Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ab45e62-7d44-4885-a10e-81a21539a820.roa
File:                     2ab45e62-7d44-4885-a10e-81a21539a820.roa (raw, json)
Hash identifier:          EnZXL5bNy9F4dqaAFbG2BuYXYwWaGzcHHmTj4zLQ1ag=
Subject key identifier:   66:05:B1:89:14:E6:CF:DD:3A:97:F1:D3:6F:F4:34:B5:E1:AE:71:40
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39D65501F7AFEBC71F605F49BB2931242A93CA40
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ab45e62-7d44-4885-a10e-81a21539a820.roa
Signing time:             Wed 09 Jul 2025 00:20:29 +0000
ROA not before:           Wed 09 Jul 2025 00:20:29 +0000
ROA not after:            Wed 13 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.23.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 24 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:d6:55:01:f7:af:eb:c7:1f:60:5f:49:bb:29:31:24:2a:93:ca:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  9 00:20:29 2025 GMT
            Not After : Aug 13 23:59:59 2025 GMT
        Subject: serialNumber=806483097ea619628b015b6363dd1ed217229f29f43ffebac6575ec0cacf22ca, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:77:88:34:c7:c0:c8:c5:fa:3e:aa:e1:2e:dd:
                    68:b2:42:85:92:c5:63:3e:a6:33:b3:b2:00:54:76:
                    c9:4c:9e:ec:e5:04:1f:0a:67:82:93:6c:3b:8b:ad:
                    84:69:b9:19:2b:e3:ff:68:9b:3c:1c:2e:96:55:95:
                    6a:6b:03:66:e5:39:fc:e9:5d:e2:9b:4c:27:ea:ff:
                    07:8f:77:25:c9:80:1d:71:85:3d:68:cf:bf:fb:68:
                    e9:bf:f6:ff:92:a3:7e:7b:9f:a2:90:2c:c3:9b:fd:
                    67:27:af:4d:fc:6b:bc:d9:91:6b:24:54:5b:f8:8f:
                    0e:66:71:de:e3:dd:9d:93:52:4b:3a:ae:84:15:e6:
                    89:5e:4f:73:a4:ca:fa:41:dd:a1:ad:b9:a9:80:91:
                    01:40:15:ac:f2:e8:0a:15:52:43:5d:b9:3c:a5:17:
                    df:34:7e:43:e6:10:69:98:80:f6:41:ae:5f:b4:65:
                    9c:04:7a:b4:ec:0d:71:43:02:97:b0:e9:92:6d:3d:
                    cc:bb:06:dd:29:77:cc:90:a1:50:a0:2f:b6:07:03:
                    4c:f8:04:2f:d2:f1:95:a6:34:14:86:4a:de:89:fa:
                    8e:5d:5a:8e:ad:b6:f7:99:4e:74:83:d8:fd:fc:73:
                    01:69:76:37:7b:cf:98:08:0e:b4:66:a9:22:f5:08:
                    0d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:05:B1:89:14:E6:CF:DD:3A:97:F1:D3:6F:F4:34:B5:E1:AE:71:40
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ab45e62-7d44-4885-a10e-81a21539a820.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.23.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:75:a3:30:a3:2d:bc:f4:02:99:98:98:03:93:74:48:d0:11:
         48:bf:8c:61:1b:87:33:5b:40:09:e6:39:d7:f9:75:0a:fb:64:
         a1:c9:54:bc:da:81:57:5a:75:bd:83:3d:40:ab:9b:c8:8d:b5:
         31:32:8f:48:bb:8d:d6:e7:80:41:61:db:68:aa:a6:90:09:48:
         47:78:56:87:8d:d5:43:ea:e5:be:4e:47:4f:cf:60:11:c2:82:
         3e:86:36:70:19:f5:ba:58:5d:e7:99:82:95:bc:45:73:7d:a5:
         3a:58:74:89:38:4e:65:05:4e:fc:f7:a0:64:2c:22:cd:27:c6:
         cb:01:d5:39:c4:a6:b2:87:4f:bf:9a:11:a1:fd:6d:f2:c4:96:
         44:49:c0:87:d9:28:7e:b4:bd:37:6a:4f:0c:a9:75:67:0c:5e:
         bc:3c:82:54:c9:d4:cd:06:26:04:9e:05:9f:7b:de:ba:b8:31:
         3d:a7:9e:5e:e6:4b:36:bf:c7:ab:90:a9:d4:1f:86:d6:86:f0:
         45:56:93:33:f2:0d:f1:3c:cf:fd:c9:a0:70:0f:91:7b:62:7e:
         da:73:8c:fb:91:f1:84:ec:bb:3e:ab:1e:2e:97:ec:39:b1:6a:
         df:ae:0f:90:9a:a5:15:90:60:c5:8c:b7:c5:9f:59:f5:c6:16:
         8a:9f:dd:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOdZVAfev68cfYF9JuykxJCqTykAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA5MDAyMDI5WhcNMjUwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDY0ODMwOTdlYTYxOTYyOGIwMTViNjM2M2RkMWVkMjE3
MjI5ZjI5ZjQzZmZlYmFjNjU3NWVjMGNhY2YyMmNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDId4g0x8DIxfo+quEu3WiyQoWSxWM+pjOzsgBUdslMnuzl
BB8KZ4KTbDuLrYRpuRkr4/9omzwcLpZVlWprA2blOfzpXeKbTCfq/wePdyXJgB1x
hT1oz7/7aOm/9v+So357n6KQLMOb/Wcnr038a7zZkWskVFv4jw5mcd7j3Z2TUks6
roQV5oleT3OkyvpB3aGtuamAkQFAFazy6AoVUkNduTylF980fkPmEGmYgPZBrl+0
ZZwEerTsDXFDApew6ZJtPcy7Bt0pd8yQoVCgL7YHA0z4BC/S8ZWmNBSGSt6J+o5d
Wo6ttveZTnSD2P38cwFpdjd7z5gIDrRmqSL1CA03AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZgWxiRTmz906l/HTb/Q0teGucUAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhYjQ1ZTYyLTdkNDQtNDg4NS1hMTBlLTgxYTIxNTM5YTgyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIXF0gwDQYJKoZIhvcNAQELBQADggEBAM11ozCjLbz0ApmYmAOTdEjQEUi/
jGEbhzNbQAnmOdf5dQr7ZKHJVLzagVdadb2DPUCrm8iNtTEyj0i7jdbngEFh22iq
ppAJSEd4VoeN1UPq5b5OR0/PYBHCgj6GNnAZ9bpYXeeZgpW8RXN9pTpYdIk4TmUF
Tvz3oGQsIs0nxssB1TnEprKHT7+aEaH9bfLElkRJwIfZKH60vTdqTwypdWcMXrw8
glTJ1M0GJgSeBZ973rq4MT2nnl7mSza/x6uQqdQfhtaG8EVWkzPyDfE8z/3JoHAP
kXtiftpzjPuR8YTsuz6rHi6X7Dmxat+uD5CapRWQYMWMt8WfWfXGFoqf3f8=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:10:20 2025 by rpki-client