Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f655dc6-89d0-4748-9c62-d3bc957b920c.roa
File:                     7f655dc6-89d0-4748-9c62-d3bc957b920c.roa (raw, json)
Hash identifier:          0/WiQ0g0rJw1BzJ64DEJlvMIApI7dXwP/IOKI3xc9Yk=
Subject key identifier:   FF:C2:8B:F7:F8:F6:4B:93:3C:1C:FF:35:29:33:7B:77:54:ED:92:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2DBA54B81D82CC6A89CCD2727086CB37DDEADB77
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f655dc6-89d0-4748-9c62-d3bc957b920c.roa
Signing time:             Fri 27 Jun 2025 00:31:42 +0000
ROA not before:           Fri 27 Jun 2025 00:31:42 +0000
ROA not after:            Fri 01 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        44.223.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:ba:54:b8:1d:82:cc:6a:89:cc:d2:72:70:86:cb:37:dd:ea:db:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 27 00:31:42 2025 GMT
            Not After : Aug  1 23:59:59 2025 GMT
        Subject: serialNumber=ecf7aeb17953467cf105fce21ed485079195fec8cf0aff2d40ae69979e1430c3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:79:1e:be:fe:8c:4c:e8:ed:b4:d7:6b:78:38:
                    dc:01:13:37:85:d8:92:bf:bc:e5:35:b5:bc:e3:70:
                    6d:ea:56:36:1b:98:0b:21:62:15:ba:6e:c0:c5:63:
                    ad:f6:d1:39:79:c9:bd:ee:ba:e6:f8:70:c5:88:0c:
                    9b:83:cc:02:4c:4d:83:02:7b:aa:fc:60:0e:b9:54:
                    4c:cc:77:bd:bc:f4:2a:01:cf:6a:52:ac:59:62:2c:
                    1a:2c:3a:6c:6b:17:57:1c:47:b0:97:f7:08:0d:c1:
                    45:17:6d:7d:e6:36:ef:bb:b6:df:42:4f:48:cb:ff:
                    d5:c5:a3:dc:74:39:93:02:bb:b1:04:73:21:ec:0d:
                    59:29:46:44:56:b8:a3:ba:ec:d8:02:f6:02:25:a1:
                    ee:b3:43:92:21:65:48:10:6e:9d:34:67:a2:87:e6:
                    f1:c7:73:61:99:57:c8:d7:b7:42:52:8e:76:e3:67:
                    9f:82:19:67:ea:0c:10:e7:fd:3e:73:ad:fd:12:49:
                    41:7e:05:5a:98:54:7d:f5:d5:d3:43:b2:97:63:3b:
                    bb:10:0e:9f:b9:68:57:a5:ef:ae:09:e3:46:c8:3d:
                    98:71:21:2d:78:79:7f:e3:f8:ef:b6:21:68:75:03:
                    af:87:e9:d1:72:f7:01:c2:5f:4f:46:5b:20:58:ea:
                    7d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C2:8B:F7:F8:F6:4B:93:3C:1C:FF:35:29:33:7B:77:54:ED:92:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f655dc6-89d0-4748-9c62-d3bc957b920c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.223.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:10:49:58:de:d0:12:3a:05:9b:2c:dc:54:b0:aa:bc:17:34:
         72:9c:81:9c:f5:3e:dd:53:c1:e5:6a:38:57:88:d2:63:7b:cb:
         a8:e1:5f:4c:59:02:6e:a8:94:6c:02:c7:f8:50:2e:34:7b:94:
         90:fb:ab:d2:02:6c:8e:b9:96:42:38:24:2b:b2:9a:d8:32:9a:
         ac:18:3d:78:53:b7:36:ec:ea:a2:ac:bb:94:a5:43:7e:77:66:
         3b:7e:39:62:5d:51:6b:1c:99:27:59:b5:74:c6:85:fb:5f:e9:
         a4:9f:f5:75:99:e3:94:75:c7:8b:10:94:de:9d:39:78:38:ec:
         33:7a:cd:c2:79:e1:16:6c:75:ce:c1:43:85:c4:4d:3d:e7:8a:
         88:df:1c:6d:dc:b1:26:c7:e0:75:c8:b5:5b:b8:11:55:3f:7d:
         92:c0:33:4c:4f:f2:e8:3a:95:01:ba:47:2a:a4:fb:8a:7f:7e:
         2e:02:f5:f8:87:1e:e2:37:7d:8d:3f:1a:0d:78:96:15:d5:4d:
         3f:cd:ca:03:91:3f:97:d0:68:da:ee:29:c8:ab:28:54:ec:32:
         fd:3f:16:75:6e:6c:07:50:ea:43:c0:9d:b1:6f:8a:85:cb:cd:
         ec:d4:3b:2d:cc:e3:42:6f:c5:9e:48:2c:9c:de:2b:dc:83:53:
         fb:1b:b5:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULbpUuB2CzGqJzNJycIbLN93q23cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjI3MDAzMTQyWhcNMjUwODAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2Y3YWViMTc5NTM0NjdjZjEwNWZjZTIxZWQ0ODUwNzkx
OTVmZWM4Y2YwYWZmMmQ0MGFlNjk5NzllMTQzMGMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfeR6+/oxM6O2012t4ONwBEzeF2JK/vOU1tbzjcG3qVjYb
mAshYhW6bsDFY6320Tl5yb3uuub4cMWIDJuDzAJMTYMCe6r8YA65VEzMd7289CoB
z2pSrFliLBosOmxrF1ccR7CX9wgNwUUXbX3mNu+7tt9CT0jL/9XFo9x0OZMCu7EE
cyHsDVkpRkRWuKO67NgC9gIloe6zQ5IhZUgQbp00Z6KH5vHHc2GZV8jXt0JSjnbj
Z5+CGWfqDBDn/T5zrf0SSUF+BVqYVH311dNDspdjO7sQDp+5aFel764J40bIPZhx
IS14eX/j+O+2IWh1A6+H6dFy9wHCX09GWyBY6n2xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/8KL9/j2S5M8HP81KTN7d1TtkkYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdmNjU1ZGM2LTg5ZDAtNDc0OC05YzYyLWQzYmM5NTdiOTIwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAs33kwDQYJKoZIhvcNAQELBQADggEBACwQSVje0BI6BZss3FSwqrwXNHKc
gZz1Pt1TweVqOFeI0mN7y6jhX0xZAm6olGwCx/hQLjR7lJD7q9ICbI65lkI4JCuy
mtgymqwYPXhTtzbs6qKsu5SlQ353Zjt+OWJdUWscmSdZtXTGhftf6aSf9XWZ45R1
x4sQlN6dOXg47DN6zcJ54RZsdc7BQ4XETT3niojfHG3csSbH4HXItVu4EVU/fZLA
M0xP8ug6lQG6Ryqk+4p/fi4C9fiHHuI3fY0/Gg14lhXVTT/NygORP5fQaNruKcir
KFTsMv0/FnVubAdQ6kPAnbFvioXLzezUOy3M40JvxZ5ILJzeK9yDU/sbtQM=
-----END CERTIFICATE-----