Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f6be9ff-ec25-42f0-a6d3-52cca0ff8f59.roa
File:                     3f6be9ff-ec25-42f0-a6d3-52cca0ff8f59.roa (raw, json)
Hash identifier:          lD9R4KJmlH7iLT2EyVVUpHZCLphPN/TBB7+k8lN1/O4=
Subject key identifier:   72:6A:37:D5:D8:D6:50:02:E2:BA:74:48:76:20:34:5E:1E:6B:2E:BD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58FDA16ECE9346847CE5ABF3D66B92A24CD71FE4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f6be9ff-ec25-42f0-a6d3-52cca0ff8f59.roa
Signing time:             Fri 25 Apr 2025 00:50:28 +0000
ROA not before:           Fri 25 Apr 2025 00:50:28 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.248.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:fd:a1:6e:ce:93:46:84:7c:e5:ab:f3:d6:6b:92:a2:4c:d7:1f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 25 00:50:28 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=9fda60270bbeb468b25bdce6d5ba8540cffe2ff5458d295753cf00501d942453, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:af:4f:25:fb:c2:e9:88:3d:08:fc:c3:9d:dd:
                    b9:1f:48:65:bf:08:46:d1:40:80:b7:3e:73:41:3c:
                    e3:a3:fa:91:95:69:89:59:7b:db:08:38:62:8a:01:
                    ec:4b:fc:4e:ec:f7:fe:ef:9a:c1:97:36:65:c0:38:
                    60:c2:3e:49:ed:04:d3:53:d7:fd:34:ae:6a:5f:9f:
                    0b:07:50:fc:12:95:67:c8:99:97:f2:c3:fd:df:42:
                    cf:ed:4f:d8:3e:82:28:cd:31:11:b3:81:9e:32:41:
                    83:91:39:0b:7b:b9:72:c1:49:75:f3:4d:8e:08:2f:
                    7b:9c:b9:37:5c:6b:08:73:14:e8:b5:d5:47:3a:66:
                    26:cc:5f:34:ce:7e:8f:3a:dd:22:ca:c0:90:ce:ca:
                    4f:18:7f:71:8a:26:7a:3b:b3:c4:01:cd:bc:8d:35:
                    d1:df:df:63:8f:0f:e3:d9:91:4f:6c:00:ec:49:59:
                    b6:56:f4:2f:59:53:b7:cd:75:e2:5c:0d:b3:4d:e5:
                    4f:a9:8b:eb:6f:f6:28:4d:55:a4:68:83:ee:c2:75:
                    22:cf:c4:38:f8:81:a5:1d:a6:c2:a3:58:fa:8b:37:
                    58:a2:91:5e:20:19:d6:1c:f8:d0:bd:8d:19:d2:39:
                    c9:24:16:5e:60:a2:ae:24:07:ed:20:fe:d9:6b:f7:
                    4e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:6A:37:D5:D8:D6:50:02:E2:BA:74:48:76:20:34:5E:1E:6B:2E:BD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f6be9ff-ec25-42f0-a6d3-52cca0ff8f59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.248.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         33:a7:f2:85:01:bc:d3:e9:34:fd:0e:a3:1f:e7:66:b5:4a:ba:
         e7:96:93:b8:43:a7:68:6b:4d:40:d1:45:be:fb:dd:c7:08:75:
         cb:f9:7d:d6:80:5f:2f:58:2e:97:93:49:b4:21:f0:9a:39:a8:
         30:e1:67:51:78:f4:ed:d4:bb:26:d2:5d:42:10:d1:44:04:27:
         73:6f:7c:f0:69:36:8c:81:48:45:6e:f0:9c:c3:87:43:34:90:
         12:a0:d8:57:1d:b5:fe:57:1f:b9:d7:74:25:12:36:6d:89:15:
         da:25:3b:ff:41:72:91:36:aa:43:f3:db:0d:b2:f4:59:94:39:
         01:36:8b:69:61:a5:1a:10:8b:a0:d7:0c:21:b1:c1:01:49:65:
         a3:45:75:09:65:61:40:63:19:59:df:6f:42:eb:64:3b:7a:c6:
         d3:85:d1:a6:0c:e3:1b:2d:49:7d:dd:1b:2e:b3:b1:61:9a:ee:
         64:5f:0d:6f:b2:be:e6:c6:5b:6f:53:43:3c:e5:07:55:7c:b4:
         bc:96:f2:3f:a8:87:9a:eb:5f:0d:56:36:8c:63:dc:83:ae:08:
         66:ac:86:e0:80:d3:29:bc:81:6b:65:64:78:31:3b:d7:20:7b:
         dd:97:93:31:36:0c:1a:ee:26:60:6e:51:4d:15:21:b1:bf:08:
         da:a5:95:12
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWP2hbs6TRoR85avz1muSokzXH+QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI1MDA1MDI4WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZmRhNjAyNzBiYmViNDY4YjI1YmRjZTZkNWJhODU0MGNm
ZmUyZmY1NDU4ZDI5NTc1M2NmMDA1MDFkOTQyNDUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyr08l+8LpiD0I/MOd3bkfSGW/CEbRQIC3PnNBPOOj+pGV
aYlZe9sIOGKKAexL/E7s9/7vmsGXNmXAOGDCPkntBNNT1/00rmpfnwsHUPwSlWfI
mZfyw/3fQs/tT9g+gijNMRGzgZ4yQYOROQt7uXLBSXXzTY4IL3ucuTdcawhzFOi1
1Uc6ZibMXzTOfo863SLKwJDOyk8Yf3GKJno7s8QBzbyNNdHf32OPD+PZkU9sAOxJ
WbZW9C9ZU7fNdeJcDbNN5U+pi+tv9ihNVaRog+7CdSLPxDj4gaUdpsKjWPqLN1ii
kV4gGdYc+NC9jRnSOckkFl5goq4kB+0g/tlr9045AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcmo31djWUALiunRIdiA0Xh5rLr0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmNmJlOWZmLWVjMjUtNDJmMC1hNmQzLTUyY2NhMGZmOGY1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4+DANBgkqhkiG9w0BAQsFAAOCAQEAM6fyhQG80+k0/Q6jH+dmtUq655aT
uEOnaGtNQNFFvvvdxwh1y/l91oBfL1gul5NJtCHwmjmoMOFnUXj07dS7JtJdQhDR
RAQnc2988Gk2jIFIRW7wnMOHQzSQEqDYVx21/lcfudd0JRI2bYkV2iU7/0FykTaq
Q/PbDbL0WZQ5ATaLaWGlGhCLoNcMIbHBAUllo0V1CWVhQGMZWd9vQutkO3rG04XR
pgzjGy1Jfd0bLrOxYZruZF8Nb7K+5sZbb1NDPOUHVXy0vJbyP6iHmutfDVY2jGPc
g64IZqyG4IDTKbyBa2VkeDE71yB73ZeTMTYMGu4mYG5RTRUhsb8I2qWVEg==
-----END CERTIFICATE-----