Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98cc72ea-914b-406d-a713-eb0cb9240ff9.roa
File:                     98cc72ea-914b-406d-a713-eb0cb9240ff9.roa (raw, json)
Hash identifier:          mO8l9mCfGTFfC6eJ/44ME6mEP9qzzuHkaH/f5qb3Z3E=
Subject key identifier:   67:23:CA:1F:21:26:8C:54:19:49:CD:87:BA:55:73:C7:2F:BC:8F:B4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44E6EE7F409715F372653EC95643970DA79184F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98cc72ea-914b-406d-a713-eb0cb9240ff9.roa
Signing time:             Wed 25 Jun 2025 00:11:29 +0000
ROA not before:           Wed 25 Jun 2025 00:11:29 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.187.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 04 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:e6:ee:7f:40:97:15:f3:72:65:3e:c9:56:43:97:0d:a7:91:84:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 25 00:11:29 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=8a18e40226f91715646e3e156ecb3ebd10e409d4f1bfad1c23750e83f0a75d34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8e:51:1e:86:82:1e:e5:5c:75:ef:9c:ef:4f:
                    fe:44:9d:be:da:26:bf:5c:90:91:7e:08:80:31:4c:
                    de:a1:59:73:fd:fb:7c:bb:8a:59:4e:50:f4:c3:c6:
                    36:5f:80:11:0c:97:12:9d:1b:3d:ae:4f:48:08:3b:
                    45:c1:ab:6a:9d:2d:54:71:e0:b0:82:68:f1:3e:eb:
                    4c:aa:ed:26:2a:a6:83:7d:18:33:43:60:9f:4c:76:
                    ae:c2:3e:17:2e:eb:90:86:2e:86:6b:2f:d6:d3:9e:
                    6c:48:7f:27:ed:41:2d:96:df:da:b8:5c:51:f8:c6:
                    13:7d:22:3f:8e:fb:fb:5a:95:f2:5b:56:13:6c:f9:
                    71:18:61:aa:4e:08:0b:53:e4:68:3e:dd:dc:bf:c5:
                    e9:06:38:4e:9c:5b:3c:95:a7:3c:13:b3:bd:d2:17:
                    86:35:a4:85:57:10:8d:ac:cc:51:89:2c:7f:71:f2:
                    8b:32:28:a6:06:d3:eb:1f:e8:5e:10:9f:08:a8:60:
                    34:b1:34:56:50:44:3b:89:e1:81:85:09:dc:7c:19:
                    da:1d:43:d5:c5:4c:86:0a:1b:72:ef:bb:81:86:e3:
                    88:94:e9:de:5c:bf:13:30:17:58:ca:b5:01:c9:4e:
                    c4:e2:d9:2a:03:9b:0b:2c:fb:e5:8d:31:f2:13:05:
                    22:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:23:CA:1F:21:26:8C:54:19:49:CD:87:BA:55:73:C7:2F:BC:8F:B4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98cc72ea-914b-406d-a713-eb0cb9240ff9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:c2:c4:ea:29:11:93:62:23:3f:e2:5a:1d:f5:30:63:95:5f:
         08:7d:99:c2:f4:98:1a:b5:87:77:ae:c5:df:15:5e:6d:7e:cc:
         72:d1:8c:b0:9a:62:b0:aa:e7:27:67:c6:f2:9c:22:e9:ed:63:
         fc:43:b8:d0:7c:3c:15:2b:db:4a:31:41:43:95:a3:4b:f3:d6:
         06:af:0a:32:f7:7d:30:a0:ff:b5:fc:b4:ad:01:5a:b3:4e:75:
         95:b4:c5:77:4d:db:6f:eb:5c:cb:04:4f:ef:8d:70:72:d6:a5:
         b5:1a:7c:e1:23:d2:18:e0:38:b0:a6:cc:6f:bb:25:47:f5:83:
         5f:16:74:63:0c:3c:68:49:24:ab:ca:e4:69:69:99:75:dc:3f:
         49:eb:95:f9:e9:0f:8e:21:9c:9a:fb:aa:0f:c4:e9:3c:2a:b4:
         46:55:c9:30:40:17:97:c5:f0:13:55:37:35:25:fd:32:3d:fb:
         ee:65:52:da:18:dd:c3:b1:1f:27:f7:d7:cf:a7:64:19:4b:1d:
         98:ce:30:71:d9:85:24:6b:c6:fd:15:7f:84:8d:65:12:9f:5c:
         3b:1f:7e:53:9b:e8:46:48:1c:48:2f:c3:f7:60:88:d0:15:0b:
         78:9b:d5:fc:d1:03:ea:4f:d1:e2:77:95:9d:06:18:10:9c:01:
         6b:67:81:e0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURObuf0CXFfNyZT7JVkOXDaeRhPYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjI1MDAxMTI5WhcNMjUwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTE4ZTQwMjI2ZjkxNzE1NjQ2ZTNlMTU2ZWNiM2ViZDEw
ZTQwOWQ0ZjFiZmFkMWMyMzc1MGU4M2YwYTc1ZDM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQjlEehoIe5Vx175zvT/5Enb7aJr9ckJF+CIAxTN6hWXP9
+3y7illOUPTDxjZfgBEMlxKdGz2uT0gIO0XBq2qdLVRx4LCCaPE+60yq7SYqpoN9
GDNDYJ9Mdq7CPhcu65CGLoZrL9bTnmxIfyftQS2W39q4XFH4xhN9Ij+O+/talfJb
VhNs+XEYYapOCAtT5Gg+3dy/xekGOE6cWzyVpzwTs73SF4Y1pIVXEI2szFGJLH9x
8osyKKYG0+sf6F4QnwioYDSxNFZQRDuJ4YGFCdx8GdodQ9XFTIYKG3Lvu4GG44iU
6d5cvxMwF1jKtQHJTsTi2SoDmwss++WNMfITBSIpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZyPKHyEmjFQZSc2HulVzxy+8j7QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4Y2M3MmVhLTkxNGItNDA2ZC1hNzEzLWViMGNiOTI0MGZmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAouzANBgkqhkiG9w0BAQsFAAOCAQEAiMLE6ikRk2IjP+JaHfUwY5VfCH2Z
wvSYGrWHd67F3xVebX7MctGMsJpisKrnJ2fG8pwi6e1j/EO40Hw8FSvbSjFBQ5Wj
S/PWBq8KMvd9MKD/tfy0rQFas051lbTFd03bb+tcywRP741wctaltRp84SPSGOA4
sKbMb7slR/WDXxZ0Yww8aEkkq8rkaWmZddw/SeuV+ekPjiGcmvuqD8TpPCq0RlXJ
MEAXl8XwE1U3NSX9Mj377mVS2hjdw7EfJ/fXz6dkGUsdmM4wcdmFJGvG/RV/hI1l
Ep9cOx9+U5voRkgcSC/D92CI0BULeJvV/NED6k/R4neVnQYYEJwBa2eB4A==
-----END CERTIFICATE-----