Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f83c88d1-a77e-4c7f-89d5-9038e8aa9364.roa
File:                     f83c88d1-a77e-4c7f-89d5-9038e8aa9364.roa (raw, json)
Hash identifier:          KJ/wB79mYchGaXc5/1M7/gE9yMFMc74P5xYi4iSRCO4=
Subject key identifier:   A2:AD:7E:C4:F5:E6:42:DA:BF:A0:5E:5D:0E:87:9D:F6:4D:E3:AC:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45C307F5B67BA83FD742A7C05CC67835934DC9F2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f83c88d1-a77e-4c7f-89d5-9038e8aa9364.roa
Signing time:             Wed 16 Jul 2025 00:21:12 +0000
ROA not before:           Wed 16 Jul 2025 00:21:12 +0000
ROA not after:            Wed 20 Aug 2025 23:59:59 +0000
asID:                     62628
IP address blocks:        204.126.120.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:c3:07:f5:b6:7b:a8:3f:d7:42:a7:c0:5c:c6:78:35:93:4d:c9:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 16 00:21:12 2025 GMT
            Not After : Aug 20 23:59:59 2025 GMT
        Subject: serialNumber=d5235bf5533e2553eec2a46fff6cc4c69672a4ad7ee004e209a3169be5a82689, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:05:6d:02:c5:76:eb:13:ce:dc:c3:f4:7b:1d:
                    5b:00:40:b8:5e:76:a0:c7:a8:81:1d:13:75:2d:fe:
                    d1:bc:fe:50:17:6e:d4:b5:34:92:9b:9e:2b:02:74:
                    71:35:04:c3:33:f4:c9:87:3c:da:71:89:86:50:1c:
                    4c:fa:cc:c7:8c:99:f4:ce:ca:3b:4c:ab:e0:f2:24:
                    cc:dd:71:d5:46:ea:0f:7b:24:90:56:66:7f:bb:87:
                    4b:63:f8:37:99:5c:99:7f:49:5b:23:8d:74:b8:78:
                    ab:68:76:d0:3f:08:d2:b7:f1:0a:04:ca:17:b7:c2:
                    97:25:f5:03:33:0d:e0:91:7f:aa:3c:bb:66:54:cd:
                    f5:b2:66:9e:53:2f:ca:9b:ac:de:cb:24:98:5e:53:
                    54:f3:66:14:f2:71:98:d6:ce:d9:b0:a1:e8:68:54:
                    01:af:21:a5:c8:d1:29:e6:1c:64:92:e7:2e:cd:26:
                    45:b3:93:ac:19:78:b8:af:03:6b:0e:ef:47:93:13:
                    67:db:ee:b8:84:35:56:a3:3a:75:10:5c:81:20:ce:
                    61:4a:61:be:fb:78:b8:2c:c3:2e:0a:e4:ba:fb:5b:
                    ab:3c:69:12:ac:93:87:45:2d:c1:bf:2b:2f:4a:36:
                    7b:a0:bc:67:7c:42:a5:e3:0f:96:64:14:42:19:25:
                    0e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AD:7E:C4:F5:E6:42:DA:BF:A0:5E:5D:0E:87:9D:F6:4D:E3:AC:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f83c88d1-a77e-4c7f-89d5-9038e8aa9364.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.126.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:e7:d8:25:38:96:a7:c1:17:d3:f0:06:0d:3e:20:4c:27:52:
         44:be:23:cd:e1:f9:3c:af:53:71:f0:ea:bf:20:de:79:2c:88:
         e3:fe:75:0e:09:c4:68:20:6c:f6:0b:b6:61:d3:35:23:4b:86:
         e3:f5:86:29:24:62:de:7c:d2:85:9f:f2:5c:54:96:a5:94:4d:
         53:7e:94:3e:bb:0f:07:2b:8b:04:b0:c5:a0:19:86:b0:8d:d3:
         5e:72:27:ec:35:d8:1c:f0:2a:3c:45:4c:72:f8:7a:d3:d6:f0:
         59:c6:a2:cc:fa:c2:df:46:1a:8c:63:f9:d0:12:91:aa:27:ed:
         9e:52:1c:6f:e7:a1:bb:54:ab:51:e4:6f:d2:d6:01:7a:bb:17:
         70:ca:f6:71:08:1e:97:78:56:c9:ec:de:0d:e8:6d:ab:94:3e:
         e8:af:b3:5a:e0:5d:d1:ec:f3:2b:a4:5e:ab:ca:fb:57:2e:a6:
         0c:99:2b:ee:d1:aa:1e:a6:93:70:6f:15:17:50:2a:80:cd:a3:
         f4:03:66:75:f7:93:98:90:11:79:f4:eb:94:6e:c0:7b:f6:0f:
         2b:01:1f:4c:23:46:53:b0:9e:9c:40:89:41:1e:2a:58:8c:8c:
         9b:8e:2a:f5:25:80:97:99:5a:24:c3:28:2f:de:0f:ef:43:17:
         3a:99:5e:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURcMH9bZ7qD/XQqfAXMZ4NZNNyfIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE2MDAyMTEyWhcNMjUwODIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTIzNWJmNTUzM2UyNTUzZWVjMmE0NmZmZjZjYzRjNjk2
NzJhNGFkN2VlMDA0ZTIwOWEzMTY5YmU1YTgyNjg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgBW0CxXbrE87cw/R7HVsAQLhedqDHqIEdE3Ut/tG8/lAX
btS1NJKbnisCdHE1BMMz9MmHPNpxiYZQHEz6zMeMmfTOyjtMq+DyJMzdcdVG6g97
JJBWZn+7h0tj+DeZXJl/SVsjjXS4eKtodtA/CNK38QoEyhe3wpcl9QMzDeCRf6o8
u2ZUzfWyZp5TL8qbrN7LJJheU1TzZhTycZjWztmwoehoVAGvIaXI0SnmHGSS5y7N
JkWzk6wZeLivA2sO70eTE2fb7riENVajOnUQXIEgzmFKYb77eLgswy4K5Lr7W6s8
aRKsk4dFLcG/Ky9KNnugvGd8QqXjD5ZkFEIZJQ6pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoq1+xPXmQtq/oF5dDoed9k3jrCUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4M2M4OGQxLWE3N2UtNGM3Zi04OWQ1LTkwMzhlOGFhOTM2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHMfngwDQYJKoZIhvcNAQELBQADggEBAKLn2CU4lqfBF9PwBg0+IEwnUkS+
I83h+TyvU3Hw6r8g3nksiOP+dQ4JxGggbPYLtmHTNSNLhuP1hikkYt580oWf8lxU
lqWUTVN+lD67DwcriwSwxaAZhrCN015yJ+w12BzwKjxFTHL4etPW8FnGosz6wt9G
Goxj+dASkaon7Z5SHG/nobtUq1Hkb9LWAXq7F3DK9nEIHpd4Vsns3g3obauUPuiv
s1rgXdHs8yukXqvK+1cupgyZK+7Rqh6mk3BvFRdQKoDNo/QDZnX3k5iQEXn065Ru
wHv2DysBH0wjRlOwnpxAiUEeKliMjJuOKvUlgJeZWiTDKC/eD+9DFzqZXjA=
-----END CERTIFICATE-----