Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
File:                     e834e04c-f563-4064-a1f9-706839ae47eb.roa (raw, json)
Hash identifier:          sYh5DIYbSd43ENyC2X0FnaLtz7J0u0sNNsepMsyNV/Q=
Subject key identifier:   BC:B7:7E:34:86:C2:0B:F1:60:2E:C7:96:D0:F4:E6:DF:CE:10:7C:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2D1D4BCE965471D2B05961D4790FECA7BA7940BF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
Signing time:             Wed 12 Mar 2025 00:01:42 +0000
ROA not before:           Wed 12 Mar 2025 00:01:42 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.116.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:1d:4b:ce:96:54:71:d2:b0:59:61:d4:79:0f:ec:a7:ba:79:40:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:01:42 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5c:fb:8e:93:56:1d:bd:b2:8d:34:bf:1b:49:
                    47:91:ab:31:45:32:ec:b2:a0:c5:a8:ce:50:6a:cb:
                    4f:ce:7a:e3:0d:8a:e8:48:55:fc:28:a2:26:47:b0:
                    89:73:59:09:ad:5a:07:08:55:03:ae:12:68:4e:c9:
                    f9:c5:9d:32:78:a4:9b:4c:c9:9b:ee:5a:28:a2:35:
                    c2:bf:60:16:c8:b9:f7:49:e8:e1:4c:11:e8:5d:19:
                    eb:ba:fd:26:b6:0b:1d:bc:20:1d:be:4d:d3:73:48:
                    3a:55:c4:58:88:d2:39:36:93:b0:b3:82:36:04:92:
                    8a:a2:bd:62:a9:d4:a6:21:b8:e8:e2:aa:da:60:24:
                    70:8a:f6:31:23:63:1c:5b:fb:da:0b:81:c9:bc:ee:
                    4c:b7:e9:34:57:48:8a:52:dd:7d:f9:ae:12:76:7a:
                    a1:52:ea:ff:7a:1c:95:c6:de:d4:90:3e:d3:8b:ed:
                    91:4b:45:32:5d:d9:a1:25:6c:59:0a:bd:08:a7:cf:
                    fc:bc:3d:5a:9b:98:0b:3b:95:f3:b6:27:34:39:03:
                    cd:3c:af:92:c5:84:b7:59:11:3a:89:a6:1a:03:92:
                    90:37:06:70:75:70:49:94:c3:34:c5:e9:6e:bb:bf:
                    da:15:0b:75:a1:da:ad:fe:85:ea:c4:50:75:e5:58:
                    dd:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B7:7E:34:86:C2:0B:F1:60:2E:C7:96:D0:F4:E6:DF:CE:10:7C:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.116.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d3:dc:fa:70:60:71:06:20:48:99:42:0c:08:81:97:f7:6f:20:
         8d:aa:1b:c0:d8:06:85:cd:e6:4e:ae:47:07:df:5d:34:b7:f3:
         5f:c2:b0:24:97:b5:2c:53:05:95:3f:ec:c9:f1:9f:3e:de:87:
         9e:94:72:b1:41:ce:a2:11:cc:d4:04:d1:a6:9d:ef:16:97:fc:
         8f:73:8f:e4:a5:e0:8e:0a:aa:bb:4d:11:26:b9:1b:d5:b8:c8:
         46:e5:91:48:37:fa:74:1a:ea:45:6f:4b:07:26:53:a1:a6:eb:
         04:46:82:34:26:b8:71:3a:78:b2:de:a6:ea:c9:f0:81:15:a5:
         34:c2:f4:7d:53:b6:78:b3:4a:3d:f4:49:3f:e2:13:27:b0:43:
         ae:de:91:51:b5:92:c0:fd:ad:56:2a:01:18:58:94:ff:59:8e:
         3b:4e:3c:a9:c1:fa:e9:d3:92:06:81:3e:25:98:4d:4c:7c:ea:
         09:f8:dc:e3:fe:be:85:1e:5e:b0:60:a8:f6:66:65:f1:04:34:
         90:e3:21:e9:1e:30:93:a7:33:c2:92:0d:12:54:0b:d9:2c:c6:
         0e:d5:e2:2a:90:85:45:20:c4:b9:d0:32:3a:16:35:ec:78:ef:
         fc:4a:46:e9:99:02:86:4b:57:d0:ba:86:23:e5:cf:58:fe:ee:
         fd:61:09:71
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULR1LzpZUcdKwWWHUeQ/sp7p5QL8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAwMTQyWhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OGU0YmUwM2RjOGVkM2ZlN2NiYTZkNjRiMzg1ODEwOTk0
OGZiZGFiZmNjNDQwOTRmZTI4OTRlYmViNzY0MTMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiXPuOk1YdvbKNNL8bSUeRqzFFMuyyoMWozlBqy0/OeuMN
iuhIVfwooiZHsIlzWQmtWgcIVQOuEmhOyfnFnTJ4pJtMyZvuWiiiNcK/YBbIufdJ
6OFMEehdGeu6/Sa2Cx28IB2+TdNzSDpVxFiI0jk2k7CzgjYEkoqivWKp1KYhuOji
qtpgJHCK9jEjYxxb+9oLgcm87ky36TRXSIpS3X35rhJ2eqFS6v96HJXG3tSQPtOL
7ZFLRTJd2aElbFkKvQinz/y8PVqbmAs7lfO2JzQ5A808r5LFhLdZETqJphoDkpA3
BnB1cEmUwzTF6W67v9oVC3Wh2q3+herEUHXlWN2tAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvLd+NIbCC/FgLseW0PTm384QfH0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4MzRlMDRjLWY1NjMtNDA2NC1hMWY5LTcwNjgzOWFlNDdlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdDANBgkqhkiG9w0BAQsFAAOCAQEA09z6cGBxBiBImUIMCIGX928gjaob
wNgGhc3mTq5HB99dNLfzX8KwJJe1LFMFlT/syfGfPt6HnpRysUHOohHM1ATRpp3v
Fpf8j3OP5KXgjgqqu00RJrkb1bjIRuWRSDf6dBrqRW9LByZToabrBEaCNCa4cTp4
st6m6snwgRWlNML0fVO2eLNKPfRJP+ITJ7BDrt6RUbWSwP2tVioBGFiU/1mOO048
qcH66dOSBoE+JZhNTHzqCfjc4/6+hR5esGCo9mZl8QQ0kOMh6R4wk6czwpINElQL
2SzGDtXiKpCFRSDEudAyOhY17Hjv/EpG6ZkChktX0LqGI+XPWP7u/WEJcQ==
-----END CERTIFICATE-----