Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87966aa0-29fc-4d5a-857a-c8beff6b182c.roa
File:                     87966aa0-29fc-4d5a-857a-c8beff6b182c.roa (raw, json)
Hash identifier:          uyDDtCVwgMhbjGK5PxIXxClm7XT3CLsGfmnUtCoMWPc=
Subject key identifier:   D9:FB:18:7D:FA:7B:B3:28:D9:9D:EC:E2:74:F7:68:73:F5:C3:37:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2ED54F94FF14A0D7D88140446CEE69D34DF5A7DA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87966aa0-29fc-4d5a-857a-c8beff6b182c.roa
Signing time:             Sat 06 Sep 2025 00:50:57 +0000
ROA not before:           Sat 06 Sep 2025 00:50:57 +0000
ROA not after:            Sat 11 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.41.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 07 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:d5:4f:94:ff:14:a0:d7:d8:81:40:44:6c:ee:69:d3:4d:f5:a7:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep  6 00:50:57 2025 GMT
            Not After : Oct 11 23:59:59 2025 GMT
        Subject: serialNumber=2b723ffd7d940e30513a5685285379c1707dc885bcbadb22a40f6e1cee2711ac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f2:82:93:c2:c4:98:e3:41:bc:da:60:5e:cb:
                    6f:5b:37:f4:fe:0a:a4:70:ae:1d:d8:4b:b0:0f:47:
                    89:06:46:cd:b6:5e:54:4e:e6:f0:44:47:34:9a:89:
                    e2:2e:31:68:84:47:00:b4:76:4f:d9:5a:6e:db:25:
                    2a:cd:b6:cb:be:9e:93:e8:5c:4b:d3:d8:94:59:4f:
                    48:12:ab:98:c9:45:43:78:ff:03:0f:76:9c:ce:36:
                    a0:24:c4:4a:00:04:d6:a6:1d:07:53:83:f8:b3:51:
                    1a:f5:fa:cb:6f:e0:81:35:fd:f8:db:33:d8:02:94:
                    e5:03:dc:20:2b:3d:57:bd:f9:6a:90:1d:51:eb:25:
                    fb:ac:7c:da:d9:ef:6f:e8:97:3f:b3:30:e2:a5:fc:
                    67:cd:70:80:3d:79:25:dd:28:81:a8:77:45:0d:1c:
                    7c:19:50:4e:cf:67:a6:e9:7a:ba:bd:47:60:c2:ab:
                    be:6f:5c:ba:e5:9d:2d:0d:78:f5:53:13:a8:fa:12:
                    1f:ba:c7:03:e5:2d:aa:86:e6:db:86:b5:37:b0:8a:
                    03:35:9b:98:ab:2c:0f:2f:da:70:2e:ef:7c:61:b5:
                    4f:42:9a:b1:01:5d:69:e3:8d:35:e8:8d:38:4b:ff:
                    6d:c8:53:31:1b:66:96:b6:43:1b:d5:43:3a:d6:ea:
                    9b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:FB:18:7D:FA:7B:B3:28:D9:9D:EC:E2:74:F7:68:73:F5:C3:37:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87966aa0-29fc-4d5a-857a-c8beff6b182c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.41.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:3d:1c:08:f9:7c:a4:10:8f:69:15:36:0f:e0:38:8e:c6:15:
         1e:56:c8:02:8b:e0:5b:6e:af:31:d4:e5:d8:36:a2:05:6d:0d:
         d7:d0:f4:d0:57:87:d6:18:cf:f5:49:45:62:ca:1d:33:6c:a7:
         25:66:3a:1b:ed:08:c2:8a:4c:88:fa:70:49:4e:d9:6f:09:86:
         79:bb:b7:75:a7:51:ba:76:eb:42:cf:36:64:1b:8d:91:71:82:
         ad:4c:65:f0:a2:80:9f:41:ea:d5:6c:00:07:af:f6:ca:57:c1:
         5a:9d:85:58:28:a5:0f:b5:a2:12:59:fb:7b:1e:4d:06:26:6a:
         5c:46:fb:dd:98:e9:87:7f:69:0a:96:e0:85:cb:8e:9e:50:56:
         c6:5c:23:98:97:23:f4:58:15:b2:f7:0c:88:9e:79:b5:43:4d:
         3a:74:3c:56:02:bd:e7:1f:37:8b:cd:8a:29:a9:79:f7:66:21:
         f4:74:99:49:ce:1d:be:49:21:65:9e:a6:97:f0:96:29:1e:cf:
         5d:1a:ef:ed:f4:f8:54:ea:68:c0:81:40:45:51:03:c4:a6:d8:
         cd:6e:06:f6:63:da:78:24:7c:60:34:96:5d:e4:c4:3b:a3:8e:
         71:59:5e:0b:6c:45:f0:45:21:55:13:ab:e2:1c:38:61:09:b2:
         09:69:5f:8c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULtVPlP8UoNfYgUBEbO5p0031p9owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTA2MDA1MDU3WhcNMjUxMDExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjcyM2ZmZDdkOTQwZTMwNTEzYTU2ODUyODUzNzljMTcw
N2RjODg1YmNiYWRiMjJhNDBmNmUxY2VlMjcxMWFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC58oKTwsSY40G82mBey29bN/T+CqRwrh3YS7APR4kGRs22
XlRO5vBERzSaieIuMWiERwC0dk/ZWm7bJSrNtsu+npPoXEvT2JRZT0gSq5jJRUN4
/wMPdpzONqAkxEoABNamHQdTg/izURr1+stv4IE1/fjbM9gClOUD3CArPVe9+WqQ
HVHrJfusfNrZ72/olz+zMOKl/GfNcIA9eSXdKIGod0UNHHwZUE7PZ6bperq9R2DC
q75vXLrlnS0NePVTE6j6Eh+6xwPlLaqG5tuGtTewigM1m5irLA8v2nAu73xhtU9C
mrEBXWnjjTXojThL/23IUzEbZpa2QxvVQzrW6pvNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2fsYffp7syjZnezidPdoc/XDN2kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg3OTY2YWEwLTI5ZmMtNGQ1YS04NTdhLWM4YmVmZjZiMTgyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBIKTANBgkqhkiG9w0BAQsFAAOCAQEACj0cCPl8pBCPaRU2D+A4jsYVHlbI
AovgW26vMdTl2DaiBW0N19D00FeH1hjP9UlFYsodM2ynJWY6G+0IwopMiPpwSU7Z
bwmGebu3dadRunbrQs82ZBuNkXGCrUxl8KKAn0Hq1WwAB6/2ylfBWp2FWCilD7Wi
Eln7ex5NBiZqXEb73Zjph39pCpbghcuOnlBWxlwjmJcj9FgVsvcMiJ55tUNNOnQ8
VgK95x83i82KKal592Yh9HSZSc4dvkkhZZ6ml/CWKR7PXRrv7fT4VOpowIFARVED
xKbYzW4G9mPaeCR8YDSWXeTEO6OOcVleC2xF8EUhVROr4hw4YQmyCWlfjA==
-----END CERTIFICATE-----