Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07dc4f6d-7b9d-49fa-9765-75c8f4dab02a.roa
File:                     07dc4f6d-7b9d-49fa-9765-75c8f4dab02a.roa (raw, json)
Hash identifier:          TvmyAHXWzhHA1JJBgtAGqbtF5Ra0p44tJOnJsZ/pQtM=
Subject key identifier:   E8:0A:94:90:E6:5A:14:D9:12:8E:F4:25:B7:F7:75:3B:32:53:2A:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A99DB59B9441BD07BC42F55235BCAD606049E86
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07dc4f6d-7b9d-49fa-9765-75c8f4dab02a.roa
Signing time:             Sat 24 May 2025 00:01:25 +0000
ROA not before:           Sat 24 May 2025 00:01:25 +0000
ROA not after:            Sat 28 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.76.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:99:db:59:b9:44:1b:d0:7b:c4:2f:55:23:5b:ca:d6:06:04:9e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 24 00:01:25 2025 GMT
            Not After : Jun 28 23:59:59 2025 GMT
        Subject: serialNumber=7dfb95680fc52b43a891abdf1808dfb3462cf2156047db0dab11655c508f7930, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c7:9d:fd:03:91:45:8e:60:a0:54:57:da:aa:
                    54:3b:56:0d:e1:81:ec:1b:4c:a4:0d:a5:b6:bb:05:
                    63:ba:8c:67:85:1e:ce:06:dc:90:36:ed:13:c2:1c:
                    aa:9c:45:7c:97:43:a1:0b:87:fe:93:9d:c2:fd:6d:
                    ab:ae:fa:34:95:b6:05:bd:00:b7:b1:e8:93:1c:e9:
                    8a:6b:36:b6:c0:68:5a:20:9f:41:a7:da:47:f5:5d:
                    dc:30:8f:11:5a:fb:10:aa:0d:4d:65:d4:2a:a5:d6:
                    7b:d7:09:9b:86:50:f8:51:b8:b3:81:cc:0a:47:7d:
                    20:3c:96:5f:98:b9:9a:89:14:e0:7c:0b:ac:95:91:
                    de:be:a8:b1:3e:7a:7d:c8:b7:9c:af:c7:1c:e5:9e:
                    da:42:2a:c6:8c:44:db:f8:f1:96:6b:3a:4b:c1:24:
                    15:fb:8f:45:39:65:2f:5e:df:10:03:ea:38:77:a3:
                    c2:4f:42:d4:20:8e:a1:6c:c0:aa:a7:37:9e:a2:d9:
                    7c:2e:97:c3:08:2f:4b:0b:45:7d:9e:be:17:d0:b6:
                    f5:fa:42:b9:8b:c8:39:33:4a:c5:63:5e:f3:ab:c0:
                    bb:b7:70:18:62:db:cd:86:bd:5e:2a:c8:a8:f9:b3:
                    79:1b:71:a8:f8:5f:6c:bb:95:61:b7:62:8d:c7:38:
                    9a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:0A:94:90:E6:5A:14:D9:12:8E:F4:25:B7:F7:75:3B:32:53:2A:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07dc4f6d-7b9d-49fa-9765-75c8f4dab02a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.76.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         15:2b:2a:65:c9:03:4c:2f:8b:ff:53:68:d5:da:39:26:7f:16:
         4a:22:d6:c0:df:cd:e2:20:bd:a0:8f:33:13:51:9d:7e:d2:51:
         de:07:5d:72:a3:85:25:90:60:c0:44:8a:31:39:56:11:0e:08:
         15:9f:de:03:fe:35:e4:4b:b5:0a:ca:cb:d4:2a:ae:b7:1b:3d:
         36:27:6e:c0:15:a6:6c:65:6e:b4:a5:91:21:34:89:e4:1f:11:
         b4:b7:55:c2:2c:5d:75:23:32:b2:d9:51:94:f0:78:69:a6:98:
         bc:98:fa:59:d8:c6:47:f7:ca:3d:40:eb:c0:ae:9c:e8:be:9a:
         67:02:0f:2a:b4:18:d2:c3:14:b0:69:14:ac:bc:73:dc:a2:34:
         75:69:33:d7:22:42:aa:27:6b:d6:90:48:7d:a4:7f:70:24:da:
         bc:56:04:78:90:c5:ac:ec:4f:d9:3f:cd:86:00:c4:d7:d4:a9:
         fb:c5:43:1d:3d:8e:af:72:9f:ad:b7:7d:9f:0e:fd:7d:21:4d:
         91:85:7e:1d:de:03:e7:6a:30:58:d5:2b:d9:4f:57:da:b6:c4:
         ba:8b:61:12:9a:d8:a3:fc:0a:22:08:30:f4:0d:ee:17:30:a1:
         f7:a6:01:3a:a6:09:93:e4:b0:8f:5c:d6:c5:f9:15:a2:92:48:
         f2:63:ee:67
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUapnbWblEG9B7xC9VI1vK1gYEnoYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTI0MDAwMTI1WhcNMjUwNjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZGZiOTU2ODBmYzUyYjQzYTg5MWFiZGYxODA4ZGZiMzQ2
MmNmMjE1NjA0N2RiMGRhYjExNjU1YzUwOGY3OTMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgx539A5FFjmCgVFfaqlQ7Vg3hgewbTKQNpba7BWO6jGeF
Hs4G3JA27RPCHKqcRXyXQ6ELh/6TncL9bauu+jSVtgW9ALex6JMc6YprNrbAaFog
n0Gn2kf1XdwwjxFa+xCqDU1l1Cql1nvXCZuGUPhRuLOBzApHfSA8ll+YuZqJFOB8
C6yVkd6+qLE+en3It5yvxxzlntpCKsaMRNv48ZZrOkvBJBX7j0U5ZS9e3xAD6jh3
o8JPQtQgjqFswKqnN56i2Xwul8MIL0sLRX2evhfQtvX6QrmLyDkzSsVjXvOrwLu3
cBhi282GvV4qyKj5s3kbcaj4X2y7lWG3Yo3HOJrbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6AqUkOZaFNkSjvQlt/d1OzJTKlgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA3ZGM0ZjZkLTdiOWQtNDlmYS05NzY1LTc1YzhmNGRhYjAyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQTDANBgkqhkiG9w0BAQsFAAOCAQEAFSsqZckDTC+L/1No1do5Jn8WSiLW
wN/N4iC9oI8zE1GdftJR3gddcqOFJZBgwESKMTlWEQ4IFZ/eA/415Eu1CsrL1Cqu
txs9NiduwBWmbGVutKWRITSJ5B8RtLdVwixddSMystlRlPB4aaaYvJj6WdjGR/fK
PUDrwK6c6L6aZwIPKrQY0sMUsGkUrLxz3KI0dWkz1yJCqidr1pBIfaR/cCTavFYE
eJDFrOxP2T/NhgDE19Sp+8VDHT2Or3Kfrbd9nw79fSFNkYV+Hd4D52owWNUr2U9X
2rbEuothEprYo/wKIggw9A3uFzCh96YBOqYJk+Swj1zWxfkVopJI8mPuZw==
-----END CERTIFICATE-----