Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa
File:                     c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa (raw, json)
Hash identifier:          Nw5rnqRu5dfyHD/yxsmo/iIMXF6lOmNkD2NKv4QQg5s=
Subject key identifier:   DD:C2:DD:8F:26:8C:D0:31:B4:62:72:67:A4:45:33:EB:DF:7B:A5:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B6724B0DACF5E3A90C131BFE066615D2E63501D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa
Signing time:             Mon 18 Aug 2025 15:50:32 +0000
ROA not before:           Mon 18 Aug 2025 15:50:32 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.89.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:67:24:b0:da:cf:5e:3a:90:c1:31:bf:e0:66:61:5d:2e:63:50:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 18 15:50:32 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=4bc7b4b66895a1c415665bf9972c5707659af5e7babdbbd9ddc490426595f4c0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:49:ad:84:0a:fa:33:d6:47:cd:14:1b:81:6a:
                    6f:d4:e3:31:d2:e9:1e:3e:77:02:30:56:df:7c:bd:
                    9f:8c:da:8b:de:3a:30:6f:70:7e:28:fb:32:96:2a:
                    0c:99:59:62:27:97:b3:90:4c:36:d4:6d:49:8d:33:
                    99:d9:0e:58:a5:e0:32:4f:ca:fd:e9:4c:67:4a:48:
                    2e:8b:87:07:a4:ea:1d:e4:90:82:5b:0a:23:2a:27:
                    85:3f:d5:ab:a8:27:8f:3c:4d:89:1e:ae:b0:b9:0c:
                    fe:57:84:14:03:97:d8:ae:57:44:0e:a7:c6:23:d8:
                    4b:7d:50:13:71:92:e8:59:ab:e4:d5:2e:b0:d1:b2:
                    72:cc:c7:10:62:7c:2a:4d:2a:2c:12:f9:4c:c7:d0:
                    f7:09:6f:1c:38:da:37:6c:3e:2e:e2:35:1a:92:05:
                    86:4d:af:6a:2a:9b:e0:0d:e5:f8:3c:f5:1d:a8:a3:
                    2a:41:a5:3a:75:04:63:85:e7:49:88:b7:35:82:02:
                    f3:a9:67:95:f0:2a:f1:c3:57:b8:b3:e5:e1:91:fe:
                    42:1f:78:3c:a7:06:17:03:49:33:3d:ed:66:8a:4c:
                    e6:24:40:85:24:87:31:31:a7:e5:27:f3:b6:63:3a:
                    93:1c:c1:e5:46:46:11:cb:50:e9:c1:aa:ed:1b:f4:
                    af:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C2:DD:8F:26:8C:D0:31:B4:62:72:67:A4:45:33:EB:DF:7B:A5:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ab:66:42:d7:ba:ea:82:9e:f5:c6:62:56:3e:d6:80:2d:9e:9c:
         b4:42:4f:6a:14:e7:04:99:b9:36:c0:f7:1e:b4:ab:da:58:6c:
         f2:6b:cb:b0:60:88:0f:90:5e:92:4f:46:18:80:2e:6e:2f:ad:
         9d:2b:64:e1:7c:84:95:92:5a:75:69:59:b9:9b:5d:d6:0f:63:
         30:48:42:96:0e:59:e3:d4:d6:42:00:9a:f6:ab:03:1f:33:e2:
         da:3b:cb:85:03:fa:33:b2:02:b8:85:e3:af:77:69:7c:28:d1:
         27:45:2f:39:b6:ab:24:e1:14:4c:e6:ec:ad:98:49:df:25:0b:
         82:71:b7:50:57:12:8b:6d:c0:d3:6c:22:a7:9a:cb:2e:76:96:
         28:fc:c4:aa:ed:33:45:33:d9:e1:e4:a8:bd:ef:19:da:f7:01:
         1e:00:c0:21:59:dd:9a:ea:bf:e7:86:2b:66:82:18:ea:e2:4d:
         df:aa:d6:fe:d2:31:52:ba:48:6b:58:2b:ff:5f:75:25:93:96:
         ea:7d:3b:e6:02:db:a0:96:e2:02:00:05:18:ec:4e:ce:1e:80:
         db:c9:52:f1:30:e5:46:77:58:fd:3f:03:be:43:1f:62:e4:d3:
         1e:a0:f4:c7:4f:55:2e:83:14:75:8a:36:45:2c:36:91:18:d5:
         63:1b:44:08
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUK2cksNrPXjqQwTG/4GZhXS5jUB0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE4MTU1MDMyWhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmM3YjRiNjY4OTVhMWM0MTU2NjViZjk5NzJjNTcwNzY1
OWFmNWU3YmFiZGJiZDlkZGM0OTA0MjY1OTVmNGMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNSa2ECvoz1kfNFBuBam/U4zHS6R4+dwIwVt98vZ+M2ove
OjBvcH4o+zKWKgyZWWInl7OQTDbUbUmNM5nZDlil4DJPyv3pTGdKSC6Lhwek6h3k
kIJbCiMqJ4U/1auoJ488TYkerrC5DP5XhBQDl9iuV0QOp8Yj2Et9UBNxkuhZq+TV
LrDRsnLMxxBifCpNKiwS+UzH0PcJbxw42jdsPi7iNRqSBYZNr2oqm+AN5fg89R2o
oypBpTp1BGOF50mItzWCAvOpZ5XwKvHDV7iz5eGR/kIfeDynBhcDSTM97WaKTOYk
QIUkhzExp+Un87ZjOpMcweVGRhHLUOnBqu0b9K+zAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3cLdjyaM0DG0YnJnpEUz6997pTEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwZjcyYTE0LTcxYTktNDdhMS1hZDljLTFmOTEyOTA3OWJmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4WTANBgkqhkiG9w0BAQsFAAOCAQEAq2ZC17rqgp71xmJWPtaALZ6ctEJP
ahTnBJm5NsD3HrSr2lhs8mvLsGCID5Bekk9GGIAubi+tnStk4XyElZJadWlZuZtd
1g9jMEhClg5Z49TWQgCa9qsDHzPi2jvLhQP6M7ICuIXjr3dpfCjRJ0UvObarJOEU
TObsrZhJ3yULgnG3UFcSi23A02wip5rLLnaWKPzEqu0zRTPZ4eSove8Z2vcBHgDA
IVndmuq/54YrZoIY6uJN36rW/tIxUrpIa1gr/191JZOW6n075gLboJbiAgAFGOxO
zh6A28lS8TDlRndY/T8DvkMfYuTTHqD0x09VLoMUdYo2RSw2kRjVYxtECA==
-----END CERTIFICATE-----