Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa
File:                     6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa (raw, json)
Hash identifier:          flDG4X+2ubQk5/Bzwa9eNqQTrO8sJxV6op+oOlRzRc8=
Subject key identifier:   21:5A:71:02:35:8F:4F:D1:5F:6E:44:1F:C0:4C:D0:6E:B7:01:00:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31F544806AEBDDA19F0F83E1CE813BCE6C6CAEA0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa
Signing time:             Sat 10 May 2025 00:10:47 +0000
ROA not before:           Sat 10 May 2025 00:10:47 +0000
ROA not after:            Sat 14 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.126.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 14 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:f5:44:80:6a:eb:dd:a1:9f:0f:83:e1:ce:81:3b:ce:6c:6c:ae:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 10 00:10:47 2025 GMT
            Not After : Jun 14 23:59:59 2025 GMT
        Subject: serialNumber=654440a155190dbab7ece70430770430e55ef30eb5b097b41b7618a6d65ba123, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:94:e8:5d:99:4a:3b:9f:8e:42:d8:5c:ba:7a:
                    39:4f:cb:df:d7:a3:27:92:44:f1:d9:86:56:49:2d:
                    a4:06:bb:0b:9c:44:b2:d8:c0:87:96:19:fd:1a:7a:
                    de:42:84:8e:1c:60:09:b0:db:fd:fe:72:de:b4:50:
                    46:9d:0f:cd:87:7b:36:01:44:e3:5c:00:fb:94:d3:
                    e9:c8:2c:92:1f:30:04:b8:f9:e6:9d:a8:95:c0:7d:
                    2e:b2:79:30:e2:30:e4:01:89:b6:44:7a:7b:5a:77:
                    83:df:48:74:c1:a8:5a:70:e1:ba:e4:ce:69:5d:4b:
                    79:b6:7b:ea:98:be:34:ef:8a:b6:73:97:a5:7d:0a:
                    6d:15:ef:35:8c:79:fb:9e:78:cc:db:84:a1:83:97:
                    66:50:1d:6e:44:1d:7c:73:e4:ae:48:5c:41:2c:71:
                    60:c6:9b:b9:c5:47:c7:bb:a0:1c:e9:c7:07:38:c0:
                    a5:59:ac:9f:4b:ee:be:a0:05:e6:c4:1d:6e:38:bb:
                    84:92:0d:ae:06:22:ae:71:af:a1:fb:9a:1d:7f:40:
                    1f:cf:be:d7:f2:b5:f2:8e:72:d8:c7:60:37:ff:93:
                    48:b7:7e:6e:1c:77:b4:f6:fc:50:21:4e:59:ac:57:
                    e5:65:a4:3c:e7:97:c3:34:59:e5:f0:92:cd:47:a6:
                    83:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:5A:71:02:35:8F:4F:D1:5F:6E:44:1F:C0:4C:D0:6E:B7:01:00:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.126.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         26:8e:d3:a3:db:f0:b7:b5:4d:7a:4d:0f:58:90:e8:37:77:1b:
         10:e8:ce:25:bd:9f:86:ce:13:dc:24:1f:7b:31:7f:2f:18:48:
         4d:ea:35:2b:3f:04:66:09:fd:83:58:d2:81:2c:bd:32:d9:a6:
         20:58:36:a5:93:f9:62:c4:a9:7d:09:6e:d2:4b:7e:9d:8b:bd:
         5d:b9:a7:be:0a:5a:e3:4f:81:a7:0e:09:35:f2:b4:65:a0:e1:
         ae:c4:6c:e7:42:61:d3:0c:5c:6e:d3:d4:1c:73:bd:e4:be:ae:
         51:dc:34:59:a3:e6:a8:15:c5:20:8b:e4:3d:e9:7e:5f:42:62:
         52:c9:ce:c8:ea:4f:5c:b9:eb:bb:6b:5d:6f:33:2f:69:2d:40:
         fd:49:81:66:be:40:04:c7:1a:2a:07:a7:df:a1:03:e7:d7:5a:
         59:26:cd:d2:2c:d9:4e:17:5a:77:b0:34:4e:6e:aa:cd:76:19:
         c2:6d:24:7f:3d:d6:22:c4:64:f8:b4:d9:65:ed:84:bd:94:0c:
         06:60:7a:b0:e9:dc:bb:af:9e:b1:6a:bc:92:50:1a:92:1a:94:
         90:d9:4c:c2:21:32:45:49:b3:ab:6e:c7:16:8b:b2:43:e2:e8:
         11:12:0a:21:69:a0:2e:5e:71:f0:0a:e2:84:7d:4d:cc:bb:87:
         68:34:76:93
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMfVEgGrr3aGfD4PhzoE7zmxsrqAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTEwMDAxMDQ3WhcNMjUwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NTQ0NDBhMTU1MTkwZGJhYjdlY2U3MDQzMDc3MDQzMGU1
NWVmMzBlYjViMDk3YjQxYjc2MThhNmQ2NWJhMTIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXlOhdmUo7n45C2Fy6ejlPy9/XoyeSRPHZhlZJLaQGuwuc
RLLYwIeWGf0aet5ChI4cYAmw2/3+ct60UEadD82HezYBRONcAPuU0+nILJIfMAS4
+eadqJXAfS6yeTDiMOQBibZEentad4PfSHTBqFpw4brkzmldS3m2e+qYvjTvirZz
l6V9Cm0V7zWMefueeMzbhKGDl2ZQHW5EHXxz5K5IXEEscWDGm7nFR8e7oBzpxwc4
wKVZrJ9L7r6gBebEHW44u4SSDa4GIq5xr6H7mh1/QB/PvtfytfKOctjHYDf/k0i3
fm4cd7T2/FAhTlmsV+VlpDznl8M0WeXwks1HpoOlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIVpxAjWPT9FfbkQfwEzQbrcBAE4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmYWFmNGNhLTVlMzMtNGRkMy1iMTI5LTUxNGI0MGM4NTU1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4fjANBgkqhkiG9w0BAQsFAAOCAQEAJo7To9vwt7VNek0PWJDoN3cbEOjO
Jb2fhs4T3CQfezF/LxhITeo1Kz8EZgn9g1jSgSy9MtmmIFg2pZP5YsSpfQlu0kt+
nYu9Xbmnvgpa40+Bpw4JNfK0ZaDhrsRs50Jh0wxcbtPUHHO95L6uUdw0WaPmqBXF
IIvkPel+X0JiUsnOyOpPXLnru2tdbzMvaS1A/UmBZr5ABMcaKgen36ED59daWSbN
0izZThdad7A0Tm6qzXYZwm0kfz3WIsRk+LTZZe2EvZQMBmB6sOncu6+esWq8klAa
khqUkNlMwiEyRUmzq27HFouyQ+LoERIKIWmgLl5x8ArihH1NzLuHaDR2kw==
-----END CERTIFICATE-----