Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
File:                     e834e04c-f563-4064-a1f9-706839ae47eb.roa (raw, json)
Hash identifier:          f6z76SuufvQGc42EX5NyZ08IOUUPBHMUXO+tC3XtAP4=
Subject key identifier:   5F:3B:9E:D0:7F:41:69:BF:9E:BB:D2:46:0B:1E:12:D5:E5:8C:58:A1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FCC9DE235913D7D01FA84DF65D2E6DC592DD35A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        16.116.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 25 Apr 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:cc:9d:e2:35:91:3d:7d:01:fa:84:df:65:d2:e6:dc:59:2d:d3:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=8d519e6eb1dd28212e85daf5fdfef12022f1314f271c7db34faf1e2ff2773fef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:79:fa:98:c9:6a:1a:a5:f0:75:2f:9b:f0:35:
                    7c:1a:9b:c0:f4:fb:16:42:20:fb:5e:36:76:32:46:
                    9d:c1:b9:6a:b5:79:15:ae:48:5a:c1:72:54:80:08:
                    b5:3e:d4:f9:57:de:2e:13:cd:2e:d4:74:c8:c4:29:
                    ef:48:59:53:d9:bd:99:d1:e4:7f:4e:4a:29:e5:6e:
                    8b:3a:29:94:01:54:4e:10:03:aa:1a:5d:8a:b8:48:
                    e0:33:74:f5:45:ea:1d:f0:6d:b7:4a:74:cd:67:b0:
                    99:8c:89:6d:70:16:d9:bf:e5:4f:b9:e2:15:86:d0:
                    11:b2:7d:c0:fa:6e:f8:81:0b:2b:88:b0:19:dc:86:
                    f3:42:39:13:97:0d:e2:ed:9c:8d:09:6e:b9:0b:d7:
                    a5:80:7a:29:a4:a4:47:c9:8d:5f:15:db:a5:df:c1:
                    a9:60:23:64:79:93:36:47:86:38:b5:47:45:c2:55:
                    91:38:95:ed:ec:b8:39:f0:7f:ca:55:74:e7:5d:9c:
                    ca:81:90:6e:8a:84:26:0c:d8:eb:a7:5b:90:f8:45:
                    81:2f:80:08:a9:5b:17:fc:c8:c2:b2:4c:a4:a6:af:
                    2b:9a:be:e0:a6:7b:f1:86:d0:88:3a:73:36:2e:de:
                    e3:45:18:e3:7b:1d:f8:38:00:ad:e6:96:a0:fb:7e:
                    75:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:3B:9E:D0:7F:41:69:BF:9E:BB:D2:46:0B:1E:12:D5:E5:8C:58:A1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.116.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1a:8e:7e:11:6c:d8:eb:e3:6f:a2:79:2e:7b:05:19:43:20:07:
         ae:77:01:56:d2:79:4a:72:f8:31:fa:be:74:c5:3d:53:f0:b5:
         8e:0f:f4:04:7a:4e:41:3a:d1:c0:df:65:77:73:c1:44:bf:0b:
         36:3a:46:b4:37:01:aa:a7:23:20:9a:32:2e:1e:f3:af:74:67:
         f1:b0:ca:b8:3a:b0:f1:c4:95:b8:6c:d7:a3:86:76:18:3d:54:
         29:56:e6:ed:4f:04:8c:9b:a6:cc:e8:dd:b3:d2:90:8a:77:b6:
         3f:b4:78:02:89:97:e8:29:50:46:aa:9a:2a:4d:75:93:2b:5a:
         6a:4f:b3:6c:a3:df:e4:86:b9:dd:6d:82:83:e2:b2:d7:f9:be:
         cc:54:28:ed:bf:57:96:4a:42:5c:9c:c0:ee:3c:68:31:3a:fb:
         84:40:dc:f4:76:32:fa:32:f2:92:1c:2b:3e:21:03:ad:67:fc:
         e0:c4:e7:e5:06:58:99:b8:e8:46:a9:c7:dc:2c:71:5c:97:2e:
         92:11:f1:36:58:24:69:c9:88:08:5d:e1:f2:6f:d2:26:57:3f:
         95:49:d2:10:bd:c8:92:c2:c3:1c:0c:be:30:a1:04:ed:ef:d9:
         4b:23:d2:ac:7f:f4:38:9d:8b:04:a0:65:c8:f8:93:42:8f:e4:
         b0:06:c0:9b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUP8yd4jWRPX0B+oTfZdLm3Fkt01owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDUxOWU2ZWIxZGQyODIxMmU4NWRhZjVmZGZlZjEyMDIy
ZjEzMTRmMjcxYzdkYjM0ZmFmMWUyZmYyNzczZmVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7efqYyWoapfB1L5vwNXwam8D0+xZCIPteNnYyRp3BuWq1
eRWuSFrBclSACLU+1PlX3i4TzS7UdMjEKe9IWVPZvZnR5H9OSinlbos6KZQBVE4Q
A6oaXYq4SOAzdPVF6h3wbbdKdM1nsJmMiW1wFtm/5U+54hWG0BGyfcD6bviBCyuI
sBnchvNCOROXDeLtnI0JbrkL16WAeimkpEfJjV8V26XfwalgI2R5kzZHhji1R0XC
VZE4le3suDnwf8pVdOddnMqBkG6KhCYM2OunW5D4RYEvgAipWxf8yMKyTKSmryua
vuCme/GG0Ig6czYu3uNFGON7Hfg4AK3mlqD7fnXbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUXzue0H9Bab+eu9JGCx4S1eWMWKEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4MzRlMDRjLWY1NjMtNDA2NC1hMWY5LTcwNjgzOWFlNDdlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdDANBgkqhkiG9w0BAQsFAAOCAQEAGo5+EWzY6+NvonkuewUZQyAHrncB
VtJ5SnL4Mfq+dMU9U/C1jg/0BHpOQTrRwN9ld3PBRL8LNjpGtDcBqqcjIJoyLh7z
r3Rn8bDKuDqw8cSVuGzXo4Z2GD1UKVbm7U8EjJumzOjds9KQine2P7R4AomX6ClQ
RqqaKk11kytaak+zbKPf5Ia53W2Cg+Ky1/m+zFQo7b9XlkpCXJzA7jxoMTr7hEDc
9HYy+jLykhwrPiEDrWf84MTn5QZYmbjoRqnH3CxxXJcukhHxNlgkacmICF3h8m/S
Jlc/lUnSEL3IksLDHAy+MKEE7e/ZSyPSrH/0OJ2LBKBlyPiTQo/ksAbAmw==
-----END CERTIFICATE-----