Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94a7c917-6869-4830-9bca-db6ddd98328b.roa
File:                     94a7c917-6869-4830-9bca-db6ddd98328b.roa (raw, json)
Hash identifier:          qRITAgJPScobi5awT7OnhzAlVbM1MrLrA13bFtAjv6o=
Subject key identifier:   F4:07:83:07:98:1B:C1:ED:D2:6C:7E:D4:7D:39:8A:0D:1B:CC:BD:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       340B44827EE6DE9BD918E834F991B1375FD633BC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94a7c917-6869-4830-9bca-db6ddd98328b.roa
Signing time:             Tue 02 Sep 2025 00:20:23 +0000
ROA not before:           Tue 02 Sep 2025 00:20:23 +0000
ROA not after:            Tue 07 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.110.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 07 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:0b:44:82:7e:e6:de:9b:d9:18:e8:34:f9:91:b1:37:5f:d6:33:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep  2 00:20:23 2025 GMT
            Not After : Oct  7 23:59:59 2025 GMT
        Subject: serialNumber=b2f49d2b13b6dd1034f852d970ebfcaf0c167d10ff29106a13eeb67ef368347d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8d:76:ec:6a:54:fe:f5:0f:a1:06:ab:32:26:
                    21:f1:e7:35:a3:57:4a:4d:39:23:d2:76:e1:b8:66:
                    26:74:56:2b:7e:c6:3a:08:2d:48:7d:54:73:78:99:
                    cf:81:58:27:c5:b7:37:b6:4a:c1:7b:65:73:c8:26:
                    8d:e8:1e:ab:2e:8b:88:ad:b5:74:ee:21:6a:0c:1b:
                    56:85:e5:8d:5b:82:35:58:43:37:af:3c:9a:24:d4:
                    95:e9:9f:44:a2:88:dc:ff:76:e5:17:50:40:cd:7c:
                    ae:fc:a4:1c:5b:c7:c4:ab:5f:f4:8a:ca:ea:de:f2:
                    a7:cf:ed:0a:41:7a:e7:f0:7e:d6:10:64:88:0e:36:
                    c4:66:cd:9a:c1:43:55:36:05:5a:b3:10:43:5b:22:
                    d1:fc:13:d0:f7:e3:44:c6:d7:f5:14:e1:0f:27:da:
                    7c:d0:4a:9e:4c:85:8d:cd:e8:bd:d9:82:2d:e8:03:
                    26:d2:62:85:63:15:92:57:9f:37:de:c2:bf:55:e9:
                    af:c9:27:c7:c6:bf:45:8c:47:46:fd:e0:c4:ed:be:
                    cc:40:b3:cf:a0:ca:4a:41:5c:ac:68:4a:93:de:d2:
                    96:48:13:c9:0d:3e:d0:63:79:c4:4f:7c:9a:ec:91:
                    ca:bd:f5:a8:6e:a9:53:eb:d1:0e:f6:a9:97:a1:be:
                    9e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:07:83:07:98:1B:C1:ED:D2:6C:7E:D4:7D:39:8A:0D:1B:CC:BD:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94a7c917-6869-4830-9bca-db6ddd98328b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.110.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:76:00:00:1d:17:b8:eb:37:cc:23:25:b9:f9:bb:52:c7:f8:
         b8:94:8e:9b:77:e6:5a:5c:51:b8:4f:cd:4b:46:f0:65:78:1a:
         f2:27:6e:f4:e4:d3:59:47:af:4f:f9:b8:99:56:38:14:6c:e6:
         71:16:18:2e:14:c9:b8:c1:36:ba:ed:11:c2:ac:b4:b9:ca:f2:
         ea:07:21:19:e5:3a:e2:6f:05:5a:eb:59:b1:c0:03:bc:a9:a9:
         23:fb:8c:de:c7:cd:b3:2b:75:be:11:bc:02:15:ca:5b:74:09:
         3b:63:a7:10:d0:59:ed:96:23:00:e8:3f:1a:44:c1:43:7b:d4:
         10:ef:3c:81:78:1c:8e:fb:c5:ec:bd:f7:d1:e5:79:62:86:6e:
         3e:da:d3:74:32:d2:98:11:53:ba:9b:ae:3b:65:86:38:1e:ce:
         1d:34:10:98:3f:93:a7:29:d0:83:53:cb:a2:b1:66:00:b6:98:
         16:60:e3:70:b3:2e:8f:02:2b:1d:43:c1:56:50:0e:7e:6c:19:
         c6:e8:e3:07:cf:3f:63:3c:aa:99:12:5a:91:81:e8:07:60:ff:
         d6:cc:09:63:f9:40:95:ca:ce:3b:fc:69:85:64:3f:3b:3d:86:
         60:98:6f:61:e8:5a:27:c0:66:ec:2c:82:fe:66:b5:47:ad:d7:
         76:28:57:14
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNAtEgn7m3pvZGOg0+ZGxN1/WM7wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTAyMDAyMDIzWhcNMjUxMDA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMmY0OWQyYjEzYjZkZDEwMzRmODUyZDk3MGViZmNhZjBj
MTY3ZDEwZmYyOTEwNmExM2VlYjY3ZWYzNjgzNDdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCujXbsalT+9Q+hBqsyJiHx5zWjV0pNOSPSduG4ZiZ0Vit+
xjoILUh9VHN4mc+BWCfFtze2SsF7ZXPIJo3oHqsui4ittXTuIWoMG1aF5Y1bgjVY
QzevPJok1JXpn0SiiNz/duUXUEDNfK78pBxbx8SrX/SKyure8qfP7QpBeufwftYQ
ZIgONsRmzZrBQ1U2BVqzEENbItH8E9D340TG1/UU4Q8n2nzQSp5MhY3N6L3Zgi3o
AybSYoVjFZJXnzfewr9V6a/JJ8fGv0WMR0b94MTtvsxAs8+gykpBXKxoSpPe0pZI
E8kNPtBjecRPfJrskcq99ahuqVPr0Q72qZehvp6DAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9AeDB5gbwe3SbH7UfTmKDRvMvTMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0YTdjOTE3LTY4NjktNDgzMC05YmNhLWRiNmRkZDk4MzI4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4bjANBgkqhkiG9w0BAQsFAAOCAQEAm3YAAB0XuOs3zCMlufm7Usf4uJSO
m3fmWlxRuE/NS0bwZXga8idu9OTTWUevT/m4mVY4FGzmcRYYLhTJuME2uu0Rwqy0
ucry6gchGeU64m8FWutZscADvKmpI/uM3sfNsyt1vhG8AhXKW3QJO2OnENBZ7ZYj
AOg/GkTBQ3vUEO88gXgcjvvF7L330eV5YoZuPtrTdDLSmBFTupuuO2WGOB7OHTQQ
mD+TpynQg1PLorFmALaYFmDjcLMujwIrHUPBVlAOfmwZxujjB88/YzyqmRJakYHo
B2D/1swJY/lAlcrOO/xphWQ/Oz2GYJhvYehaJ8Bm7CyC/ma1R63XdihXFA==
-----END CERTIFICATE-----