Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e472895-b434-4391-8576-749405dc5ab2.roa
File:                     4e472895-b434-4391-8576-749405dc5ab2.roa (raw, json)
Hash identifier:          zB/13jkevCo7uUwC/4tl3XkY5zTFsueQCDl52+Rb4k4=
Subject key identifier:   22:C2:24:F0:B7:35:B2:BC:C0:0D:C0:D5:00:90:B2:6D:53:6A:BC:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2D7A9C048C0523CDD239D9843C32E60817579FC0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e472895-b434-4391-8576-749405dc5ab2.roa
Signing time:             Fri 18 Jul 2025 00:31:55 +0000
ROA not before:           Fri 18 Jul 2025 00:31:55 +0000
ROA not after:            Fri 22 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.104.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 24 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:7a:9c:04:8c:05:23:cd:d2:39:d9:84:3c:32:e6:08:17:57:9f:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 18 00:31:55 2025 GMT
            Not After : Aug 22 23:59:59 2025 GMT
        Subject: serialNumber=02510fede3f4980ef8e0c6731d8eec0a2a8b60b578835e6768ec3144ed1ecb1d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:68:4e:32:5d:c9:c2:74:96:8e:de:8e:6f:18:
                    70:70:dd:fb:ae:16:21:50:9a:e1:64:33:0f:b8:6e:
                    dc:76:57:5c:40:fb:35:08:69:8b:9f:92:1f:62:ab:
                    bd:55:75:1f:74:be:4d:e0:12:9d:c9:00:be:d9:2f:
                    ed:49:f5:0b:38:8c:99:af:a4:59:4d:20:bc:73:70:
                    33:5e:00:0a:eb:c9:49:d8:4f:ee:00:56:49:c4:04:
                    c5:9f:8d:44:56:4c:01:9a:f7:50:65:cb:60:d0:9a:
                    cc:32:d3:86:32:f0:78:1d:e9:dc:3f:5d:1d:18:c5:
                    50:4b:b3:45:09:74:df:d5:5e:49:59:bd:fb:aa:f0:
                    8e:26:54:34:96:55:a4:98:76:cb:9e:35:28:6e:f3:
                    ca:b0:e3:8b:c9:65:df:8b:c1:e3:50:b8:65:aa:44:
                    07:4a:2e:e7:e3:5f:2e:6f:b5:d5:2e:c9:f6:86:50:
                    11:b3:2b:32:02:31:6e:9e:d9:ff:ef:0a:28:da:93:
                    b5:77:e6:ed:1b:26:1e:a5:bb:a7:66:11:b8:c9:af:
                    8b:bc:6a:85:3a:2c:40:d8:38:fa:87:f2:88:51:2e:
                    f9:d0:49:e2:33:b0:44:c5:96:0c:30:9d:48:79:d0:
                    89:71:d4:42:8f:46:ec:79:c0:03:b4:92:51:c3:a4:
                    35:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C2:24:F0:B7:35:B2:BC:C0:0D:C0:D5:00:90:B2:6D:53:6A:BC:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e472895-b434-4391-8576-749405dc5ab2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.104.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         18:40:ee:18:1f:10:5e:e6:fd:c1:e8:17:d0:a9:e1:14:e3:aa:
         4e:0d:dd:67:91:c3:35:2f:cc:e8:90:cc:25:96:2f:26:d7:2a:
         3d:66:e5:a6:1b:24:dc:58:db:e6:7a:95:30:fe:67:12:bf:84:
         16:b6:0c:81:23:83:64:d8:ec:0d:81:54:a7:64:76:41:91:08:
         cc:59:32:26:86:75:c4:2b:99:5e:67:19:79:e3:43:36:14:45:
         51:bc:fa:17:a8:05:91:ea:ff:bb:ee:c4:4d:89:72:81:f9:2a:
         98:09:09:d0:69:ea:ad:d2:a9:81:9c:1e:d1:f4:30:41:0e:11:
         1c:94:0d:73:75:d3:51:97:3a:21:8d:83:31:26:56:a8:b4:ed:
         a5:c7:b9:25:f5:be:a2:fe:43:8f:20:75:29:a9:c6:f7:2e:e9:
         91:cc:b2:25:2e:75:4e:3c:0d:da:81:ab:69:d1:77:c2:7f:89:
         e7:be:e3:44:3a:2f:ab:09:04:df:af:a0:0b:b7:9d:5c:63:87:
         1a:a4:e1:83:0f:6f:93:1a:53:7c:44:f2:4c:df:bc:0c:87:f7:
         ca:a8:66:71:1f:29:c9:e7:78:25:37:5b:83:4f:d1:8f:a0:21:
         18:1f:fd:75:31:fa:04:c9:cf:b5:45:3d:ea:fb:da:a0:2c:f2:
         e4:e2:3f:bc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULXqcBIwFI83SOdmEPDLmCBdXn8AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE4MDAzMTU1WhcNMjUwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjUxMGZlZGUzZjQ5ODBlZjhlMGM2NzMxZDhlZWMwYTJh
OGI2MGI1Nzg4MzVlNjc2OGVjMzE0NGVkMWVjYjFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGaE4yXcnCdJaO3o5vGHBw3fuuFiFQmuFkMw+4btx2V1xA
+zUIaYufkh9iq71VdR90vk3gEp3JAL7ZL+1J9Qs4jJmvpFlNILxzcDNeAArryUnY
T+4AVknEBMWfjURWTAGa91Bly2DQmswy04Yy8Hgd6dw/XR0YxVBLs0UJdN/VXklZ
vfuq8I4mVDSWVaSYdsueNShu88qw44vJZd+LweNQuGWqRAdKLufjXy5vtdUuyfaG
UBGzKzICMW6e2f/vCijak7V35u0bJh6lu6dmEbjJr4u8aoU6LEDYOPqH8ohRLvnQ
SeIzsETFlgwwnUh50Ilx1EKPRux5wAO0klHDpDU1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIsIk8Lc1srzADcDVAJCybVNqvCgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRlNDcyODk1LWI0MzQtNDM5MS04NTc2LTc0OTQwNWRjNWFiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4aDANBgkqhkiG9w0BAQsFAAOCAQEAGEDuGB8QXub9wegX0KnhFOOqTg3d
Z5HDNS/M6JDMJZYvJtcqPWblphsk3Fjb5nqVMP5nEr+EFrYMgSODZNjsDYFUp2R2
QZEIzFkyJoZ1xCuZXmcZeeNDNhRFUbz6F6gFker/u+7ETYlygfkqmAkJ0GnqrdKp
gZwe0fQwQQ4RHJQNc3XTUZc6IY2DMSZWqLTtpce5JfW+ov5DjyB1KanG9y7pkcyy
JS51TjwN2oGradF3wn+J577jRDovqwkE36+gC7edXGOHGqThgw9vkxpTfETyTN+8
DIf3yqhmcR8pyed4JTdbg0/Rj6AhGB/9dTH6BMnPtUU96vvaoCzy5OI/vA==
-----END CERTIFICATE-----