Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8a746b-196e-4958-804c-1ff8ad621b8e.roa
File:                     5e8a746b-196e-4958-804c-1ff8ad621b8e.roa (raw, json)
Hash identifier:          xrX8It1Med/1GonQgnkltC5C2v6Rzgr597wtCJ0GtoM=
Subject key identifier:   B4:6D:5C:62:ED:F8:DA:D4:71:0A:09:59:E8:6F:A8:0A:5B:31:D8:59
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0270F0FC9B823E02C0F68DBCED600E1B3533B735
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8a746b-196e-4958-804c-1ff8ad621b8e.roa
Signing time:             Wed 02 Jul 2025 00:20:29 +0000
ROA not before:           Wed 02 Jul 2025 00:20:29 +0000
ROA not after:            Wed 06 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        121.95.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:70:f0:fc:9b:82:3e:02:c0:f6:8d:bc:ed:60:0e:1b:35:33:b7:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  2 00:20:29 2025 GMT
            Not After : Aug  6 23:59:59 2025 GMT
        Subject: serialNumber=e8771c4fee928f10e9e7c5cf0e050a1b4a48f6c20db09c89d5e8f5cd31bfe8a9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:2d:5c:5d:c8:2a:b5:54:8c:67:8b:5b:cc:
                    53:e7:33:10:7c:5e:4b:5f:98:01:4a:04:91:7f:10:
                    af:97:8d:00:9b:7a:ef:85:ab:bc:02:0d:4f:df:09:
                    90:b8:a9:11:c9:d1:e6:1d:1b:57:d5:3a:13:bd:dc:
                    07:d1:79:86:68:38:92:e6:9d:4d:27:f4:8d:50:9c:
                    dc:6c:2f:80:aa:66:ab:89:e5:d9:dc:fd:64:0b:6b:
                    35:51:c7:ae:a7:ff:6d:04:7a:0b:f6:19:bd:67:0b:
                    24:80:bf:6c:0a:05:e9:30:7d:52:40:ec:01:da:fd:
                    1b:42:09:86:62:de:17:ff:5a:51:a5:3c:c6:49:df:
                    25:cc:9c:bb:47:6e:7f:02:f5:6d:a1:52:4e:81:97:
                    cf:89:a4:b7:76:f2:5e:95:8d:15:d8:b6:2e:ee:b3:
                    ea:0e:a9:9c:b0:c6:75:38:de:1a:7b:c2:82:79:e2:
                    86:a5:f3:8b:8e:03:b2:6c:a3:51:99:b9:5c:0c:f3:
                    ef:0f:31:b8:81:55:72:73:25:5f:f8:29:27:5e:f5:
                    81:15:be:c4:c3:85:f5:70:93:71:a1:c1:0e:40:03:
                    61:33:60:38:52:11:32:89:25:83:57:b8:61:c4:09:
                    3a:2c:8a:b8:01:3e:1f:cb:77:96:26:78:ef:e8:c4:
                    76:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:6D:5C:62:ED:F8:DA:D4:71:0A:09:59:E8:6F:A8:0A:5B:31:D8:59
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8a746b-196e-4958-804c-1ff8ad621b8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.95.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         91:70:b6:ed:4d:52:e1:3a:d5:54:0f:91:1d:cf:3f:5d:18:14:
         5d:2d:9a:4e:b1:0b:fc:37:94:1e:e9:b8:2d:d7:67:3e:39:f4:
         94:64:4c:68:43:30:7a:a8:e1:5a:63:ef:4f:e0:58:d4:40:0a:
         75:9e:d8:a2:53:86:17:22:e2:af:fe:7c:e6:62:08:cd:87:af:
         9f:02:dd:2f:f5:c4:95:53:66:b3:de:79:fe:f7:46:06:7b:db:
         1c:f8:ab:03:91:2e:ac:37:18:34:d8:72:81:e9:72:0b:b9:34:
         9d:e5:64:cb:ea:f8:94:11:75:fd:54:04:32:8f:45:4a:28:1b:
         9b:e1:d8:4e:80:79:48:92:88:31:58:c9:d8:24:8e:d6:8a:43:
         9c:fb:8a:85:60:ab:c8:83:9b:80:bd:85:b7:98:60:40:c9:66:
         c3:70:e5:87:f9:72:42:d3:5c:64:f1:99:2e:b0:bc:46:74:be:
         52:b4:65:96:46:95:b0:79:92:ff:96:de:bf:15:a0:73:04:46:
         0d:ce:26:9b:58:aa:3a:24:22:cc:5f:7d:4e:76:16:36:7a:9b:
         7b:58:64:d7:32:b3:fa:7c:d5:b2:14:f6:23:4b:95:f4:89:25:
         82:ae:36:af:b7:20:1e:42:6e:8f:9c:92:fe:1a:d8:19:c0:51:
         10:e3:80:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAnDw/JuCPgLA9o287WAOGzUztzUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzAyMDAyMDI5WhcNMjUwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlODc3MWM0ZmVlOTI4ZjEwZTllN2M1Y2YwZTA1MGExYjRh
NDhmNmMyMGRiMDljODlkNWU4ZjVjZDMxYmZlOGE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsPi1cXcgqtVSMZ4tbzFPnMxB8XktfmAFKBJF/EK+XjQCb
eu+Fq7wCDU/fCZC4qRHJ0eYdG1fVOhO93AfReYZoOJLmnU0n9I1QnNxsL4CqZquJ
5dnc/WQLazVRx66n/20Eegv2Gb1nCySAv2wKBekwfVJA7AHa/RtCCYZi3hf/WlGl
PMZJ3yXMnLtHbn8C9W2hUk6Bl8+JpLd28l6VjRXYti7us+oOqZywxnU43hp7woJ5
4oal84uOA7Jso1GZuVwM8+8PMbiBVXJzJV/4KSde9YEVvsTDhfVwk3GhwQ5AA2Ez
YDhSETKJJYNXuGHECTosirgBPh/Ld5YmeO/oxHbhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtG1cYu342tRxCglZ6G+oClsx2FkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlOGE3NDZiLTE5NmUtNDk1OC04MDRjLTFmZjhhZDYyMWI4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAd5X4AwDQYJKoZIhvcNAQELBQADggEBAJFwtu1NUuE61VQPkR3PP10YFF0t
mk6xC/w3lB7puC3XZz459JRkTGhDMHqo4Vpj70/gWNRACnWe2KJThhci4q/+fOZi
CM2Hr58C3S/1xJVTZrPeef73RgZ72xz4qwORLqw3GDTYcoHpcgu5NJ3lZMvq+JQR
df1UBDKPRUooG5vh2E6AeUiSiDFYydgkjtaKQ5z7ioVgq8iDm4C9hbeYYEDJZsNw
5Yf5ckLTXGTxmS6wvEZ0vlK0ZZZGlbB5kv+W3r8VoHMERg3OJptYqjokIsxffU52
FjZ6m3tYZNcys/p81bIU9iNLlfSJJYKuNq+3IB5Cbo+ckv4a2BnAURDjgGI=
-----END CERTIFICATE-----
Generated at Mon Jul 21 18:13:24 2025 by rpki-client