Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf6bc7b7-b5c5-4c39-8b0f-c9fbf1805308.roa
File:                     cf6bc7b7-b5c5-4c39-8b0f-c9fbf1805308.roa (raw, json)
Hash identifier:          Y8321lHDoQiInRm0HLJNVUyDnCBpK/iNhYGwBN/CaHM=
Subject key identifier:   47:38:5B:42:C0:45:E9:AD:AF:AA:3F:8C:21:B3:78:AE:71:C4:39:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CD56B6D46888AAA4F56673893A66825F6143D68
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf6bc7b7-b5c5-4c39-8b0f-c9fbf1805308.roa
Signing time:             Wed 02 Apr 2025 00:20:56 +0000
ROA not before:           Wed 02 Apr 2025 00:20:56 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.59.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:d5:6b:6d:46:88:8a:aa:4f:56:67:38:93:a6:68:25:f6:14:3d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  2 00:20:56 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9c:75:e2:62:bd:61:32:57:5f:74:bf:a3:76:
                    1d:34:36:43:e8:b0:aa:48:0a:86:06:ab:54:ea:47:
                    f9:ab:59:18:c5:df:0d:d9:3d:d9:de:d4:71:27:7b:
                    1d:8e:a9:b6:30:f8:98:36:44:98:ac:01:e2:58:b1:
                    58:14:28:7f:20:93:25:a2:8f:67:42:d6:cc:df:33:
                    40:fb:ec:7d:ee:fa:18:c9:21:af:14:92:8f:d3:f4:
                    e2:52:03:fa:36:c1:63:89:a7:9b:9f:72:6d:d1:6e:
                    e8:12:31:e3:cc:95:4b:c8:3f:02:8a:d0:2d:5d:c3:
                    6c:9d:d6:a0:c6:04:a3:e3:a1:fd:f5:5c:d9:82:4e:
                    51:39:59:a9:da:95:d7:21:fd:50:96:3b:1e:08:2b:
                    a1:54:56:8a:cb:40:a6:78:e8:a3:f6:1b:f2:4e:7e:
                    c2:27:d9:30:e1:42:81:20:03:08:58:5c:e0:55:37:
                    16:af:ff:f4:ce:da:e2:7c:1a:d7:a2:c0:83:77:e4:
                    8b:d5:62:9b:bd:d1:9e:f4:ba:b0:7e:ec:83:d1:fd:
                    56:28:06:4b:c8:c2:2b:dd:16:d6:98:31:84:99:3d:
                    3e:e0:46:a9:29:f3:42:53:18:16:51:ac:b6:bb:f3:
                    01:d0:df:9b:77:60:dc:3b:ae:d6:de:d8:a7:4c:93:
                    36:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:38:5B:42:C0:45:E9:AD:AF:AA:3F:8C:21:B3:78:AE:71:C4:39:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf6bc7b7-b5c5-4c39-8b0f-c9fbf1805308.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.59.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:83:5c:88:93:c7:c0:1d:96:a8:e0:17:55:d2:96:35:52:42:
         4a:f9:b5:20:f8:36:00:bc:b7:48:c8:35:cf:a0:36:67:9d:99:
         75:94:42:24:c5:ab:b4:08:99:ac:1c:a5:60:7d:93:69:41:f9:
         b5:15:17:ed:6e:16:55:5d:41:3d:d4:54:79:e3:ce:cc:4e:17:
         0e:78:0d:00:fd:f8:5e:96:68:79:f6:6e:90:06:c8:5a:64:f1:
         5a:ec:32:03:07:6c:37:80:0c:b6:97:d1:c7:6b:66:f7:73:6f:
         3f:83:1f:c3:9b:8f:56:c9:65:c5:25:29:54:50:83:14:3c:a0:
         98:0d:6e:94:03:7b:a5:41:0a:97:d7:a8:77:ee:bb:dc:de:be:
         23:ca:8f:9b:ba:5a:e3:b6:8f:0a:bc:ca:b3:1d:4f:b9:7b:3e:
         5b:71:6d:9b:eb:ec:e3:57:22:7d:d1:4f:f0:60:c6:67:f6:b4:
         41:3a:3f:67:d9:2d:08:2f:d5:8a:1e:08:00:84:69:e9:25:42:
         a6:ac:8d:fe:02:3f:89:ea:d7:09:70:7c:5a:4d:88:d9:ac:41:
         7b:2d:2d:a3:69:57:ea:ba:b6:bd:9b:f3:ea:a4:e9:bf:77:a1:
         07:3d:de:62:8e:b2:fc:d1:56:86:b4:b0:70:7e:7f:59:93:92:
         a8:3b:a1:85
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPNVrbUaIiqpPVmc4k6ZoJfYUPWgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAyMDAyMDU2WhcNMjUwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODY0OTVhMzYyYWQ1NzdkZWQwNTE4N2U3NjcwZTQyNGMy
MjcyODZhNDllNmFmOTZlZGU5ZTk2MDI2YmQ3ZDE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2nHXiYr1hMldfdL+jdh00NkPosKpICoYGq1TqR/mrWRjF
3w3ZPdne1HEnex2OqbYw+Jg2RJisAeJYsVgUKH8gkyWij2dC1szfM0D77H3u+hjJ
Ia8Uko/T9OJSA/o2wWOJp5ufcm3RbugSMePMlUvIPwKK0C1dw2yd1qDGBKPjof31
XNmCTlE5Wanaldch/VCWOx4IK6FUVorLQKZ46KP2G/JOfsIn2TDhQoEgAwhYXOBV
Nxav//TO2uJ8GteiwIN35IvVYpu90Z70urB+7IPR/VYoBkvIwivdFtaYMYSZPT7g
Rqkp80JTGBZRrLa78wHQ35t3YNw7rtbe2KdMkzbHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURzhbQsBF6a2vqj+MIbN4rnHEOeYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmNmJjN2I3LWI1YzUtNGMzOS04YjBmLWM5ZmJmMTgwNTMwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4OzANBgkqhkiG9w0BAQsFAAOCAQEAG4NciJPHwB2WqOAXVdKWNVJCSvm1
IPg2ALy3SMg1z6A2Z52ZdZRCJMWrtAiZrBylYH2TaUH5tRUX7W4WVV1BPdRUeePO
zE4XDngNAP34XpZoefZukAbIWmTxWuwyAwdsN4AMtpfRx2tm93NvP4Mfw5uPVsll
xSUpVFCDFDygmA1ulAN7pUEKl9eod+673N6+I8qPm7pa47aPCrzKsx1PuXs+W3Ft
m+vs41cifdFP8GDGZ/a0QTo/Z9ktCC/Vih4IAIRp6SVCpqyN/gI/ierXCXB8Wk2I
2axBey0to2lX6rq2vZvz6qTpv3ehBz3eYo6y/NFWhrSwcH5/WZOSqDuhhQ==
-----END CERTIFICATE-----