:7a:1a:5a:41:62:70:9c:
                    d8:76:7b:ee:fa:e4:ae:ee:c8:3c:5b:10:2c:a2:13:
                    af:86:e5:2b:2b:1b:f6:0c:8d:e2:5d:7a:76:4e:51:
                    cb:0c:d9:50:26:84:3e:1a:74:b7:1c:a9:89:e6:9a:
                    56:83:bb:d3:ab:b3:81:3d:95:99:9e:fd:1b:18:da:
                    cb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:20:0F:AE:B3:C7:CE:12:C9:B2:31:9D:61:82:A8:4B:D2:E0:79:D3
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/93d7471b-56b1-4f53-982e-a84765e52ef3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b7:6f:c5:3a:f0:b0:cc:e6:48:d2:4f:9f:b0:e8:d3:52:8b:
         4c:36:fd:52:84:21:a1:f0:2a:f8:82:ea:bf:e9:a0:b8:08:92:
         3b:19:30:15:42:9e:03:23:59:85:32:25:15:ec:d9:aa:33:e1:
         aa:fc:e2:c9:3d:4f:04:54:3c:22:cb:5c:ec:76:42:21:11:5a:
         bb:1b:75:83:c7:d1:43:53:fb:f3:0f:6d:54:ac:79:5d:39:21:
         f1:67:f1:97:25:b9:df:e1:3b:f2:e0:f7:73:d0:12:cb:96:6b:
         95:fa:47:01:5e:d2:5b:a0:50:63:6e:56:6c:84:9e:67:c3:df:
         fe:a6:a1:7c:90:bb:b8:18:be:8c:84:d3:58:4d:4d:1b:3e:6e:
         58:b4:1d:87:d8:80:cb:65:b8:91:86:b3:7b:e9:3d:32:c8:23:
         ed:44:39:9c:31:3d:fa:26:77:38:75:a3:a4:40:19:4a:13:f8:
         48:ad:9a:fe:8d:3a:07:19:f1:fe:bf:1e:12:bb:2c:22:b2:ee:
         3e:46:c7:bc:1e:1a:67:0f:95:bb:0b:83:12:cd:c7:fa:ac:7f:
         8f:ac:15:ae:2b:53:41:be:00:0d:e5:47:d7:99:8c:76:6e:d4:
         ff:99:2b:a3:4c:fe:ff:6b:9d:6f:c4:a4:a1:4d:69:f0:99:a6:
         e7:b9:c1:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBGIwMlha7GvuwFsOrUPz8q91PeUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUxMDI5MDAxMDEzWhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTdjY2RhZjY3M2ZjYTA1YTNjODgzMTJiMzE1OTliY2Jj
NjMzMDNjMDE0NTdjNjAyNjQwYmVlMzllOGY0YTQ4MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuJx0ud/jntQXys6AJPVmOShDwzIufCejtnLK1hTG0W/jS
NLB5mgsRBUM3P/qlppgo0c7UBEOUa9zi8a6ID6A4yKXS+/u+tw1gx1sHCTEjDzBo
gfJbLn+92b7WyfOVsBXoxX2gQ04Pk03y7Fy6DrTANzrJLqsOS4bHwR30dWPcFc5C
AYsJRPl1Jt3z9D09ORfi/nxDMYysnxsG5mlpVttY6wRHygQnDA8IbAyQRF4ReYIn
kbzxNy5tBYFnehpaQWJwnNh2e+765K7uyDxbECyiE6+G5SsrG/YMjeJdenZOUcsM
2VAmhD4adLccqYnmmlaDu9Ors4E9lZme/RsY2suHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7yAPrrPHzhLJsjGdYYKoS9LgedMwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzkzZDc0NzFiLTU2YjEtNGY1My05ODJlLWE4NDc2NWU1MmVmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM37wwDQYJKoZIhvcNAQELBQADggEBADO3b8U68LDM5kjST5+w6NNSi0w2
/VKEIaHwKviC6r/poLgIkjsZMBVCngMjWYUyJRXs2aoz4ar84sk9TwRUPCLLXOx2
QiERWrsbdYPH0UNT+/MPbVSseV05IfFn8Zclud/hO/Lg93PQEsuWa5X6RwFe0lug
UGNuVmyEnmfD3/6moXyQu7gYvoyE01hNTRs+bli0HYfYgMtluJGGs3vpPTLII+1E
OZwxPfomdzh1o6RAGUoT+Eitmv6NOgcZ8f6/HhK7LCKy7j5Gx7weGmcPlbsLgxLN
x/qsf4+sFa4rU0G+AA3lR9eZjHZu1P+ZK6NM/v9rnW/EpKFNafCZpue5wR0=
-----END CERTIFICATE-----