Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d232050-4c58-40e2-9036-331be5aa0f31.roa
File:                     0d232050-4c58-40e2-9036-331be5aa0f31.roa (raw, json)
Hash identifier:          wUSHg3bX7pd5eO8bNlaC2jp3PqGWPKV4lFru24S0TnU=
Subject key identifier:   3B:26:A5:63:A1:35:F4:2D:F9:94:2E:99:AA:08:61:85:3F:1B:14:9B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70D0434488A35030249D0064F55AB89E964235BB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d232050-4c58-40e2-9036-331be5aa0f31.roa
Signing time:             Wed 09 Jul 2025 00:10:29 +0000
ROA not before:           Wed 09 Jul 2025 00:10:29 +0000
ROA not after:            Wed 13 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        121.91.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 24 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:d0:43:44:88:a3:50:30:24:9d:00:64:f5:5a:b8:9e:96:42:35:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  9 00:10:29 2025 GMT
            Not After : Aug 13 23:59:59 2025 GMT
        Subject: serialNumber=90301bbc8eafb97c4c70f0b7e5a6f3b4e549955e66c683fb4085c200ad6e7ba6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d5:37:a3:00:ed:8a:d9:19:a4:c4:95:ef:8e:
                    aa:51:49:e8:e6:73:22:f1:c7:0d:d1:f4:0f:d4:b2:
                    80:91:65:99:fd:8d:e7:c5:56:1f:40:1f:af:20:ab:
                    e2:86:2d:2a:21:32:ba:ee:cd:c8:8c:eb:54:65:2f:
                    43:04:ba:47:58:0a:27:24:17:00:8a:68:2b:b2:ce:
                    e8:3a:f4:91:ca:42:6b:f2:eb:d7:8b:91:30:37:ac:
                    01:88:9d:ae:e5:ee:0c:f9:f1:8f:ae:51:03:95:6c:
                    7d:a4:b6:f9:3a:7c:23:45:cf:cf:fe:77:eb:73:dc:
                    6d:d3:66:82:34:35:17:0b:bf:5a:f8:bb:78:26:0e:
                    49:25:80:8f:20:69:b6:5b:db:12:16:7a:3b:ff:b3:
                    a9:ee:66:c9:84:65:5a:0a:7c:cf:ab:bb:57:ac:00:
                    61:69:7f:9d:8a:81:b5:58:3e:fb:1b:e3:02:46:fb:
                    67:6a:8a:35:aa:a1:06:d3:50:ff:00:c3:57:68:12:
                    a8:3a:72:9b:d8:ec:8c:4e:72:e8:81:c9:2d:e6:cb:
                    df:f0:7b:48:34:ad:2a:b0:f9:ee:f4:8d:08:99:4b:
                    3e:6e:5e:77:77:c2:cf:11:75:8f:63:6a:3c:d8:03:
                    68:84:fc:3d:49:d6:9e:3f:ee:79:b1:00:e5:5d:26:
                    dc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:26:A5:63:A1:35:F4:2D:F9:94:2E:99:AA:08:61:85:3F:1B:14:9B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d232050-4c58-40e2-9036-331be5aa0f31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.91.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:48:0d:16:aa:2e:6f:c2:3b:fa:bf:e3:43:0a:47:04:96:ba:
         9c:77:48:a2:10:66:29:f8:59:38:e4:e5:60:f0:dc:25:9b:e4:
         28:5b:11:bc:8e:89:54:dc:6e:2c:0f:81:72:1e:ea:aa:ac:aa:
         ed:e3:ae:07:f4:fe:75:ec:14:73:85:62:32:b3:27:06:aa:0b:
         a0:a5:e8:46:5d:d4:c5:c3:49:7f:52:cb:71:48:09:1e:6b:b6:
         51:28:84:16:8a:0d:aa:91:18:11:77:99:84:01:77:9c:2e:9a:
         2b:a6:98:02:27:41:33:c7:55:79:06:57:fa:b9:26:82:48:6b:
         fa:e2:b3:eb:3a:34:6d:67:6a:ef:a8:48:6c:00:26:5d:a0:ec:
         c8:7b:4d:4e:7e:ad:95:16:b5:8f:a3:43:d9:4a:2d:25:e2:fb:
         5a:ae:d5:1c:95:ec:3e:94:60:71:c2:12:25:7d:c0:f0:7a:54:
         d3:09:46:20:3f:0c:11:ce:e7:bb:0d:b7:1e:9c:5f:8f:82:92:
         f7:01:d8:a3:7e:54:01:85:4c:94:56:38:61:4d:1b:ec:a7:74:
         37:66:be:0f:7d:dc:86:38:e9:11:e4:38:c6:59:30:69:3c:f1:
         b7:86:d9:95:0a:7d:62:8f:eb:cb:4b:02:64:be:28:19:55:48:
         8d:6f:ba:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcNBDRIijUDAknQBk9Vq4npZCNbswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA5MDAxMDI5WhcNMjUwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDMwMWJiYzhlYWZiOTdjNGM3MGYwYjdlNWE2ZjNiNGU1
NDk5NTVlNjZjNjgzZmI0MDg1YzIwMGFkNmU3YmE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv1TejAO2K2RmkxJXvjqpRSejmcyLxxw3R9A/UsoCRZZn9
jefFVh9AH68gq+KGLSohMrruzciM61RlL0MEukdYCickFwCKaCuyzug69JHKQmvy
69eLkTA3rAGIna7l7gz58Y+uUQOVbH2ktvk6fCNFz8/+d+tz3G3TZoI0NRcLv1r4
u3gmDkklgI8gabZb2xIWejv/s6nuZsmEZVoKfM+ru1esAGFpf52KgbVYPvsb4wJG
+2dqijWqoQbTUP8Aw1doEqg6cpvY7IxOcuiByS3my9/we0g0rSqw+e70jQiZSz5u
Xnd3ws8RdY9jajzYA2iE/D1J1p4/7nmxAOVdJtzBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOyalY6E19C35lC6ZqghhhT8bFJswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkMjMyMDUwLTRjNTgtNDBlMi05MDM2LTMzMWJlNWFhMGYzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJ5W8AwDQYJKoZIhvcNAQELBQADggEBAHRIDRaqLm/CO/q/40MKRwSWupx3
SKIQZin4WTjk5WDw3CWb5ChbEbyOiVTcbiwPgXIe6qqsqu3jrgf0/nXsFHOFYjKz
JwaqC6Cl6EZd1MXDSX9Sy3FICR5rtlEohBaKDaqRGBF3mYQBd5wumiummAInQTPH
VXkGV/q5JoJIa/ris+s6NG1nau+oSGwAJl2g7Mh7TU5+rZUWtY+jQ9lKLSXi+1qu
1RyV7D6UYHHCEiV9wPB6VNMJRiA/DBHO57sNtx6cX4+CkvcB2KN+VAGFTJRWOGFN
G+yndDdmvg993IY46RHkOMZZMGk88beG2ZUKfWKP68tLAmS+KBlVSI1vuu4=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:13:23 2025 by rpki-client