Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa
File:                     dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa (raw, json)
Hash identifier:          mlgOQvKHB5pfLdhJflIqb94Q5BzXNcQiemsXv8veS0Y=
Subject key identifier:   F5:7C:77:E9:EB:80:E9:A5:5D:76:BA:89:A5:19:76:52:AF:63:DC:A2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       48C77F48F06594B9DC67B5D46E9E7068D82C9207
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa
Signing time:             Mon 23 Jun 2025 15:00:48 +0000
ROA not before:           Mon 23 Jun 2025 15:00:48 +0000
ROA not after:            Mon 28 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.223.80.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:c7:7f:48:f0:65:94:b9:dc:67:b5:d4:6e:9e:70:68:d8:2c:92:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 23 15:00:48 2025 GMT
            Not After : Jul 28 23:59:59 2025 GMT
        Subject: serialNumber=2fd16766adbdb2b6bb9f421d8868cca89fa6f9bb828fd2a98afbde9422965129, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f9:d4:56:d2:ab:4c:33:ab:dc:cd:75:dc:52:
                    a1:fe:27:76:04:46:53:f0:7f:07:b6:66:20:c2:6b:
                    02:43:36:3b:fc:96:2b:80:2b:2a:d3:fb:7e:22:e2:
                    3a:d2:0b:f2:54:d3:55:f1:18:04:7e:e2:a0:90:0e:
                    1c:bb:bd:97:14:4f:29:e1:63:f8:ac:0a:cf:5b:98:
                    f4:15:ff:0c:e2:c1:44:c9:95:9e:1d:cb:7b:f4:aa:
                    11:ab:91:e1:6b:00:70:b8:25:e8:2d:99:60:fe:14:
                    f4:57:53:21:c2:ce:d9:41:7b:4c:a9:42:6b:d8:a1:
                    58:a1:a4:3d:02:4d:e7:c7:35:30:a3:e5:78:73:9e:
                    0e:5a:a7:b1:58:7a:90:e7:ff:37:30:6c:06:c9:ee:
                    10:72:39:f7:07:f7:a1:f4:42:62:08:57:12:b0:65:
                    43:4b:70:c6:64:8b:64:0a:0e:8b:0e:c2:cf:71:9a:
                    a7:a1:60:af:87:81:21:f3:14:7c:8e:83:2a:7c:c2:
                    6b:8c:58:d5:ec:eb:18:1c:da:a0:6c:0c:a0:c9:2f:
                    f5:af:1c:a0:d8:83:df:75:9f:8c:32:fb:ea:b9:c2:
                    ae:ba:7d:ab:13:b0:4f:61:2a:ba:33:81:d8:1d:12:
                    a7:87:88:52:80:37:96:c9:75:69:25:5a:7a:42:21:
                    85:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:7C:77:E9:EB:80:E9:A5:5D:76:BA:89:A5:19:76:52:AF:63:DC:A2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.223.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6d:c7:97:64:6f:70:32:0e:5c:82:1e:e2:e4:37:0f:2c:4e:97:
         fd:80:09:74:df:3c:43:a6:1e:07:b4:2a:41:7c:a3:80:9c:f5:
         78:4f:8f:93:2d:75:d2:b2:88:fc:02:88:e7:54:37:12:3e:4a:
         74:3a:c6:a9:de:79:5f:c6:f0:d8:bc:df:5e:a2:1b:c2:1d:e3:
         a7:d4:82:df:8b:34:fb:2f:8f:0b:09:e9:d5:fc:16:15:2a:96:
         70:68:22:6b:00:1e:8b:56:6d:ef:4b:12:73:92:b1:db:5f:96:
         41:bf:6b:f8:23:73:79:fe:7b:e0:c3:29:13:2f:5f:74:b2:21:
         60:31:73:84:d8:cd:51:a3:35:c7:70:f7:9b:48:56:c9:11:2e:
         58:8f:99:0d:dc:05:33:38:e9:33:bc:ba:a5:f8:95:fd:9d:aa:
         60:79:ab:32:de:ba:15:c2:c6:38:14:77:c0:5a:0c:d6:dc:43:
         28:c4:0c:bc:f1:ee:61:e5:a0:7d:36:fe:fa:3c:d5:6a:de:47:
         26:3a:36:f9:04:7c:a9:58:0e:a9:ef:60:1f:0c:a5:ef:25:6e:
         a7:9a:7f:b6:19:27:bb:49:6f:f3:50:df:51:9d:b1:86:fc:8f:
         ed:65:c9:53:44:12:c0:dc:63:c5:24:38:23:1a:cc:70:79:fa:
         f0:8a:54:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSMd/SPBllLncZ7XUbp5waNgskgcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjIzMTUwMDQ4WhcNMjUwNzI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZmQxNjc2NmFkYmRiMmI2YmI5ZjQyMWQ4ODY4Y2NhODlm
YTZmOWJiODI4ZmQyYTk4YWZiZGU5NDIyOTY1MTI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd+dRW0qtMM6vczXXcUqH+J3YERlPwfwe2ZiDCawJDNjv8
liuAKyrT+34i4jrSC/JU01XxGAR+4qCQDhy7vZcUTynhY/isCs9bmPQV/wziwUTJ
lZ4dy3v0qhGrkeFrAHC4JegtmWD+FPRXUyHCztlBe0ypQmvYoVihpD0CTefHNTCj
5Xhzng5ap7FYepDn/zcwbAbJ7hByOfcH96H0QmIIVxKwZUNLcMZki2QKDosOws9x
mqehYK+HgSHzFHyOgyp8wmuMWNXs6xgc2qBsDKDJL/WvHKDYg991n4wy++q5wq66
fasTsE9hKrozgdgdEqeHiFKAN5bJdWklWnpCIYVbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9Xx36euA6aVddrqJpRl2Uq9j3KIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiYzg3MDBlLWUzOWMtNDZlZC1iMjEyLTNlODg5N2E1YjM2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATP31AwDQYJKoZIhvcNAQELBQADggEBAG3Hl2RvcDIOXIIe4uQ3DyxOl/2A
CXTfPEOmHge0KkF8o4Cc9XhPj5MtddKyiPwCiOdUNxI+SnQ6xqneeV/G8Ni8316i
G8Id46fUgt+LNPsvjwsJ6dX8FhUqlnBoImsAHotWbe9LEnOSsdtflkG/a/gjc3n+
e+DDKRMvX3SyIWAxc4TYzVGjNcdw95tIVskRLliPmQ3cBTM46TO8uqX4lf2dqmB5
qzLeuhXCxjgUd8BaDNbcQyjEDLzx7mHloH02/vo81WreRyY6NvkEfKlYDqnvYB8M
pe8lbqeaf7YZJ7tJb/NQ31GdsYb8j+1lyVNEEsDcY8UkOCMazHB5+vCKVNs=
-----END CERTIFICATE-----