Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/528b6591-3aae-49d5-aecd-8320249f6d0e.roa
File:                     528b6591-3aae-49d5-aecd-8320249f6d0e.roa (raw, json)
Hash identifier:          nvhmUl3ugCaM9aAJKP+q1dcejOBuDTcgAaW9yrPaDHs=
Subject key identifier:   AC:DA:0D:A0:C5:E5:DB:B8:DB:EB:E4:C2:A9:AA:6C:9F:DB:C2:B2:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7FBAAB5AF15DC5605D0754535010262A867CAA22
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/528b6591-3aae-49d5-aecd-8320249f6d0e.roa
Signing time:             Sat 15 Feb 2025 00:21:14 +0000
ROA not before:           Sat 15 Feb 2025 00:21:14 +0000
ROA not after:            Sat 22 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.17.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:ba:ab:5a:f1:5d:c5:60:5d:07:54:53:50:10:26:2a:86:7c:aa:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 15 00:21:14 2025 GMT
            Not After : Mar 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:28:24:72:2c:5e:07:f0:5a:52:19:2c:36:b7:
                    e6:2f:58:19:2f:95:91:a3:38:3e:b0:89:1d:25:6b:
                    ce:d5:52:f1:54:0a:24:af:bd:20:e7:a3:73:99:0a:
                    ce:78:df:97:8b:6d:86:58:b1:70:76:cb:37:17:6d:
                    d7:78:4e:95:32:ec:72:6f:d4:2f:41:e3:ce:18:42:
                    67:4a:a0:30:80:5a:50:21:2b:dd:05:d3:ed:10:5a:
                    4a:03:fd:7d:b7:14:c2:ba:b4:a6:31:cb:7a:54:d3:
                    81:71:55:d5:b4:ca:c5:57:d5:32:84:e0:6b:52:fa:
                    f0:19:cf:3a:80:43:b7:5c:fe:3f:20:c5:95:3d:16:
                    d3:3d:fd:e4:28:f6:c1:fe:fb:bf:20:e0:0c:1a:6a:
                    01:83:3f:99:8d:75:92:a9:5d:68:6e:d4:e4:1f:2c:
                    b5:36:4b:b8:49:3d:d8:ca:27:c8:11:8c:d1:49:ba:
                    9a:fb:9f:db:2e:96:da:42:61:22:15:32:71:b6:65:
                    ff:56:75:d6:9d:d0:1c:06:6b:3e:28:ff:da:f7:fb:
                    d8:44:8b:ca:26:fe:0c:b6:8c:8e:8f:8f:38:2f:0a:
                    02:7c:54:58:fd:61:fa:79:ec:a0:5b:cd:cb:7f:e4:
                    a3:1c:73:96:00:97:eb:25:13:01:f0:71:71:9a:1a:
                    73:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DA:0D:A0:C5:E5:DB:B8:DB:EB:E4:C2:A9:AA:6C:9F:DB:C2:B2:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/528b6591-3aae-49d5-aecd-8320249f6d0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:df:8b:aa:26:c8:cc:2b:89:df:83:7e:8a:09:de:2d:f1:be:
         2d:2e:5e:81:df:05:26:d6:dc:12:ce:96:fa:23:85:94:f2:92:
         31:1c:5a:9c:d5:90:61:2b:a6:8a:86:33:e7:9e:3f:85:a4:1a:
         30:62:46:a8:1e:58:23:98:4b:48:ff:7f:17:65:05:ce:33:ee:
         3a:01:3b:2d:6a:10:03:16:73:5a:02:07:a2:5d:3c:c5:d6:e5:
         4a:26:60:53:73:05:91:0c:77:8b:38:88:98:19:2a:cd:2f:e7:
         ee:3e:37:5f:28:c9:bd:b4:6a:66:16:5d:9d:a8:e6:b4:d3:2f:
         04:7a:03:10:b8:15:b8:a9:24:be:24:76:07:b9:bb:60:9c:6f:
         28:2b:16:fd:95:89:6c:00:fb:86:26:92:a9:66:66:22:fe:31:
         46:a8:7e:32:3c:0b:52:22:07:87:7a:0a:96:29:99:40:bd:63:
         5c:1d:a1:58:f3:16:e2:f6:29:b4:14:71:ec:d6:fd:4e:fd:53:
         d0:b1:c7:b1:88:50:25:55:9c:77:ca:09:0d:f2:f6:7c:c7:f7:
         9d:c6:2d:fc:2b:17:4f:05:87:55:e4:77:be:7a:48:66:9c:92:
         f2:00:8f:09:d6:50:a0:e9:07:83:50:5d:e2:f2:4a:db:dc:95:
         3c:da:48:48
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUf7qrWvFdxWBdB1RTUBAmKoZ8qiIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjE1MDAyMTE0WhcNMjUwMzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzFmN2EyMzNlZWQ0NTk5YTc1YTUwNTBjNjRmMWFiMWE5
ZDhkN2U3NTZjNjg5MzA0ZDNiYzcyY2M1YTQ1Y2NiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDyKCRyLF4H8FpSGSw2t+YvWBkvlZGjOD6wiR0la87VUvFU
CiSvvSDno3OZCs5435eLbYZYsXB2yzcXbdd4TpUy7HJv1C9B484YQmdKoDCAWlAh
K90F0+0QWkoD/X23FMK6tKYxy3pU04FxVdW0ysVX1TKE4GtS+vAZzzqAQ7dc/j8g
xZU9FtM9/eQo9sH++78g4AwaagGDP5mNdZKpXWhu1OQfLLU2S7hJPdjKJ8gRjNFJ
upr7n9sultpCYSIVMnG2Zf9Wddad0BwGaz4o/9r3+9hEi8om/gy2jI6PjzgvCgJ8
VFj9Yfp57KBbzct/5KMcc5YAl+slEwHwcXGaGnPBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUrNoNoMXl27jb6+TCqapsn9vCsi4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyOGI2NTkxLTNhYWUtNDlkNS1hZWNkLTgzMjAyNDlmNmQwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQETANBgkqhkiG9w0BAQsFAAOCAQEApN+LqibIzCuJ34N+igneLfG+LS5e
gd8FJtbcEs6W+iOFlPKSMRxanNWQYSumioYz554/haQaMGJGqB5YI5hLSP9/F2UF
zjPuOgE7LWoQAxZzWgIHol08xdblSiZgU3MFkQx3iziImBkqzS/n7j43XyjJvbRq
ZhZdnajmtNMvBHoDELgVuKkkviR2B7m7YJxvKCsW/ZWJbAD7hiaSqWZmIv4xRqh+
MjwLUiIHh3oKlimZQL1jXB2hWPMW4vYptBRx7Nb9Tv1T0LHHsYhQJVWcd8oJDfL2
fMf3ncYt/CsXTwWHVeR3vnpIZpyS8gCPCdZQoOkHg1Bd4vJK29yVPNpISA==
-----END CERTIFICATE-----