Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a728d17e-d435-496e-9424-123dad229b72.roa
File:                     a728d17e-d435-496e-9424-123dad229b72.roa (raw, json)
Hash identifier:          dhCyUjFtDBSVcglnilp/3Gy+rAJ9Af5zMx+r218zVaA=
Subject key identifier:   1B:83:0E:C4:C6:21:BF:04:EA:B7:4E:3C:78:18:AF:64:87:16:D2:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4433C07C81DB9E299B967756B39A09A391918947
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a728d17e-d435-496e-9424-123dad229b72.roa
Signing time:             Mon 07 Jul 2025 16:11:14 +0000
ROA not before:           Mon 07 Jul 2025 16:11:14 +0000
ROA not after:            Mon 11 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.120.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 24 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:33:c0:7c:81:db:9e:29:9b:96:77:56:b3:9a:09:a3:91:91:89:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  7 16:11:14 2025 GMT
            Not After : Aug 11 23:59:59 2025 GMT
        Subject: serialNumber=ed5d2486791d95a2d5494fe6bc0498784cebf46471f0de1c05196ecd0609e6a1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5a:72:e7:46:74:5e:e6:47:7c:8d:c9:c6:3a:
                    88:8c:3c:71:31:5e:2f:7c:e8:43:62:1d:f1:85:3b:
                    29:c0:7c:15:87:b4:8b:bc:77:b3:da:06:d7:e5:79:
                    53:4b:b0:de:c3:5d:26:c3:d4:55:1b:8f:89:51:a0:
                    b3:03:87:1f:2d:fd:59:31:73:e5:33:4c:40:e3:12:
                    2d:23:15:34:37:d1:65:50:89:7e:a8:3c:58:a2:2f:
                    b6:a9:c4:da:22:9c:67:50:28:55:a7:05:1f:be:cb:
                    d9:fd:42:b1:9b:c8:78:30:94:a0:0a:f0:64:4a:b9:
                    46:e0:ca:0c:ac:3f:f5:05:4b:b6:e4:85:3a:d3:bb:
                    2c:d9:37:af:12:7a:e0:75:bc:2b:6a:39:3e:d1:0b:
                    1b:44:b9:65:0a:30:71:6a:66:66:f5:8a:96:b1:53:
                    25:fd:84:72:a7:f1:b8:76:e9:19:0d:e6:da:01:ce:
                    7c:58:ec:62:e2:8e:20:64:65:2d:bc:af:33:fa:a3:
                    5a:0c:99:0e:5f:c7:47:11:af:5f:e0:c8:10:9c:bd:
                    0c:63:e3:e8:20:8a:ab:08:be:a3:a6:06:19:d8:7b:
                    20:47:73:12:76:08:21:1e:99:d9:2f:f4:bc:a6:d5:
                    56:53:1a:e1:25:8d:5d:a1:fa:94:39:d4:3b:6b:15:
                    f4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:83:0E:C4:C6:21:BF:04:EA:B7:4E:3C:78:18:AF:64:87:16:D2:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a728d17e-d435-496e-9424-123dad229b72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.120.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:d1:a4:c1:13:87:41:a2:4b:6d:ca:18:e8:a8:f5:d2:7f:ac:
         af:87:cd:9b:fe:e2:ed:8b:20:a9:0b:b6:52:d0:b1:15:f4:4a:
         54:2d:a4:34:53:b6:ee:f9:1b:83:02:c2:4d:09:17:b8:1b:e1:
         ae:ef:58:7e:15:ef:06:5c:45:55:0f:67:e6:f6:a7:41:5e:2c:
         4d:3d:4a:d3:27:7c:bd:d0:ae:15:76:dc:31:24:f5:f2:fd:75:
         c0:37:1c:4f:5c:89:96:16:02:c1:51:e3:d5:0d:91:63:2d:a9:
         48:7d:73:dd:e2:73:5a:26:69:27:f0:17:c3:cb:35:e9:af:bc:
         da:96:20:04:3c:62:85:fd:85:35:7a:09:01:6e:f7:d3:e5:90:
         03:71:5d:be:e7:17:3b:b3:a8:bb:62:90:b2:8b:ae:58:eb:b7:
         4c:95:d4:45:f7:11:bd:a1:3d:94:08:f1:56:74:fc:c7:66:51:
         24:75:a3:05:78:91:30:2b:95:d4:ec:34:ff:00:67:46:13:8a:
         75:6a:98:89:22:af:56:07:1f:8f:2a:33:cb:dd:89:b9:7f:97:
         52:8a:22:35:ce:c1:41:e3:46:2c:06:ae:81:a4:a8:75:94:c1:
         74:0a:84:cc:46:17:fb:bf:59:a7:a1:b0:31:4d:f8:59:7a:7c:
         0d:8d:2c:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURDPAfIHbnimblndWs5oJo5GRiUcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA3MTYxMTE0WhcNMjUwODExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDVkMjQ4Njc5MWQ5NWEyZDU0OTRmZTZiYzA0OTg3ODRj
ZWJmNDY0NzFmMGRlMWMwNTE5NmVjZDA2MDllNmExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7WnLnRnRe5kd8jcnGOoiMPHExXi986ENiHfGFOynAfBWH
tIu8d7PaBtfleVNLsN7DXSbD1FUbj4lRoLMDhx8t/Vkxc+UzTEDjEi0jFTQ30WVQ
iX6oPFiiL7apxNoinGdQKFWnBR++y9n9QrGbyHgwlKAK8GRKuUbgygysP/UFS7bk
hTrTuyzZN68SeuB1vCtqOT7RCxtEuWUKMHFqZmb1ipaxUyX9hHKn8bh26RkN5toB
znxY7GLijiBkZS28rzP6o1oMmQ5fx0cRr1/gyBCcvQxj4+ggiqsIvqOmBhnYeyBH
cxJ2CCEemdkv9Lym1VZTGuEljV2h+pQ51DtrFfTzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUG4MOxMYhvwTqt048eBivZIcW0hkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3MjhkMTdlLWQ0MzUtNDk2ZS05NDI0LTEyM2RhZDIyOWI3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOieBgwDQYJKoZIhvcNAQELBQADggEBAHvRpMETh0GiS23KGOio9dJ/rK+H
zZv+4u2LIKkLtlLQsRX0SlQtpDRTtu75G4MCwk0JF7gb4a7vWH4V7wZcRVUPZ+b2
p0FeLE09StMnfL3QrhV23DEk9fL9dcA3HE9ciZYWAsFR49UNkWMtqUh9c93ic1om
aSfwF8PLNemvvNqWIAQ8YoX9hTV6CQFu99PlkANxXb7nFzuzqLtikLKLrljrt0yV
1EX3Eb2hPZQI8VZ0/MdmUSR1owV4kTArldTsNP8AZ0YTinVqmIkir1YHH48qM8vd
ibl/l1KKIjXOwUHjRiwGroGkqHWUwXQKhMxGF/u/WaehsDFN+Fl6fA2NLF0=
-----END CERTIFICATE-----
Generated at Tue Jul 22 20:17:51 2025 by rpki-client