Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/121a5400-f940-428a-9bc9-2251735f0c70.roa
File:                     121a5400-f940-428a-9bc9-2251735f0c70.roa (raw, json)
Hash identifier:          GfhkL6lzHLom/S3Na05gmmmfuIXo+Hw31ulwO2OqbMc=
Subject key identifier:   09:A6:F3:0B:E9:C7:04:DE:84:62:58:62:D5:1B:A2:FA:7E:71:E5:7C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E07954CCA622620757481ABE5D26154FC46C459
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/121a5400-f940-428a-9bc9-2251735f0c70.roa
Signing time:             Wed 13 Aug 2025 00:30:22 +0000
ROA not before:           Wed 13 Aug 2025 00:30:22 +0000
ROA not after:            Wed 17 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.204.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:07:95:4c:ca:62:26:20:75:74:81:ab:e5:d2:61:54:fc:46:c4:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 13 00:30:22 2025 GMT
            Not After : Sep 17 23:59:59 2025 GMT
        Subject: serialNumber=42a3a00e911d191b79bb419fcd7f4b5d8c94ab945d2f2d450b45663a5fa0bf90, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:2a:48:69:4a:1f:e3:f7:ce:fe:a0:dc:c6:56:
                    6e:44:e6:2c:9b:59:8b:5c:ae:14:59:84:c3:e5:39:
                    cd:3b:0f:aa:79:fb:98:07:13:1b:4e:d4:d8:04:f1:
                    72:3d:9c:d0:11:f7:8c:46:f5:5d:36:e5:9f:a8:c8:
                    e3:8f:83:a7:1d:ff:4c:67:51:c6:42:0c:b8:3c:ad:
                    e3:aa:b6:1a:48:67:9b:7c:09:fc:87:ed:1c:c7:69:
                    9c:20:bc:ec:21:a0:c2:e3:3f:a5:ed:e0:e2:9f:ed:
                    25:1e:6a:fe:4e:82:fb:2a:b3:6a:5c:ce:a0:7c:44:
                    5a:82:5f:e8:8f:ac:db:3a:2d:69:c0:85:f8:49:5d:
                    20:e8:c6:fc:c5:be:b2:7c:63:71:1b:26:e0:2c:39:
                    5b:a6:a7:68:08:f9:3c:07:44:55:b9:4c:1c:3a:00:
                    db:11:23:9e:b0:b6:9a:9a:77:72:cb:1c:95:bf:2d:
                    37:c8:ff:52:1e:cf:65:85:2c:e7:c5:05:a4:24:aa:
                    1f:a7:49:9b:fc:36:d7:42:12:98:22:70:44:24:98:
                    f0:c6:1e:21:d5:28:15:33:a9:b2:76:e2:2e:42:a3:
                    51:6e:81:af:2b:60:6c:45:7f:6c:0d:e1:12:5a:c3:
                    81:b4:57:fe:fc:8c:04:80:be:18:ff:c4:02:80:13:
                    a8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A6:F3:0B:E9:C7:04:DE:84:62:58:62:D5:1B:A2:FA:7E:71:E5:7C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/121a5400-f940-428a-9bc9-2251735f0c70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.204.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:ee:b1:53:69:42:bf:13:c6:ed:3e:dc:d5:cf:1d:b3:90:99:
         21:45:f6:93:67:2e:73:31:6b:c7:f1:57:ae:d5:c7:82:6d:39:
         13:51:62:2a:ac:3f:c0:ca:52:22:44:61:5a:be:c7:23:a3:85:
         ec:14:11:32:19:43:75:bf:06:2d:9a:ec:66:74:2a:e1:61:e0:
         c3:40:7a:01:4d:d1:85:30:5f:46:c5:83:68:52:27:ff:59:45:
         3a:91:dc:d5:3d:ef:47:f6:74:b3:f0:96:c2:e2:91:b8:02:2a:
         d9:77:99:87:a0:0a:8c:ea:eb:09:55:fa:4b:ab:5d:fc:7a:87:
         33:61:81:29:88:79:de:58:65:19:a1:d1:86:7a:2f:58:91:21:
         df:00:85:99:47:91:9c:89:10:4e:0d:4a:e6:93:5d:9f:4d:82:
         fc:58:4e:2a:3f:1b:80:16:10:f1:a3:f2:8b:4d:a8:c9:52:4e:
         07:74:48:0b:32:44:17:13:a1:64:ff:34:2f:b3:9f:97:1a:dc:
         0f:bf:2c:57:f8:5e:28:67:45:cf:8c:4d:e6:de:28:60:dc:36:
         02:81:9e:12:e1:4c:c2:48:11:91:cb:be:46:e3:4a:fe:0f:43:
         a2:fb:55:98:e8:c6:59:12:a2:fa:07:35:85:54:f6:ce:7b:3e:
         1e:30:2c:ae
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPgeVTMpiJiB1dIGr5dJhVPxGxFkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEzMDAzMDIyWhcNMjUwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MmEzYTAwZTkxMWQxOTFiNzliYjQxOWZjZDdmNGI1ZDhj
OTRhYjk0NWQyZjJkNDUwYjQ1NjYzYTVmYTBiZjkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjKkhpSh/j987+oNzGVm5E5iybWYtcrhRZhMPlOc07D6p5
+5gHExtO1NgE8XI9nNAR94xG9V025Z+oyOOPg6cd/0xnUcZCDLg8reOqthpIZ5t8
CfyH7RzHaZwgvOwhoMLjP6Xt4OKf7SUeav5Ogvsqs2pczqB8RFqCX+iPrNs6LWnA
hfhJXSDoxvzFvrJ8Y3EbJuAsOVump2gI+TwHRFW5TBw6ANsRI56wtpqad3LLHJW/
LTfI/1Iez2WFLOfFBaQkqh+nSZv8NtdCEpgicEQkmPDGHiHVKBUzqbJ24i5Co1Fu
ga8rYGxFf2wN4RJaw4G0V/78jASAvhj/xAKAE6jpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCabzC+nHBN6EYlhi1Rui+n5x5XwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEyMWE1NDAwLWY5NDAtNDI4YS05YmM5LTIyNTE3MzVmMGM3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5zDANBgkqhkiG9w0BAQsFAAOCAQEAPO6xU2lCvxPG7T7c1c8ds5CZIUX2
k2cuczFrx/FXrtXHgm05E1FiKqw/wMpSIkRhWr7HI6OF7BQRMhlDdb8GLZrsZnQq
4WHgw0B6AU3RhTBfRsWDaFIn/1lFOpHc1T3vR/Z0s/CWwuKRuAIq2XeZh6AKjOrr
CVX6S6td/HqHM2GBKYh53lhlGaHRhnovWJEh3wCFmUeRnIkQTg1K5pNdn02C/FhO
Kj8bgBYQ8aPyi02oyVJOB3RICzJEFxOhZP80L7OflxrcD78sV/heKGdFz4xN5t4o
YNw2AoGeEuFMwkgRkcu+RuNK/g9DovtVmOjGWRKi+gc1hVT2zns+HjAsrg==
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:48:25 2025 by rpki-client