Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2983c2e1-ba11-40a6-9ad5-b5b22db61183.roa
File:                     2983c2e1-ba11-40a6-9ad5-b5b22db61183.roa (raw, json)
Hash identifier:          JlMaErim/ef3aP4otCDXArEZxEox9mfszhbi5vhS0BE=
Subject key identifier:   80:65:75:AC:95:13:93:37:DF:5D:8E:62:A9:6F:1C:7B:64:D3:A2:0D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0FE96696E386FC4BD1EAC74F8F3EF912658C136D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2983c2e1-ba11-40a6-9ad5-b5b22db61183.roa
Signing time:             Mon 23 Jun 2025 15:02:49 +0000
ROA not before:           Mon 23 Jun 2025 15:02:49 +0000
ROA not after:            Mon 28 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.1.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e9:66:96:e3:86:fc:4b:d1:ea:c7:4f:8f:3e:f9:12:65:8c:13:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 23 15:02:49 2025 GMT
            Not After : Jul 28 23:59:59 2025 GMT
        Subject: serialNumber=e2a4da3d7860394eb233650a769e430d6044bc9b571a55fc8dec7fc729d3eac0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d3:80:a5:94:80:f5:0d:84:8f:12:82:2b:fe:
                    ec:bf:29:91:e3:69:b4:40:dd:6c:ad:ba:65:16:ec:
                    44:f8:6c:91:6f:da:f3:04:4d:16:50:d6:a5:64:77:
                    6e:b9:b2:87:c2:72:12:56:ba:ac:d3:47:59:ed:35:
                    2b:87:29:4e:50:1b:ea:60:ef:ec:f1:c2:7c:2e:1b:
                    04:37:f1:18:c7:56:b1:12:a0:b4:ff:d9:e0:a6:a4:
                    ae:50:6e:bc:7c:ed:6a:53:ad:2d:13:32:32:f0:e1:
                    7f:e7:95:c3:8c:3c:a3:92:85:7c:5f:10:25:d3:da:
                    22:ec:03:32:d3:9a:4e:ce:3c:60:e0:e3:23:9d:f4:
                    ed:39:3a:cd:a9:05:b0:41:73:35:f9:17:2d:e4:25:
                    2e:71:74:4f:14:44:d8:3a:61:b6:ab:b6:0e:a6:63:
                    30:da:0f:f9:67:0e:7f:75:75:1b:df:c6:a9:ce:fd:
                    64:9b:04:62:c9:1b:6d:3d:4d:e7:54:e3:ca:8b:d1:
                    cb:32:4c:76:e7:43:8e:05:40:9d:63:f5:37:6c:72:
                    cb:3f:3c:54:fc:ec:90:6e:e2:40:9c:3f:74:93:cb:
                    9b:4d:68:3f:7b:28:a4:e8:20:0d:74:d5:eb:71:c9:
                    7c:76:48:61:41:98:f1:15:ee:c2:a6:56:22:f3:76:
                    c9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:65:75:AC:95:13:93:37:DF:5D:8E:62:A9:6F:1C:7B:64:D3:A2:0D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2983c2e1-ba11-40a6-9ad5-b5b22db61183.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.1.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b8:14:39:fd:1f:9e:a3:17:00:0e:8e:20:ce:95:94:b7:40:6f:
         1a:fd:c1:2f:36:e1:ab:ae:f6:16:46:b2:55:f1:0f:b3:b8:49:
         8c:88:f7:aa:b3:1b:78:7d:a0:4e:5e:e6:fe:d7:50:3f:18:34:
         1b:4f:35:27:0a:b9:0e:b8:cc:f0:9e:8b:c2:68:15:6a:19:3f:
         1f:af:14:ad:fa:3b:83:bb:2f:d7:c8:e4:fa:cb:6e:5b:40:d7:
         1a:96:6a:80:49:86:65:5a:99:ba:5d:9e:98:21:bb:d7:80:b1:
         96:d2:98:c2:51:1f:31:71:b6:ac:c0:18:e6:e7:b2:7b:92:76:
         69:36:7d:55:46:0c:8b:90:66:d0:ec:d3:0b:f6:87:78:f4:94:
         14:91:91:3d:80:52:a1:8b:fa:8d:77:07:d7:39:38:b5:38:98:
         77:db:83:f2:00:4d:8a:62:88:36:09:90:4f:4f:4b:37:b8:ff:
         e6:a4:e7:b8:a3:bd:2a:49:5e:1f:f9:4e:79:2e:91:20:c9:41:
         12:8e:25:12:f0:7d:e8:93:5f:a0:62:4a:3e:06:78:be:49:89:
         13:5a:b4:ff:19:84:4a:c0:31:71:73:2b:64:0e:56:91:5c:05:
         3b:d6:cf:88:0c:d3:d7:2e:17:07:1f:28:e5:1a:21:16:3a:e4:
         89:3c:e5:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUD+lmluOG/EvR6sdPjz75EmWME20wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjIzMTUwMjQ5WhcNMjUwNzI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmE0ZGEzZDc4NjAzOTRlYjIzMzY1MGE3NjllNDMwZDYw
NDRiYzliNTcxYTU1ZmM4ZGVjN2ZjNzI5ZDNlYWMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE04CllID1DYSPEoIr/uy/KZHjabRA3WytumUW7ET4bJFv
2vMETRZQ1qVkd265sofCchJWuqzTR1ntNSuHKU5QG+pg7+zxwnwuGwQ38RjHVrES
oLT/2eCmpK5Qbrx87WpTrS0TMjLw4X/nlcOMPKOShXxfECXT2iLsAzLTmk7OPGDg
4yOd9O05Os2pBbBBczX5Fy3kJS5xdE8URNg6Ybartg6mYzDaD/lnDn91dRvfxqnO
/WSbBGLJG209TedU48qL0csyTHbnQ44FQJ1j9Tdscss/PFT87JBu4kCcP3STy5tN
aD97KKToIA101etxyXx2SGFBmPEV7sKmViLzdslHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgGV1rJUTkzffXY5iqW8ce2TTog0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5ODNjMmUxLWJhMTEtNDBhNi05YWQ1LWI1YjIyZGI2MTE4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIATANBgkqhkiG9w0BAQsFAAOCAQEAuBQ5/R+eoxcADo4gzpWUt0BvGv3B
Lzbhq672FkayVfEPs7hJjIj3qrMbeH2gTl7m/tdQPxg0G081Jwq5DrjM8J6LwmgV
ahk/H68Urfo7g7sv18jk+stuW0DXGpZqgEmGZVqZul2emCG714CxltKYwlEfMXG2
rMAY5ueye5J2aTZ9VUYMi5Bm0OzTC/aHePSUFJGRPYBSoYv6jXcH1zk4tTiYd9uD
8gBNimKINgmQT09LN7j/5qTnuKO9KkleH/lOeS6RIMlBEo4lEvB96JNfoGJKPgZ4
vkmJE1q0/xmESsAxcXMrZA5WkVwFO9bPiAzT1y4XBx8o5RohFjrkiTzlKw==
-----END CERTIFICATE-----