Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ced1d856-48cb-491b-a1ab-adf22d3bad75.roa
File:                     ced1d856-48cb-491b-a1ab-adf22d3bad75.roa (raw, json)
Hash identifier:          7JS4bY5UuS04M0NqcoBK66zEkoKqeijy7okXsYEHfog=
Subject key identifier:   B6:F3:CF:2E:41:B4:AC:53:7F:E1:23:94:82:01:67:63:D8:12:7B:16
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       3476227CC5CA952D3B1784CF95D5C7B104FD82C6
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ced1d856-48cb-491b-a1ab-adf22d3bad75.roa
Signing time:             Sat 02 Aug 2025 00:10:41 +0000
ROA not before:           Sat 02 Aug 2025 00:10:41 +0000
ROA not after:            Sat 06 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 08 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:76:22:7c:c5:ca:95:2d:3b:17:84:cf:95:d5:c7:b1:04:fd:82:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Aug  2 00:10:41 2025 GMT
            Not After : Sep  6 23:59:59 2025 GMT
        Subject: serialNumber=6a0403674eb1e25ff6a815bc0eeb60a8dd1abe98565c5c43891ea9ea4092a241, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d1:c8:c4:36:42:d7:ab:e1:e8:c3:1b:60:6a:
                    6e:ae:9b:4a:09:d6:75:cf:15:01:e1:69:20:89:c0:
                    0a:86:0b:27:b7:8d:91:07:14:cf:e9:37:4f:20:fa:
                    b8:32:0f:4c:43:c1:a2:3a:21:a6:5f:9e:54:4d:10:
                    e8:d8:72:11:de:45:79:b7:75:cc:02:d0:f8:52:b5:
                    48:77:c0:f4:e9:94:47:1b:aa:0f:db:50:26:ba:bc:
                    be:7e:f9:63:e7:31:9e:af:37:7a:09:8a:19:98:07:
                    a9:39:cb:d1:8a:31:15:ed:96:41:5c:7f:de:78:24:
                    c7:e8:02:7a:5b:b7:3b:ca:bc:f9:82:2e:c1:64:de:
                    c3:0e:70:d7:76:8d:cf:db:90:31:9b:38:51:74:0b:
                    df:e2:68:1b:d1:0d:57:fb:80:23:c6:3d:f8:ed:8f:
                    40:06:68:5a:31:50:f2:29:d8:de:2d:d0:b6:c7:09:
                    b2:5b:77:30:4e:09:92:96:a1:70:d9:a7:5e:32:9b:
                    39:de:2b:2d:52:4c:97:b1:a4:ba:8c:47:d2:e4:36:
                    ee:ac:77:b1:fc:10:9c:0e:90:92:b9:80:b6:b0:03:
                    cb:e4:5d:c9:0f:04:c3:13:b6:3b:5e:86:79:fb:42:
                    d3:bf:12:b7:ba:bb:19:9b:5f:30:3c:ff:f2:3b:52:
                    cb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F3:CF:2E:41:B4:AC:53:7F:E1:23:94:82:01:67:63:D8:12:7B:16
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/ced1d856-48cb-491b-a1ab-adf22d3bad75.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5c:0e:06:2d:07:f4:e7:07:70:a4:c3:0e:65:2f:46:33:eb:95:
         89:82:c4:ba:99:06:37:a4:d7:39:3f:49:33:83:c8:9f:10:98:
         a9:3a:be:27:21:d0:b4:fd:a7:bb:aa:31:17:0a:f3:b5:79:3c:
         58:3f:04:eb:55:de:2b:85:49:5c:d5:5a:31:cb:8c:fb:09:15:
         8f:46:ea:0e:5e:b7:89:61:55:6e:40:d6:bd:97:7c:f5:af:bc:
         a7:5f:5e:7b:6f:28:e5:79:0b:0a:14:cc:df:05:c7:d9:21:0e:
         95:3f:61:3d:51:2b:42:98:c4:e1:3b:e7:92:92:09:c3:ee:b1:
         ec:ac:18:8a:f7:1f:b1:23:92:72:8d:cd:0d:68:67:05:24:44:
         54:e4:1e:bf:ab:1b:4b:b7:80:5e:91:0f:bc:2f:e1:9a:e2:75:
         81:0c:27:50:14:32:2b:e1:12:2d:48:14:b8:57:fb:07:39:ad:
         a6:c2:95:b0:08:69:cd:64:77:08:a0:7b:7f:b1:14:0a:48:0a:
         07:b7:23:fb:d1:94:66:bc:95:4b:98:ac:b0:38:52:75:4b:c9:
         66:4c:35:08:d1:f4:1e:c4:f7:d0:5c:0e:9c:43:73:ae:73:3b:
         a5:35:d0:86:d3:f5:c4:c0:41:99:75:c4:a9:d9:f2:47:3b:63:
         c9:9d:44:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNHYifMXKlS07F4TPldXHsQT9gsYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwODAyMDAxMDQxWhcNMjUwOTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTA0MDM2NzRlYjFlMjVmZjZhODE1YmMwZWViNjBhOGRk
MWFiZTk4NTY1YzVjNDM4OTFlYTllYTQwOTJhMjQxMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDV0cjENkLXq+Howxtgam6um0oJ1nXPFQHhaSCJwAqGCye3
jZEHFM/pN08g+rgyD0xDwaI6IaZfnlRNEOjYchHeRXm3dcwC0PhStUh3wPTplEcb
qg/bUCa6vL5++WPnMZ6vN3oJihmYB6k5y9GKMRXtlkFcf954JMfoAnpbtzvKvPmC
LsFk3sMOcNd2jc/bkDGbOFF0C9/iaBvRDVf7gCPGPfjtj0AGaFoxUPIp2N4t0LbH
CbJbdzBOCZKWoXDZp14ymzneKy1STJexpLqMR9LkNu6sd7H8EJwOkJK5gLawA8vk
XckPBMMTtjtehnn7QtO/Ere6uxmbXzA8//I7UstxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtvPPLkG0rFN/4SOUggFnY9gSexYwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2NlZDFkODU2LTQ4Y2ItNDkxYi1hMWFiLWFkZjIyZDNiYWQ3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARM37AwDQYJKoZIhvcNAQELBQADggEBAFwOBi0H9OcHcKTDDmUvRjPrlYmC
xLqZBjek1zk/STODyJ8QmKk6vich0LT9p7uqMRcK87V5PFg/BOtV3iuFSVzVWjHL
jPsJFY9G6g5et4lhVW5A1r2XfPWvvKdfXntvKOV5CwoUzN8Fx9khDpU/YT1RK0KY
xOE755KSCcPuseysGIr3H7EjknKNzQ1oZwUkRFTkHr+rG0u3gF6RD7wv4ZridYEM
J1AUMivhEi1IFLhX+wc5rabClbAIac1kdwige3+xFApICge3I/vRlGa8lUuYrLA4
UnVLyWZMNQjR9B7E99BcDpxDc65zO6U10IbT9cTAQZl1xKnZ8kc7Y8mdRGw=
-----END CERTIFICATE-----
Generated at Wed Aug 6 18:42:38 2025 by rpki-client