Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dbee296-ec09-48ec-b119-3d727f285355.roa
File:                     3dbee296-ec09-48ec-b119-3d727f285355.roa (raw, json)
Hash identifier:          gTNnYdUPjOR1WqMGBtrAoiDBo8owzNfg9F4brtTAzsk=
Subject key identifier:   F2:BB:0E:60:E7:79:DC:41:C2:8C:3E:E1:79:EE:64:AB:68:B6:F7:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       792186AAD7B95CF87FEBF66CCE63D0085D55A7C2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dbee296-ec09-48ec-b119-3d727f285355.roa
Signing time:             Fri 15 Aug 2025 00:51:08 +0000
ROA not before:           Fri 15 Aug 2025 00:51:08 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.150.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:21:86:aa:d7:b9:5c:f8:7f:eb:f6:6c:ce:63:d0:08:5d:55:a7:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 15 00:51:08 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=bfbf929f74ce4f7807936586dc2e6d4f6d63e5f6d319027a555b8b6c28d6d145, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c8:51:d7:51:be:a2:da:2b:56:9d:f6:c6:66:
                    76:16:7d:11:d7:2f:79:9e:ea:fa:12:26:d4:2d:b8:
                    9d:18:be:fd:7c:e7:9d:09:6e:c9:a2:89:d8:a9:d6:
                    03:40:4e:71:2e:09:07:7c:41:aa:22:0d:88:16:c0:
                    97:b3:65:46:eb:39:c2:31:c2:c2:a3:38:e2:b5:b0:
                    11:f5:2b:c3:22:0f:ff:09:2c:bd:a8:22:b8:ed:74:
                    4c:08:90:b8:48:cd:f5:1e:6f:bc:63:46:77:5e:bd:
                    cd:b9:50:82:46:de:a0:cf:f7:38:57:f7:6a:4b:00:
                    b7:e3:4a:be:23:dd:d1:54:60:69:9e:73:32:5d:5a:
                    94:40:5d:99:b7:95:f3:2c:fa:ae:ed:1b:46:dc:58:
                    ab:d6:2b:42:8d:9d:3b:8e:8f:5d:8f:0e:64:46:d4:
                    3c:82:79:89:e0:95:49:2b:79:d9:a1:e0:28:66:55:
                    b3:64:d5:d5:37:88:82:8e:c2:ca:8c:ce:b9:54:61:
                    31:92:3e:c2:d9:04:0d:24:1a:cc:f0:3b:b8:90:e0:
                    c9:e2:4d:ed:90:c8:e2:e6:bb:a1:f2:9b:21:c1:c1:
                    70:94:ea:4e:62:20:f1:94:c1:df:e9:f6:23:39:fc:
                    3d:18:f1:1d:ce:47:a4:a6:01:6c:bd:bd:be:5d:06:
                    f4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BB:0E:60:E7:79:DC:41:C2:8C:3E:E1:79:EE:64:AB:68:B6:F7:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dbee296-ec09-48ec-b119-3d727f285355.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.150.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cd:94:6e:07:95:3a:e2:09:53:69:32:1f:c0:32:50:cf:9d:69:
         75:63:76:27:d4:6b:9a:2a:da:6c:39:fd:0f:cb:14:51:06:e0:
         7f:9f:e0:7f:ab:af:1b:fc:6a:7e:25:cd:08:0d:c5:6a:4c:de:
         f9:02:35:bb:a0:b0:da:e6:72:23:1d:7a:40:33:25:7b:eb:47:
         fa:8a:2e:fa:bc:76:d3:99:8b:cf:97:9e:96:76:33:3e:7a:71:
         94:43:2e:0c:cf:77:7f:15:4f:e9:de:7d:9e:38:4b:73:61:5b:
         35:0b:0c:bb:6b:6d:df:78:6c:92:c1:e9:ab:35:cc:bb:0a:9e:
         cb:f4:52:06:f8:14:84:7f:f4:7f:b1:38:ed:5d:71:37:40:3c:
         7b:ac:d3:fc:b7:de:f7:15:c7:5c:0a:8c:94:f4:62:94:40:12:
         e5:29:a2:d2:6c:49:6f:b6:d0:26:73:8a:58:a2:f2:e8:78:b9:
         74:35:ce:46:d7:97:05:e1:25:b4:d3:a4:5e:74:44:fb:ba:46:
         36:02:3d:b7:11:89:d1:2d:55:6e:22:d2:11:de:42:e2:64:b3:
         73:7f:44:6c:73:a0:34:cf:3a:88:65:db:5a:1d:8d:8f:23:7c:
         56:4e:91:a9:95:08:f6:54:7c:58:93:a2:13:1f:b5:65:8d:0a:
         22:28:67:8d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeSGGqte5XPh/6/ZszmPQCF1Vp8IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE1MDA1MTA4WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmJmOTI5Zjc0Y2U0Zjc4MDc5MzY1ODZkYzJlNmQ0ZjZk
NjNlNWY2ZDMxOTAyN2E1NTViOGI2YzI4ZDZkMTQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5yFHXUb6i2itWnfbGZnYWfRHXL3me6voSJtQtuJ0Yvv18
550Jbsmiidip1gNATnEuCQd8QaoiDYgWwJezZUbrOcIxwsKjOOK1sBH1K8MiD/8J
LL2oIrjtdEwIkLhIzfUeb7xjRndevc25UIJG3qDP9zhX92pLALfjSr4j3dFUYGme
czJdWpRAXZm3lfMs+q7tG0bcWKvWK0KNnTuOj12PDmRG1DyCeYnglUkredmh4Chm
VbNk1dU3iIKOwsqMzrlUYTGSPsLZBA0kGszwO7iQ4MniTe2QyOLmu6HymyHBwXCU
6k5iIPGUwd/p9iM5/D0Y8R3OR6SmAWy9vb5dBvQZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8rsOYOd53EHCjD7hee5kq2i2928wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkYmVlMjk2LWVjMDktNDhlYy1iMTE5LTNkNzI3ZjI4NTM1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoljANBgkqhkiG9w0BAQsFAAOCAQEAzZRuB5U64glTaTIfwDJQz51pdWN2
J9RrmirabDn9D8sUUQbgf5/gf6uvG/xqfiXNCA3Fakze+QI1u6Cw2uZyIx16QDMl
e+tH+oou+rx205mLz5eelnYzPnpxlEMuDM93fxVP6d59njhLc2FbNQsMu2tt33hs
ksHpqzXMuwqey/RSBvgUhH/0f7E47V1xN0A8e6zT/Lfe9xXHXAqMlPRilEAS5Smi
0mxJb7bQJnOKWKLy6Hi5dDXORteXBeEltNOkXnRE+7pGNgI9txGJ0S1VbiLSEd5C
4mSzc39EbHOgNM86iGXbWh2NjyN8Vk6RqZUI9lR8WJOiEx+1ZY0KIihnjQ==
-----END CERTIFICATE-----