Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc6cfdd7-e440-4f46-badb-238f56e1aab4.roa
File:                     bc6cfdd7-e440-4f46-badb-238f56e1aab4.roa (raw, json)
Hash identifier:          o9UDW9bz1vsemJrcfU9BSIUA2xTryVGycNSOjWzGa1g=
Subject key identifier:   C4:34:E9:5C:F2:27:47:DA:98:D5:1F:B7:91:7C:B1:A9:59:48:90:44
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C62311B527628DF676296243A21670443B59394
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc6cfdd7-e440-4f46-badb-238f56e1aab4.roa
Signing time:             Fri 01 Aug 2025 15:12:02 +0000
ROA not before:           Fri 01 Aug 2025 15:12:02 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        123.200.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:62:31:1b:52:76:28:df:67:62:96:24:3a:21:67:04:43:b5:93:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  1 15:12:02 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=99411a07499b335784abf61eb6c7b594f5ec91b48796e5351df7f04ed7ff2eef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:17:3e:07:38:ac:05:db:c8:f3:13:46:40:35:
                    47:04:53:5a:c2:d5:e8:8b:c7:2f:b1:d2:31:5b:f0:
                    2c:6a:d4:df:65:da:58:83:c9:39:0e:05:b0:68:b1:
                    a7:b7:78:0a:74:5b:77:e3:aa:03:62:7c:36:1d:78:
                    82:25:38:27:bf:15:3e:11:d8:b9:6c:64:63:ed:c8:
                    68:ee:08:f3:9f:f0:63:69:89:a0:64:a9:72:ef:35:
                    bb:bd:a6:41:00:0f:fb:3d:0b:52:90:c6:06:97:de:
                    5e:83:12:67:13:08:4d:31:87:14:f0:e0:ea:ef:fb:
                    d1:b4:5a:0a:b3:4d:ce:75:c9:1b:80:16:25:a1:9c:
                    e2:f5:53:d2:d2:d0:1d:cb:34:e0:df:4b:6f:1a:fc:
                    96:2c:16:0c:56:bd:ef:4d:52:3d:2c:79:7a:c0:f8:
                    ee:f7:49:5f:18:e5:e4:5e:59:20:8e:b3:bc:bc:4a:
                    56:4a:89:80:8c:64:ab:a7:a6:9b:fa:aa:2d:19:cd:
                    71:ff:2a:b3:0b:1a:d0:19:1c:1d:40:40:e0:1b:9f:
                    e8:17:86:36:c8:68:a7:fe:4a:07:e8:5a:9b:f9:3d:
                    5c:8e:3f:dc:76:2f:de:13:73:1e:94:04:00:95:58:
                    84:f3:36:a5:93:16:87:c8:69:ad:3d:7c:3d:a3:c4:
                    eb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:34:E9:5C:F2:27:47:DA:98:D5:1F:B7:91:7C:B1:A9:59:48:90:44
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc6cfdd7-e440-4f46-badb-238f56e1aab4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.200.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:81:96:f1:d7:7c:5a:35:0f:b0:4b:56:59:47:d5:32:27:db:
         3c:60:ed:a3:0b:b9:39:46:4d:0b:d7:15:c9:2c:8f:f6:6c:7e:
         43:a5:d4:cd:36:d1:86:ef:af:26:6f:40:41:04:ae:c2:0d:13:
         a6:8a:ea:04:68:5b:6f:dc:48:0f:ed:85:e4:e6:e5:33:51:d3:
         c1:65:35:c8:a0:44:47:2d:6f:b5:0a:c9:f2:ae:1b:d1:4e:d5:
         ed:26:3b:57:fd:fa:66:35:ac:a3:92:06:8e:fc:25:30:32:30:
         42:f8:40:66:bd:54:9a:b0:b9:75:77:fc:7e:86:39:23:09:c7:
         d0:95:d2:9f:b3:eb:46:f7:ff:2d:bf:f0:9f:0b:8d:61:0f:57:
         28:5f:67:93:6e:db:89:0b:a1:78:f0:b9:ea:4e:64:68:17:5d:
         18:36:f2:77:b3:07:d2:f7:66:ff:da:c2:44:54:c9:aa:a4:ae:
         31:44:80:d4:2f:5f:fc:f5:92:97:34:b4:00:96:1e:c1:77:a5:
         a0:cf:68:6c:3c:52:9d:9a:00:69:fb:c8:f4:a8:5f:99:6a:f6:
         48:39:77:b9:df:ec:55:50:71:09:93:e2:f6:96:44:bb:74:f3:
         fb:f3:d0:92:6c:c7:c6:97:ac:16:ad:87:ff:56:7d:97:21:87:
         3f:bb:82:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPGIxG1J2KN9nYpYkOiFnBEO1k5QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODAxMTUxMjAyWhcNMjUwOTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTQxMWEwNzQ5OWIzMzU3ODRhYmY2MWViNmM3YjU5NGY1
ZWM5MWI0ODc5NmU1MzUxZGY3ZjA0ZWQ3ZmYyZWVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2Fz4HOKwF28jzE0ZANUcEU1rC1eiLxy+x0jFb8Cxq1N9l
2liDyTkOBbBosae3eAp0W3fjqgNifDYdeIIlOCe/FT4R2LlsZGPtyGjuCPOf8GNp
iaBkqXLvNbu9pkEAD/s9C1KQxgaX3l6DEmcTCE0xhxTw4Orv+9G0WgqzTc51yRuA
FiWhnOL1U9LS0B3LNODfS28a/JYsFgxWve9NUj0seXrA+O73SV8Y5eReWSCOs7y8
SlZKiYCMZKunppv6qi0ZzXH/KrMLGtAZHB1AQOAbn+gXhjbIaKf+SgfoWpv5PVyO
P9x2L94Tcx6UBACVWITzNqWTFofIaa09fD2jxOsvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxDTpXPInR9qY1R+3kXyxqVlIkEQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JjNmNmZGQ3LWU0NDAtNGY0Ni1iYWRiLTIzOGY1NmUxYWFiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAN7yOAwDQYJKoZIhvcNAQELBQADggEBABCBlvHXfFo1D7BLVllH1TIn2zxg
7aMLuTlGTQvXFcksj/ZsfkOl1M020YbvryZvQEEErsINE6aK6gRoW2/cSA/theTm
5TNR08FlNcigREctb7UKyfKuG9FO1e0mO1f9+mY1rKOSBo78JTAyMEL4QGa9VJqw
uXV3/H6GOSMJx9CV0p+z60b3/y2/8J8LjWEPVyhfZ5Nu24kLoXjwuepOZGgXXRg2
8nezB9L3Zv/awkRUyaqkrjFEgNQvX/z1kpc0tACWHsF3paDPaGw8Up2aAGn7yPSo
X5lq9kg5d7nf7FVQcQmT4vaWRLt08/vz0JJsx8aXrBath/9WfZchhz+7gm8=
-----END CERTIFICATE-----