Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b7bc93-87d7-4f06-a0e0-039600e45253.roa
File:                     e7b7bc93-87d7-4f06-a0e0-039600e45253.roa (raw, json)
Hash identifier:          zUh7GkHhVoTCMyM8VeOT13zjd+vsrsN/Hcd9xrjr9yQ=
Subject key identifier:   BB:6D:DB:ED:5F:20:1B:8D:92:D5:3A:91:7B:C9:16:D1:32:D7:3F:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       229CBBEF25D3248216DDFEE39D549956CB1CCB81
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b7bc93-87d7-4f06-a0e0-039600e45253.roa
Signing time:             Fri 13 Jun 2025 15:30:20 +0000
ROA not before:           Fri 13 Jun 2025 15:30:20 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        121.91.160.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 16 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:9c:bb:ef:25:d3:24:82:16:dd:fe:e3:9d:54:99:56:cb:1c:cb:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 15:30:20 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=1c69bc537b6ee582dc4fc34e2206cf69cb464bb7815b496db2cc001b4f9ce741, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:79:af:c5:30:df:3f:76:a2:72:8f:38:83:b4:
                    80:b2:25:bc:c7:dc:26:b3:b1:cd:a0:a6:ec:64:a6:
                    54:99:46:6a:21:14:37:04:86:d6:45:92:3f:15:1b:
                    b8:f2:7a:ec:29:d1:82:42:24:2a:4d:77:6a:9a:e4:
                    00:a8:02:a7:11:ff:5a:92:78:bf:50:54:47:1c:7f:
                    6a:1d:31:45:eb:1c:47:10:e2:ef:c5:d1:86:55:c3:
                    05:59:7d:ea:7f:86:8d:00:a8:8e:4f:c1:e6:c2:18:
                    9b:e0:4f:f6:83:2a:fd:91:da:b4:9f:7c:f2:53:f8:
                    f2:82:bc:67:80:a0:84:23:e6:58:5d:76:ca:85:55:
                    87:30:b4:13:73:cf:32:23:3a:1c:a2:a4:c9:9b:63:
                    2b:a7:b1:44:19:5a:dc:e5:ee:06:8c:6b:d6:ba:10:
                    b6:c1:e6:1f:19:dd:eb:c3:9a:af:75:16:ba:c5:ea:
                    24:60:86:97:a6:d0:49:d5:d2:99:94:f2:a7:c5:bb:
                    41:4a:3b:f8:cb:3c:ce:10:98:8e:3d:83:d1:a6:c8:
                    6b:17:57:0a:f0:a1:14:c7:da:ad:ed:86:1e:6c:df:
                    46:00:47:ca:b2:73:93:1a:a3:78:26:6c:e6:e8:8f:
                    06:2c:b2:52:a5:be:43:64:5a:b5:70:9b:6c:7d:4b:
                    95:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:6D:DB:ED:5F:20:1B:8D:92:D5:3A:91:7B:C9:16:D1:32:D7:3F:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b7bc93-87d7-4f06-a0e0-039600e45253.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.91.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ab:4e:59:d6:fc:ae:57:80:42:7a:e5:65:fe:25:fb:d7:ef:15:
         24:c3:6f:9e:73:6b:95:97:61:1c:9d:0c:45:4b:d2:5d:37:d0:
         f8:9e:a0:04:a4:3f:b7:fb:14:23:ce:53:e2:d0:9f:9b:7c:47:
         6c:8e:3e:f7:d4:b1:f4:89:ab:8d:97:59:f0:27:27:90:76:32:
         70:4a:32:f4:de:10:fb:3c:5a:d5:d0:71:99:27:53:07:02:7c:
         94:7e:07:25:ba:37:93:86:af:84:ce:42:86:5b:c3:8e:7c:49:
         39:cb:5a:8b:39:3a:5c:5b:60:92:0f:16:2a:fa:b3:f9:22:8a:
         1e:11:10:cd:eb:bf:42:e5:ec:8a:b2:cf:b3:55:cb:1c:72:85:
         24:8e:1f:47:d2:8d:a8:a9:e5:43:3f:e2:f5:11:54:d6:ea:c9:
         b8:8c:b5:cc:db:e2:67:da:4d:9c:97:a3:d8:96:8b:72:f3:b3:
         3c:7c:2f:a7:c2:1c:90:fe:50:16:d5:d3:fd:c2:c2:d1:0e:e9:
         04:b4:60:26:34:a3:52:22:3f:cf:7a:a6:4e:f9:f1:a7:38:57:
         fd:58:d9:a0:be:76:91:b3:ca:ad:63:88:08:84:cf:66:c4:ba:
         2b:bf:35:19:dc:42:d0:40:5b:2c:5c:7a:0f:38:79:62:6b:39:
         a5:d4:9b:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIpy77yXTJIIW3f7jnVSZVsscy4EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMTUzMDIwWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzY5YmM1MzdiNmVlNTgyZGM0ZmMzNGUyMjA2Y2Y2OWNi
NDY0YmI3ODE1YjQ5NmRiMmNjMDAxYjRmOWNlNzQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDea/FMN8/dqJyjziDtICyJbzH3Cazsc2gpuxkplSZRmoh
FDcEhtZFkj8VG7jyeuwp0YJCJCpNd2qa5ACoAqcR/1qSeL9QVEccf2odMUXrHEcQ
4u/F0YZVwwVZfep/ho0AqI5PwebCGJvgT/aDKv2R2rSffPJT+PKCvGeAoIQj5lhd
dsqFVYcwtBNzzzIjOhyipMmbYyunsUQZWtzl7gaMa9a6ELbB5h8Z3evDmq91FrrF
6iRghpem0EnV0pmU8qfFu0FKO/jLPM4QmI49g9GmyGsXVwrwoRTH2q3thh5s30YA
R8qyc5Mao3gmbObojwYsslKlvkNkWrVwm2x9S5U5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu23b7V8gG42S1TqRe8kW0TLXP/EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U3YjdiYzkzLTg3ZDctNGYwNi1hMGUwLTAzOTYwMGU0NTI1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAN5W6AwDQYJKoZIhvcNAQELBQADggEBAKtOWdb8rleAQnrlZf4l+9fvFSTD
b55za5WXYRydDEVL0l030PieoASkP7f7FCPOU+LQn5t8R2yOPvfUsfSJq42XWfAn
J5B2MnBKMvTeEPs8WtXQcZknUwcCfJR+ByW6N5OGr4TOQoZbw458STnLWos5Olxb
YJIPFir6s/kiih4REM3rv0Ll7Iqyz7NVyxxyhSSOH0fSjaip5UM/4vURVNbqybiM
tczb4mfaTZyXo9iWi3Lzszx8L6fCHJD+UBbV0/3CwtEO6QS0YCY0o1IiP896pk75
8ac4V/1Y2aC+dpGzyq1jiAiEz2bEuiu/NRncQtBAWyxceg84eWJrOaXUmxs=
-----END CERTIFICATE-----