Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/eaef83ec-c27a-4971-921b-164f8f284067.roa
File:                     eaef83ec-c27a-4971-921b-164f8f284067.roa (raw, json)
Hash identifier:          pekyFjyYlfz6InjeU4cTAURv3P6rOK9/zroRg5bGpO8=
Subject key identifier:   93:CA:04:9D:18:0D:50:20:6B:ED:32:72:DB:50:BA:34:83:0B:AB:70
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       63C61DAA61802035C27D1D5359754923069F03E2
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/eaef83ec-c27a-4971-921b-164f8f284067.roa
Signing time:             Mon 21 Jul 2025 15:20:06 +0000
ROA not before:           Mon 21 Jul 2025 15:20:06 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 15:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:c6:1d:aa:61:80:20:35:c2:7d:1d:53:59:75:49:23:06:9f:03:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jul 21 15:20:06 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=a8eb0726859bbe7e04a7ae920656ed8484c3eeae5037081dbf978eaa2b8dac79, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:32:16:f4:cb:6f:e7:ae:17:a1:6f:9d:08:3b:
                    9f:25:86:e0:8e:7e:a5:4e:aa:62:05:79:3a:7f:1d:
                    02:0b:f3:97:b1:dd:63:36:17:0d:89:64:ed:a4:99:
                    7c:5a:b7:4a:7f:33:7d:66:ea:6f:f0:6c:fb:e9:2d:
                    e8:5e:73:51:bf:8e:06:54:cd:cf:df:e5:9d:cc:30:
                    40:5d:f8:9c:27:88:db:43:d8:4f:0e:5b:27:ce:ac:
                    53:ef:5e:14:85:16:57:0d:a2:6a:a2:bf:51:87:cd:
                    0a:e2:78:6a:62:aa:9a:a7:a8:cc:3d:68:96:23:78:
                    f6:14:ac:ab:e0:dd:e5:e2:38:fd:a7:8e:73:65:f9:
                    05:48:f2:6f:7a:14:b5:51:68:43:69:f5:8b:7f:34:
                    4c:75:cb:7d:98:92:73:df:e4:98:3b:04:79:2c:54:
                    61:17:56:e6:db:72:a9:cd:db:48:22:06:ae:2a:1b:
                    48:ed:02:f3:78:02:3e:56:92:f3:5f:d6:db:ff:45:
                    c4:35:6d:a3:d2:e7:25:12:6e:d4:ee:b5:a4:96:16:
                    38:8b:59:48:0d:ba:af:0a:10:72:51:48:37:55:ca:
                    9c:33:9d:f4:8d:91:cd:bf:aa:0d:69:b9:df:2b:39:
                    fb:ab:ca:37:70:4f:9a:96:a2:ec:3d:7c:2a:b6:92:
                    ba:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CA:04:9D:18:0D:50:20:6B:ED:32:72:DB:50:BA:34:83:0B:AB:70
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/eaef83ec-c27a-4971-921b-164f8f284067.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:38:0b:9b:e1:b6:53:ab:93:a6:cb:e9:3d:cf:77:c5:40:d6:
         2a:24:e7:e6:17:5a:44:f2:a1:2b:94:30:d3:3f:a3:87:01:91:
         4f:3f:08:d9:d2:d3:02:40:aa:72:e4:ed:3a:db:d6:a6:cd:3f:
         a8:88:3c:4c:f8:1b:b0:50:a3:ca:ea:07:a5:eb:66:3e:f3:f9:
         7f:0e:4b:28:3b:3f:e3:85:9a:a3:ce:73:7a:61:e4:3e:88:f4:
         52:7c:06:19:8d:a6:99:1b:ce:b4:d8:16:e4:92:8a:c7:75:0b:
         f8:17:8e:46:0a:8c:41:a6:a9:19:49:d0:78:da:ac:68:c2:b9:
         88:c4:a8:ad:b9:51:54:e6:be:14:5f:9c:09:f7:9b:75:41:da:
         ba:5e:ea:a3:2a:3b:3d:6f:e7:ec:da:ba:c3:0e:8d:ce:3e:79:
         5a:6a:82:b0:16:5e:df:09:ca:27:5c:5f:fb:fa:19:8e:f7:c5:
         dd:4b:0d:9b:f6:ec:0d:df:38:65:5e:7e:b9:ba:52:e8:75:c0:
         09:1d:58:b4:d8:30:f3:87:e5:fa:1e:c2:3c:8a:1c:e0:e4:77:
         f4:d8:27:68:83:b4:c9:81:06:89:a5:1d:6b:6b:d3:38:4b:39:
         85:25:a4:8f:b4:dd:b5:b2:d3:61:d9:27:fc:04:dd:40:5b:b5:
         45:1e:a1:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY8YdqmGAIDXCfR1TWXVJIwafA+IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNzIxMTUyMDA2WhcNMjUwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOGViMDcyNjg1OWJiZTdlMDRhN2FlOTIwNjU2ZWQ4NDg0
YzNlZWFlNTAzNzA4MWRiZjk3OGVhYTJiOGRhYzc5MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqMhb0y2/nrhehb50IO58lhuCOfqVOqmIFeTp/HQIL85ex
3WM2Fw2JZO2kmXxat0p/M31m6m/wbPvpLehec1G/jgZUzc/f5Z3MMEBd+JwniNtD
2E8OWyfOrFPvXhSFFlcNomqiv1GHzQrieGpiqpqnqMw9aJYjePYUrKvg3eXiOP2n
jnNl+QVI8m96FLVRaENp9Yt/NEx1y32YknPf5Jg7BHksVGEXVubbcqnN20giBq4q
G0jtAvN4Aj5WkvNf1tv/RcQ1baPS5yUSbtTutaSWFjiLWUgNuq8KEHJRSDdVypwz
nfSNkc2/qg1pud8rOfuryjdwT5qWouw9fCq2krqfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk8oEnRgNUCBr7TJy21C6NIMLq3AwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2VhZWY4M2VjLWMyN2EtNDk3MS05MjFiLTE2NGY4ZjI4NDA2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM37swDQYJKoZIhvcNAQELBQADggEBAAA4C5vhtlOrk6bL6T3Pd8VA1iok
5+YXWkTyoSuUMNM/o4cBkU8/CNnS0wJAqnLk7Trb1qbNP6iIPEz4G7BQo8rqB6Xr
Zj7z+X8OSyg7P+OFmqPOc3ph5D6I9FJ8BhmNppkbzrTYFuSSisd1C/gXjkYKjEGm
qRlJ0HjarGjCuYjEqK25UVTmvhRfnAn3m3VB2rpe6qMqOz1v5+zausMOjc4+eVpq
grAWXt8JyidcX/v6GY73xd1LDZv27A3fOGVefrm6Uuh1wAkdWLTYMPOH5foewjyK
HODkd/TYJ2iDtMmBBomlHWtr0zhLOYUlpI+03bWy02HZJ/wE3UBbtUUeoWQ=
-----END CERTIFICATE-----