Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/25948a2b-e584-4f1c-b0bf-a7f467c73fa5.roa
File:                     25948a2b-e584-4f1c-b0bf-a7f467c73fa5.roa (raw, json)
Hash identifier:          l4C2BNdTBvQDgTrLvs4Qj53Ey8X/AdC/8DgFFGjto88=
Subject key identifier:   B0:19:7E:BE:46:F3:4F:42:F8:D9:7F:27:D5:9C:20:28:68:7B:F0:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       588623C4C5F0F46C8D11EE2F1B7CC90A876E6BB6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/25948a2b-e584-4f1c-b0bf-a7f467c73fa5.roa
Signing time:             Mon 04 Aug 2025 17:41:04 +0000
ROA not before:           Mon 04 Aug 2025 17:41:04 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.15.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:86:23:c4:c5:f0:f4:6c:8d:11:ee:2f:1b:7c:c9:0a:87:6e:6b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 17:41:04 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=3831251f516418fa4bdcd714574647bf89d771bbfc2ed8231352d854ae28332e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:62:c7:f3:25:5c:47:35:dc:2f:b0:01:c2:04:
                    81:e3:e2:25:ec:eb:7d:fb:9a:e0:20:6e:08:c1:12:
                    59:15:27:81:4f:7f:e1:6a:e2:62:49:f8:f5:b8:ab:
                    d6:e0:c2:1b:87:95:9e:fc:0b:b0:12:52:33:e4:a0:
                    55:b9:8d:6c:42:e7:52:ad:e0:f8:71:24:66:2a:ff:
                    d6:d7:5c:41:eb:2c:c0:d2:b7:13:73:3d:3a:43:45:
                    b3:e7:2a:61:10:94:65:36:ad:2f:d2:db:82:10:6d:
                    d2:5c:da:49:44:db:32:8b:7d:bf:9f:87:0a:ea:83:
                    69:2b:9c:86:3d:65:97:58:83:d4:aa:d8:50:d4:32:
                    ee:42:2b:41:f7:c7:36:d0:2a:af:36:65:67:62:36:
                    bb:77:e9:1e:db:8e:80:66:1f:1d:64:76:a9:cb:fc:
                    c3:0f:76:32:c9:ab:97:ee:21:43:3a:84:01:c6:23:
                    00:a3:62:f6:75:5b:f0:f3:84:a3:2d:b5:39:1c:8a:
                    73:9f:be:42:70:b2:dd:3d:3a:4e:f5:dd:83:84:a7:
                    ab:e8:20:56:26:bd:d5:ab:95:9f:e0:d1:6e:e9:4a:
                    44:12:b9:ef:0d:ab:88:41:91:19:38:7b:b7:53:f7:
                    12:6d:1b:82:a1:dc:05:5b:8a:da:65:20:98:ec:c7:
                    07:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:19:7E:BE:46:F3:4F:42:F8:D9:7F:27:D5:9C:20:28:68:7B:F0:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/25948a2b-e584-4f1c-b0bf-a7f467c73fa5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.15.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:e1:50:f9:79:2c:d4:bf:c1:8b:e0:b7:bc:f5:a8:7c:2b:7d:
         71:94:fc:81:94:6c:d1:82:24:85:13:72:91:f7:55:8e:3e:af:
         f1:c8:18:e4:10:10:aa:62:31:16:bb:26:d6:f5:1d:13:b8:4e:
         2c:72:30:5d:83:28:56:b2:28:d6:12:ae:27:31:76:a7:24:6e:
         ec:c7:35:83:ac:d6:a2:90:d3:44:d4:a3:3d:cb:78:97:12:53:
         ce:65:c6:86:5c:9e:b3:38:f3:75:94:41:bd:1e:dd:ba:52:0f:
         dd:e5:2b:1c:1f:52:08:cc:2f:c8:3d:ac:6e:0d:9e:b6:23:85:
         72:a5:3f:39:7c:c2:42:a4:c8:bb:9d:f0:b6:d0:de:48:f8:ba:
         84:d9:76:99:a3:82:31:27:2c:51:69:a4:c1:f6:9e:1b:14:27:
         ff:e4:8e:27:eb:dc:7c:55:76:a9:0e:be:3c:4f:dc:d0:b0:aa:
         6a:b7:0b:a2:ce:03:ba:7a:e0:c0:20:2c:94:6d:79:0d:e6:cd:
         35:84:46:38:88:34:1c:ab:32:d4:f9:c9:ab:7d:e7:4b:c8:a8:
         ab:d2:2d:a5:64:3e:1b:4e:0f:1c:4d:06:37:de:b8:40:e1:a6:
         db:8c:b1:48:58:76:06:25:bc:95:d1:2c:87:04:4f:38:71:30:
         76:c3:56:49
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWIYjxMXw9GyNEe4vG3zJCodua7YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTc0MTA0WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzODMxMjUxZjUxNjQxOGZhNGJkY2Q3MTQ1NzQ2NDdiZjg5
ZDc3MWJiZmMyZWQ4MjMxMzUyZDg1NGFlMjgzMzJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6YsfzJVxHNdwvsAHCBIHj4iXs6337muAgbgjBElkVJ4FP
f+Fq4mJJ+PW4q9bgwhuHlZ78C7ASUjPkoFW5jWxC51Kt4PhxJGYq/9bXXEHrLMDS
txNzPTpDRbPnKmEQlGU2rS/S24IQbdJc2klE2zKLfb+fhwrqg2krnIY9ZZdYg9Sq
2FDUMu5CK0H3xzbQKq82ZWdiNrt36R7bjoBmHx1kdqnL/MMPdjLJq5fuIUM6hAHG
IwCjYvZ1W/DzhKMttTkcinOfvkJwst09Ok713YOEp6voIFYmvdWrlZ/g0W7pSkQS
ue8Nq4hBkRk4e7dT9xJtG4Kh3AVbitplIJjsxwczAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsBl+vkbzT0L42X8n1ZwgKGh78EMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1OTQ4YTJiLWU1ODQtNGYxYy1iMGJmLWE3ZjQ2N2M3M2ZhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4DzANBgkqhkiG9w0BAQsFAAOCAQEApOFQ+Xks1L/Bi+C3vPWofCt9cZT8
gZRs0YIkhRNykfdVjj6v8cgY5BAQqmIxFrsm1vUdE7hOLHIwXYMoVrIo1hKuJzF2
pyRu7Mc1g6zWopDTRNSjPct4lxJTzmXGhlyeszjzdZRBvR7dulIP3eUrHB9SCMwv
yD2sbg2etiOFcqU/OXzCQqTIu53wttDeSPi6hNl2maOCMScsUWmkwfaeGxQn/+SO
J+vcfFV2qQ6+PE/c0LCqarcLos4DunrgwCAslG15DebNNYRGOIg0HKsy1PnJq33n
S8ioq9ItpWQ+G04PHE0GN964QOGm24yxSFh2BiW8ldEshwRPOHEwdsNWSQ==
-----END CERTIFICATE-----