Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40f26a4b-62f1-40da-8ebc-27801bd5f757.roa
File:                     40f26a4b-62f1-40da-8ebc-27801bd5f757.roa (raw, json)
Hash identifier:          wryhCDpR/6866BCkvcxQFA9TEZC5mi5+9ysH9NXL7MM=
Subject key identifier:   55:B2:63:FB:BD:E3:F9:18:0D:2F:79:F8:62:F2:D6:2F:A1:DC:52:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       06E044FD7EAF71C44BD0E7EF2AA3ADA9F7849D17
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40f26a4b-62f1-40da-8ebc-27801bd5f757.roa
Signing time:             Tue 12 Aug 2025 00:01:58 +0000
ROA not before:           Tue 12 Aug 2025 00:01:58 +0000
ROA not after:            Tue 16 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.95.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:e0:44:fd:7e:af:71:c4:4b:d0:e7:ef:2a:a3:ad:a9:f7:84:9d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 12 00:01:58 2025 GMT
            Not After : Sep 16 23:59:59 2025 GMT
        Subject: serialNumber=8cffe7b4a1d13900c44a97a19450c97f5bd6698f54ef466e6a0a5120caccd7fd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:47:93:14:45:72:2d:2f:12:1b:b2:4c:2f:4e:
                    63:2f:d7:7d:fa:aa:22:c4:f6:fa:00:58:24:4c:05:
                    71:2d:b8:4f:3d:90:be:93:a4:ef:09:5d:9d:da:f1:
                    bf:cf:a3:a5:06:5e:36:a9:48:51:7f:11:0c:96:39:
                    0e:13:4a:3e:90:ca:55:89:6a:b1:4c:a3:57:88:8d:
                    b3:54:f6:5f:1a:7c:83:74:b9:80:5f:5e:f6:fa:5a:
                    34:18:19:af:01:ce:3e:27:d4:b3:96:f3:14:95:b5:
                    66:35:a3:93:5e:07:ec:d1:5d:f7:45:1d:1b:eb:f7:
                    62:b7:48:8a:22:85:7a:6d:c5:b5:bc:ca:cb:5a:20:
                    22:72:7d:ec:5e:00:1e:d0:34:17:63:bb:1f:9f:2b:
                    a2:b1:66:54:3a:be:ee:d7:48:23:55:17:d7:99:a1:
                    d6:07:78:76:2f:e9:f9:0f:c4:fc:56:19:12:40:ec:
                    6e:4f:07:e7:2f:6c:e2:07:20:4d:08:e0:1f:38:e9:
                    fa:20:b5:ea:28:e7:c6:8f:bd:de:f3:8b:bb:52:f7:
                    02:5e:86:e6:64:4f:b0:d8:8e:85:47:d6:fa:61:f8:
                    69:4c:c8:55:3f:f0:0e:10:40:48:10:b4:e5:21:6f:
                    52:87:8f:b4:3b:29:f9:20:b8:d9:70:b9:b9:5b:99:
                    7a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B2:63:FB:BD:E3:F9:18:0D:2F:79:F8:62:F2:D6:2F:A1:DC:52:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40f26a4b-62f1-40da-8ebc-27801bd5f757.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.95.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c7:d1:bb:17:c6:0c:72:77:d2:69:d6:f4:cc:cd:1b:7f:4b:c7:
         5d:79:85:a6:bb:b2:b5:5c:1f:26:af:b4:8f:4b:42:9b:e1:31:
         ce:ad:e5:bf:0e:66:dd:86:9a:0c:cc:97:33:6f:97:6e:5e:d1:
         fd:58:55:47:eb:b3:be:89:9e:b5:8b:07:35:40:cb:08:8a:f5:
         5c:3c:e1:55:20:7e:69:b5:ee:0c:02:47:00:d5:36:49:d8:03:
         c7:9d:ff:1d:11:83:3c:1b:5b:de:00:99:b4:9a:15:3d:5b:26:
         a3:ab:d2:93:22:d8:5f:10:6b:0b:f8:14:de:e2:a7:62:1a:d9:
         5c:c7:80:63:1e:1a:66:1e:3f:b7:20:f1:ac:c2:95:b2:0c:4d:
         3e:21:57:ce:08:8f:8a:65:cd:35:3d:87:56:34:6d:ed:5c:c6:
         b8:75:a5:10:d9:40:00:25:cf:23:f3:f1:71:90:c8:20:43:f4:
         d0:49:06:48:4f:a8:b0:2e:ff:a5:28:9d:96:e8:2a:ee:05:1d:
         2e:3a:cc:a0:2c:f8:cf:ed:79:97:80:ca:76:96:72:b9:d0:65:
         45:9e:1b:66:b2:eb:01:f7:66:7a:90:cf:f0:79:aa:04:bd:74:
         24:2a:7f:4e:e2:79:7d:fe:20:a2:6e:a7:2a:90:1b:85:25:5a:
         c8:28:c2:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBuBE/X6vccRL0OfvKqOtqfeEnRcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEyMDAwMTU4WhcNMjUwOTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2ZmZTdiNGExZDEzOTAwYzQ0YTk3YTE5NDUwYzk3ZjVi
ZDY2OThmNTRlZjQ2NmU2YTBhNTEyMGNhY2NkN2ZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjR5MURXItLxIbskwvTmMv1336qiLE9voAWCRMBXEtuE89
kL6TpO8JXZ3a8b/Po6UGXjapSFF/EQyWOQ4TSj6QylWJarFMo1eIjbNU9l8afIN0
uYBfXvb6WjQYGa8Bzj4n1LOW8xSVtWY1o5NeB+zRXfdFHRvr92K3SIoihXptxbW8
ystaICJyfexeAB7QNBdjux+fK6KxZlQ6vu7XSCNVF9eZodYHeHYv6fkPxPxWGRJA
7G5PB+cvbOIHIE0I4B846fogteoo58aPvd7zi7tS9wJehuZkT7DYjoVH1vph+GlM
yFU/8A4QQEgQtOUhb1KHj7Q7KfkguNlwublbmXqlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVbJj+73j+RgNL3n4YvLWL6HcUgEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQwZjI2YTRiLTYyZjEtNDBkYS04ZWJjLTI3ODAxYmQ1Zjc1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQXzANBgkqhkiG9w0BAQsFAAOCAQEAx9G7F8YMcnfSadb0zM0bf0vHXXmF
pruytVwfJq+0j0tCm+Exzq3lvw5m3YaaDMyXM2+Xbl7R/VhVR+uzvometYsHNUDL
CIr1XDzhVSB+abXuDAJHANU2SdgDx53/HRGDPBtb3gCZtJoVPVsmo6vSkyLYXxBr
C/gU3uKnYhrZXMeAYx4aZh4/tyDxrMKVsgxNPiFXzgiPimXNNT2HVjRt7VzGuHWl
ENlAACXPI/PxcZDIIEP00EkGSE+osC7/pSidlugq7gUdLjrMoCz4z+15l4DKdpZy
udBlRZ4bZrLrAfdmepDP8HmqBL10JCp/TuJ5ff4gom6nKpAbhSVayCjCYQ==
-----END CERTIFICATE-----