Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/113d5556-8776-4980-8481-4392894f76ea.roa
File:                     113d5556-8776-4980-8481-4392894f76ea.roa (raw, json)
Hash identifier:          x1KIU38vCnMXemIDpi9aWW8FyT4IymW7j1fsVnJjFdI=
Subject key identifier:   87:B4:F1:0F:26:F3:E0:5A:23:B2:C7:4E:D9:AA:C8:6E:19:6C:C6:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D3802709000837D83ED2BF0D6FA20622142A783
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/113d5556-8776-4980-8481-4392894f76ea.roa
Signing time:             Wed 12 Mar 2025 00:11:04 +0000
ROA not before:           Wed 12 Mar 2025 00:11:04 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.94.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:38:02:70:90:00:83:7d:83:ed:2b:f0:d6:fa:20:62:21:42:a7:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:11:04 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:31:46:19:00:7d:59:15:a3:28:81:22:ce:46:
                    91:2e:27:82:e7:85:1f:68:5b:b7:04:e1:cb:43:57:
                    06:8a:4c:bc:32:5e:e3:7f:a0:85:64:4e:97:c6:a9:
                    76:b5:45:a9:a0:0c:63:44:a5:bf:33:0b:c5:7d:20:
                    c5:61:d1:7d:fb:54:ad:7d:18:c5:e9:86:8d:32:5a:
                    57:f2:8f:42:b0:b2:87:7a:f1:20:e3:bb:22:b6:e6:
                    52:9e:9c:d9:a5:1b:b8:df:8f:24:fb:47:19:5b:a4:
                    6f:23:5f:29:3a:2b:b2:42:48:81:c3:98:57:40:d9:
                    0d:7f:15:a3:f3:ce:06:dc:2c:cb:a7:75:f1:57:0a:
                    fb:5f:ec:1b:09:f7:20:a9:11:9d:c5:f6:23:a8:8c:
                    ae:ee:a6:47:e9:88:ee:8c:40:cc:09:25:23:98:7b:
                    7f:41:a2:29:13:2b:1e:4f:7e:2c:37:dc:d2:27:8c:
                    00:fa:b7:ed:be:b6:57:29:54:50:a2:75:69:fe:af:
                    91:df:87:c1:1c:5a:5e:06:50:fa:45:49:63:a0:76:
                    22:35:b1:34:2e:d5:af:82:8a:a7:12:1c:ee:70:05:
                    82:91:d3:fb:3f:23:ae:bf:10:68:6a:1f:03:dd:e6:
                    70:ea:b2:86:f5:76:37:87:c4:73:44:bd:89:ee:fd:
                    3e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B4:F1:0F:26:F3:E0:5A:23:B2:C7:4E:D9:AA:C8:6E:19:6C:C6:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/113d5556-8776-4980-8481-4392894f76ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.94.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2a:36:0b:f2:8f:c9:0d:6e:0c:86:7b:a2:c3:b7:85:3e:e4:68:
         c5:d3:2f:f2:f6:52:89:0a:b1:44:d0:26:41:16:94:0c:d0:cb:
         ba:4a:a5:92:f6:fa:cc:00:73:b5:ae:f1:82:a9:62:13:98:7b:
         f4:34:84:5e:55:31:b3:85:82:a3:58:b5:a1:e8:65:dd:a4:54:
         98:3b:31:1d:c2:ed:cf:d4:e8:f1:bf:26:a0:f3:fe:cc:c8:d1:
         90:bd:3d:98:08:a8:72:7f:3b:8b:0d:2d:6d:12:22:39:18:b5:
         79:40:ba:79:29:cc:1a:e4:e3:51:53:10:cd:46:8a:ca:30:86:
         3e:bf:5a:77:3b:51:65:53:4e:cb:17:67:b6:e2:d1:44:46:86:
         1e:5a:a4:11:4c:b9:19:fc:1e:c3:6b:6b:e7:b3:04:93:66:96:
         12:d1:ef:42:dc:36:a8:52:9f:56:ee:df:92:ba:9c:3b:a3:2e:
         82:4d:3c:92:09:3e:6b:63:37:2b:ea:dc:6e:0e:ae:47:64:11:
         76:89:6b:85:89:91:cd:a0:da:b2:26:ac:87:12:7c:63:0e:da:
         71:3d:ea:10:58:36:92:b7:62:e5:d1:2d:59:9b:2a:0f:2a:72:
         95:cc:47:d1:42:9c:c0:bc:fb:e8:51:a1:4b:04:06:df:48:a6:
         49:bc:e4:f7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTTgCcJAAg32D7Svw1vogYiFCp4MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAxMTA0WhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzVlNmZkYmY0MmRmMDk4NTUzNzYyYmUwNzk2NzBhYTY1
ZTUyZGIxMzVmMzk1ZGU4MDVjODlmMmVkZGY4NzQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDyMUYZAH1ZFaMogSLORpEuJ4LnhR9oW7cE4ctDVwaKTLwy
XuN/oIVkTpfGqXa1RamgDGNEpb8zC8V9IMVh0X37VK19GMXpho0yWlfyj0Kwsod6
8SDjuyK25lKenNmlG7jfjyT7RxlbpG8jXyk6K7JCSIHDmFdA2Q1/FaPzzgbcLMun
dfFXCvtf7BsJ9yCpEZ3F9iOojK7upkfpiO6MQMwJJSOYe39BoikTKx5Pfiw33NIn
jAD6t+2+tlcpVFCidWn+r5Hfh8EcWl4GUPpFSWOgdiI1sTQu1a+CiqcSHO5wBYKR
0/s/I66/EGhqHwPd5nDqsob1djeHxHNEvYnu/T57AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUh7TxDybz4FojssdO2arIbhlsxjMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExM2Q1NTU2LTg3NzYtNDk4MC04NDgxLTQzOTI4OTRmNzZlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQXjANBgkqhkiG9w0BAQsFAAOCAQEAKjYL8o/JDW4Mhnuiw7eFPuRoxdMv
8vZSiQqxRNAmQRaUDNDLukqlkvb6zABzta7xgqliE5h79DSEXlUxs4WCo1i1oehl
3aRUmDsxHcLtz9To8b8moPP+zMjRkL09mAiocn87iw0tbRIiORi1eUC6eSnMGuTj
UVMQzUaKyjCGPr9adztRZVNOyxdntuLRREaGHlqkEUy5Gfwew2tr57MEk2aWEtHv
Qtw2qFKfVu7fkrqcO6Mugk08kgk+a2M3K+rcbg6uR2QRdolrhYmRzaDasiashxJ8
Yw7acT3qEFg2krdi5dEtWZsqDypylcxH0UKcwLz76FGhSwQG30imSbzk9w==
-----END CERTIFICATE-----