Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cfc7c17-cd85-463f-abbc-88fa8bb68af4.roa
File:                     3cfc7c17-cd85-463f-abbc-88fa8bb68af4.roa (raw, json)
Hash identifier:          qkcCrRrSvdZ14Jl7NcLg880u28phiPjDy5KWwGSpUF0=
Subject key identifier:   6E:FA:49:EE:07:09:EE:83:86:D0:0E:4E:0C:B3:9F:99:73:4E:0F:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       75A7BB007C14E621AF0641BEAEE0AEBC1756514B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cfc7c17-cd85-463f-abbc-88fa8bb68af4.roa
Signing time:             Fri 13 Jun 2025 00:31:40 +0000
ROA not before:           Fri 13 Jun 2025 00:31:40 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.56.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:a7:bb:00:7c:14:e6:21:af:06:41:be:ae:e0:ae:bc:17:56:51:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 00:31:40 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=0daffc76ea4be4796e5480af9064aeef53a8e361a12c9a149516823ea8fce97f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1a:d0:01:16:2a:e1:bb:f2:88:97:5a:1e:3d:
                    46:28:fa:33:91:bc:31:0f:3a:ad:2f:23:d2:37:54:
                    5f:90:58:f0:77:f8:6f:1e:94:6f:48:99:f4:d7:10:
                    3c:1b:0a:11:c8:8c:03:2c:37:b7:04:1e:17:62:21:
                    1a:8c:da:86:34:18:db:73:a2:bb:b0:08:58:df:65:
                    76:98:04:18:3d:fa:50:47:43:dc:3f:e3:93:2c:5a:
                    0a:d8:c5:6c:67:2d:ea:dc:52:09:5f:f8:1b:5b:52:
                    7b:59:be:48:69:d8:53:7a:89:b5:a0:b6:4a:ce:e9:
                    23:c7:c5:ed:06:e6:f7:6e:99:b9:de:49:a8:12:6e:
                    96:0a:29:55:4b:7c:4e:07:6f:81:a3:9b:59:00:34:
                    70:6c:a5:ac:55:62:d6:43:b5:14:9c:d0:5d:53:ee:
                    a2:fc:7a:5e:1c:cd:58:d8:2a:f5:e6:75:b9:c3:ba:
                    e2:8e:18:a6:d8:df:fe:7c:c9:97:50:68:44:ca:64:
                    8e:2e:29:be:67:ad:d6:13:8d:74:46:73:b4:33:c8:
                    45:25:14:41:d9:ac:4a:55:c4:39:e2:9a:60:81:9a:
                    5b:e3:17:94:c8:21:1b:b7:15:8c:c6:ab:b8:89:5d:
                    bc:e5:71:a9:db:40:72:3d:a1:ab:6e:53:38:a2:e0:
                    cb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:FA:49:EE:07:09:EE:83:86:D0:0E:4E:0C:B3:9F:99:73:4E:0F:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cfc7c17-cd85-463f-abbc-88fa8bb68af4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.56.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         3e:2b:1f:7a:d8:30:20:d1:9e:26:c4:7f:44:16:6b:91:e0:8f:
         a7:14:35:3e:d0:d9:e0:8f:ed:9f:3d:20:f3:1b:00:2b:6d:16:
         b9:9c:48:d5:6d:86:f2:92:7b:9c:f1:62:f1:3c:c2:b8:33:8e:
         b6:02:69:08:f6:50:8e:26:af:16:b0:42:bb:bb:06:5b:e3:dc:
         8c:71:d7:df:76:e1:24:a8:46:8a:f2:57:de:20:50:d3:32:8b:
         8f:76:e3:73:6f:cf:c1:28:2f:54:dd:ea:df:43:9d:b3:1d:35:
         e3:2c:f1:84:7c:39:bd:28:bc:a6:dd:4d:f6:50:af:04:be:fd:
         71:5d:23:e1:b2:d4:af:c4:a2:51:26:d9:7e:1f:f6:e9:d2:e0:
         fa:ba:c6:2e:e5:fa:a5:5b:03:4b:89:dc:3e:2b:dd:a8:18:98:
         d9:a3:c0:4e:4d:23:b5:2f:70:89:8d:4a:51:00:b7:2f:c2:06:
         57:dc:86:ee:ec:9f:7a:5a:16:56:11:d0:1a:aa:1a:b4:88:a6:
         46:e2:98:ed:4e:17:3d:84:dc:2c:67:45:84:f0:ca:f1:14:a7:
         02:c9:43:54:41:e4:5b:41:9c:3d:f8:e8:55:0a:a8:4e:9e:0a:
         64:c2:4f:83:de:0b:51:9c:e4:c7:fa:67:42:cf:ba:07:a7:57:
         19:f5:af:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdae7AHwU5iGvBkG+ruCuvBdWUUswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMDAzMTQwWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGFmZmM3NmVhNGJlNDc5NmU1NDgwYWY5MDY0YWVlZjUz
YThlMzYxYTEyYzlhMTQ5NTE2ODIzZWE4ZmNlOTdmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjGtABFirhu/KIl1oePUYo+jORvDEPOq0vI9I3VF+QWPB3
+G8elG9ImfTXEDwbChHIjAMsN7cEHhdiIRqM2oY0GNtzoruwCFjfZXaYBBg9+lBH
Q9w/45MsWgrYxWxnLercUglf+BtbUntZvkhp2FN6ibWgtkrO6SPHxe0G5vdumbne
SagSbpYKKVVLfE4Hb4Gjm1kANHBspaxVYtZDtRSc0F1T7qL8el4czVjYKvXmdbnD
uuKOGKbY3/58yZdQaETKZI4uKb5nrdYTjXRGc7QzyEUlFEHZrEpVxDnimmCBmlvj
F5TIIRu3FYzGq7iJXbzlcanbQHI9oatuUzii4MvRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbvpJ7gcJ7oOG0A5ODLOfmXNOD4wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjZmM3YzE3LWNkODUtNDYzZi1hYmJjLTg4ZmE4YmI2OGFmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYQOIAwDQYJKoZIhvcNAQELBQADggEBAD4rH3rYMCDRnibEf0QWa5Hgj6cU
NT7Q2eCP7Z89IPMbACttFrmcSNVthvKSe5zxYvE8wrgzjrYCaQj2UI4mrxawQru7
Blvj3Ixx19924SSoRoryV94gUNMyi49243Nvz8EoL1Td6t9DnbMdNeMs8YR8Ob0o
vKbdTfZQrwS+/XFdI+Gy1K/EolEm2X4f9unS4Pq6xi7l+qVbA0uJ3D4r3agYmNmj
wE5NI7UvcImNSlEAty/CBlfchu7sn3paFlYR0BqqGrSIpkbimO1OFz2E3CxnRYTw
yvEUpwLJQ1RB5FtBnD346FUKqE6eCmTCT4PeC1Gc5Mf6Z0LPugenVxn1r48=
-----END CERTIFICATE-----