Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa
File:                     d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa (raw, json)
Hash identifier:          CFe8drLS4xcQf3doZZiX47+ER0R+T+/tG6b75Y51eSU=
Subject key identifier:   4A:47:74:BE:44:4A:99:3C:87:2B:2F:D8:84:19:26:45:5D:E0:E8:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4024DBDC27C6A7EEF7A181DF18D0052B884C48CB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa
Signing time:             Tue 08 Jul 2025 00:50:17 +0000
ROA not before:           Tue 08 Jul 2025 00:50:17 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.63.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 22 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:24:db:dc:27:c6:a7:ee:f7:a1:81:df:18:d0:05:2b:88:4c:48:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 00:50:17 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=3c5ea8618cd8cd7fd594e3def9ecc71a071015f420b55be7f3c8476048a7c73c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:e2:33:fa:01:db:d2:44:7c:30:1f:db:9c:b5:
                    6a:6d:37:f1:2f:9f:dd:99:8b:31:7c:e8:8e:8a:e6:
                    8b:6c:73:ed:67:8c:0f:2e:20:e6:02:4d:f9:2b:27:
                    43:d0:e7:7b:51:f9:ae:c4:73:13:e7:b9:29:74:15:
                    d0:38:ae:3d:ba:32:e5:e9:0b:3a:03:a7:4e:bf:f0:
                    80:a5:6b:29:53:74:49:8f:c1:2b:90:55:46:de:a6:
                    26:9e:ad:c1:68:82:ac:56:00:a3:8a:6a:c4:0c:a2:
                    5e:74:e5:08:8f:08:9f:97:14:93:33:54:20:9b:fb:
                    3d:21:61:02:aa:29:2d:f2:a1:e3:36:62:ae:3c:db:
                    37:15:72:ac:62:b9:dd:ad:53:f3:7e:80:05:16:a6:
                    65:c2:b0:a5:33:f6:e3:33:0e:ad:83:13:0c:ed:81:
                    0b:a0:4a:6a:ec:63:e3:71:48:f3:2e:8e:be:57:4d:
                    93:2d:20:02:64:9f:8e:88:ba:63:00:7f:33:87:4a:
                    34:c1:f4:8f:68:61:7c:13:0f:37:56:76:96:84:9a:
                    50:2a:72:cf:ac:55:76:22:65:07:ae:ac:fe:1b:c2:
                    23:bc:63:a9:79:f8:ce:f5:53:f3:90:af:62:f1:b0:
                    87:00:26:40:99:fe:ab:75:4a:ad:6d:93:68:11:f3:
                    12:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:47:74:BE:44:4A:99:3C:87:2B:2F:D8:84:19:26:45:5D:E0:E8:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2868e30-21b4-4516-a63c-fc76c09bb7d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.63.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:0f:02:6b:13:7a:a6:6e:bf:50:5a:71:de:5c:3f:15:ef:02:
         53:2c:89:fa:ae:07:f0:72:8c:86:08:d0:0a:d7:48:c2:cd:6c:
         1e:d4:e3:43:88:b5:8a:01:02:4c:33:e1:52:73:c0:eb:9b:56:
         c4:30:ec:be:49:72:12:a1:7f:62:28:3e:13:37:3c:bd:f4:6f:
         cf:23:d4:ce:68:1a:92:e5:61:d6:31:82:c8:2f:25:ce:c1:9e:
         00:e9:39:f9:bd:4c:f8:d9:e6:7c:78:46:2e:45:8d:be:00:cb:
         3c:43:30:ff:b4:21:cb:8e:41:74:ab:8e:88:fb:d9:c0:52:88:
         62:40:be:2b:0c:30:58:9f:d5:48:da:d9:27:57:da:16:96:7d:
         95:6a:a0:9c:e9:9e:36:3d:20:9a:10:22:45:a9:00:f1:72:d5:
         78:c3:65:41:40:bf:44:ab:72:fb:ba:ce:97:02:98:80:11:12:
         ca:91:67:d3:f7:8f:59:47:6e:d9:b3:4f:b8:51:4f:ad:1b:7f:
         c0:82:17:ca:fa:fe:ec:d5:50:86:ac:29:57:bb:a0:d9:32:0b:
         29:1f:ee:8c:59:e5:87:b2:c1:32:92:21:1d:3a:68:1d:46:74:
         30:76:a1:d4:e6:49:e8:53:bb:ca:b8:0d:cf:f0:03:bc:aa:86:
         ab:59:29:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQCTb3CfGp+73oYHfGNAFK4hMSMswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MDA1MDE3WhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzVlYTg2MThjZDhjZDdmZDU5NGUzZGVmOWVjYzcxYTA3
MTAxNWY0MjBiNTViZTdmM2M4NDc2MDQ4YTdjNzNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDG4jP6AdvSRHwwH9uctWptN/Evn92ZizF86I6K5otsc+1n
jA8uIOYCTfkrJ0PQ53tR+a7EcxPnuSl0FdA4rj26MuXpCzoDp06/8IClaylTdEmP
wSuQVUbepiaercFogqxWAKOKasQMol505QiPCJ+XFJMzVCCb+z0hYQKqKS3yoeM2
Yq482zcVcqxiud2tU/N+gAUWpmXCsKUz9uMzDq2DEwztgQugSmrsY+NxSPMujr5X
TZMtIAJkn46IumMAfzOHSjTB9I9oYXwTDzdWdpaEmlAqcs+sVXYiZQeurP4bwiO8
Y6l5+M71U/OQr2LxsIcAJkCZ/qt1Sq1tk2gR8xLdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSkd0vkRKmTyHKy/YhBkmRV3g6FswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyODY4ZTMwLTIxYjQtNDUxNi1hNjNjLWZjNzZjMDliYjdkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEQP1wwDQYJKoZIhvcNAQELBQADggEBAJMPAmsTeqZuv1Bacd5cPxXvAlMs
ifquB/ByjIYI0ArXSMLNbB7U40OItYoBAkwz4VJzwOubVsQw7L5JchKhf2IoPhM3
PL30b88j1M5oGpLlYdYxgsgvJc7BngDpOfm9TPjZ5nx4Ri5Fjb4AyzxDMP+0IcuO
QXSrjoj72cBSiGJAvisMMFif1Uja2SdX2haWfZVqoJzpnjY9IJoQIkWpAPFy1XjD
ZUFAv0Srcvu6zpcCmIAREsqRZ9P3j1lHbtmzT7hRT60bf8CCF8r6/uzVUIasKVe7
oNkyCykf7oxZ5YeywTKSIR06aB1GdDB2odTmSehTu8q4Dc/wA7yqhqtZKXQ=
-----END CERTIFICATE-----