Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
File:                     e834e04c-f563-4064-a1f9-706839ae47eb.roa (raw, json)
Hash identifier:          5fptde3RaM9+TSeO0X1hYvqfUbOMKwJLFqDkwH+L9+0=
Subject key identifier:   CD:73:E6:DF:02:37:0E:2A:75:DF:29:97:F6:11:5B:C1:B0:8A:DF:F7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D2789C190C3EF4321995D83B0C4C37943B4A108
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        16.116.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Sep 2023 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:27:89:c1:90:c3:ef:43:21:99:5d:83:b0:c4:c3:79:43:b4:a1:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=63067ff7d49a5222e281f863528f70c628fdac7dcae8eeec678fb92011e67c7c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b5:54:b5:bd:98:28:ec:b2:f4:be:76:50:b8:
                    5f:5e:61:a0:58:d4:f3:8f:93:31:ec:c3:af:d3:e8:
                    45:b1:d8:37:17:d5:c4:ae:aa:1c:20:38:f6:be:67:
                    29:7a:a5:bb:1e:56:bc:8a:27:50:e9:95:c1:66:17:
                    77:92:91:1d:30:d6:d3:29:81:1c:f5:f4:64:01:4b:
                    d6:59:f7:6f:b1:3b:4c:51:3e:2c:bf:f3:5d:27:17:
                    5c:16:79:03:a5:fc:86:92:58:e8:5c:5b:40:65:ee:
                    e8:51:08:78:73:cf:49:6b:01:b8:e3:ec:60:69:2d:
                    72:e7:8d:58:79:fa:f7:7e:db:ca:87:dd:97:cf:e0:
                    f3:dc:b8:fc:6b:f6:4f:ad:20:46:6c:9d:bf:e8:5c:
                    23:10:6a:98:a4:b4:67:17:07:9c:a8:b0:54:80:f7:
                    0b:d1:35:31:ef:8c:02:12:7c:87:39:b5:e4:c1:50:
                    7c:cd:dd:a0:96:27:c9:b5:7d:9e:ed:4b:61:8f:49:
                    98:3f:b3:17:aa:a0:6c:97:01:38:ea:73:48:12:2e:
                    e2:78:0b:7f:81:61:1e:1c:6a:17:2a:3c:28:68:ec:
                    98:e4:4b:88:a7:68:31:2e:cd:59:48:8e:77:27:6d:
                    68:56:41:72:2f:92:10:d6:fc:4e:ac:0e:82:00:07:
                    ff:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:73:E6:DF:02:37:0E:2A:75:DF:29:97:F6:11:5B:C1:B0:8A:DF:F7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.116.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         64:63:90:1f:41:b5:0a:5a:14:2f:0b:4d:d2:80:e0:7c:ce:4f:
         19:ed:bb:f7:c8:20:06:f4:ee:d4:3a:95:49:a1:05:01:42:ab:
         c3:a0:5b:f5:80:38:6e:8f:68:20:9d:1f:0d:d5:a3:58:4f:66:
         4f:58:85:81:f3:d4:c1:a2:f5:e3:b7:9b:1e:dd:f7:3b:1e:8a:
         d7:16:f9:c1:d4:06:8f:b0:0e:46:59:c9:7c:01:fa:72:d0:c0:
         33:3d:5a:1b:ef:09:7b:d9:ff:7c:df:d0:4a:5a:da:31:e8:f3:
         36:ed:b3:30:48:13:94:d1:cd:2b:44:64:e2:5f:d3:f2:6a:d7:
         3f:54:7c:05:b1:98:a6:e0:0b:da:02:70:93:ce:d2:0b:63:7c:
         ec:e1:30:a0:4d:de:cb:67:80:be:69:50:30:cd:74:ed:8b:77:
         0b:ac:58:f1:7a:1e:83:80:10:b0:ce:86:76:31:c7:6a:bc:c1:
         c3:e7:e9:9f:2b:37:b3:38:6b:dc:16:d5:09:10:ba:a9:d8:40:
         77:53:a1:48:cc:96:3e:b7:68:e1:38:ae:d0:f2:8c:87:6c:ba:
         09:54:bc:ea:57:c9:2a:36:f1:7f:40:52:c8:cb:91:30:de:b6:
         6d:c8:31:8c:33:53:bc:af:86:92:24:07:58:c8:e5:53:51:43:
         89:29:d5:1e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfSeJwZDD70MhmV2DsMTDeUO0oQgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMwOTIyMDAwMDAwWhcNMjMxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MzA2N2ZmN2Q0OWE1MjIyZTI4MWY4NjM1MjhmNzBjNjI4
ZmRhYzdkY2FlOGVlZWM2NzhmYjkyMDExZTY3YzdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUtVS1vZgo7LL0vnZQuF9eYaBY1POPkzHsw6/T6EWx2DcX
1cSuqhwgOPa+Zyl6pbseVryKJ1DplcFmF3eSkR0w1tMpgRz19GQBS9ZZ92+xO0xR
Piy/810nF1wWeQOl/IaSWOhcW0Bl7uhRCHhzz0lrAbjj7GBpLXLnjVh5+vd+28qH
3ZfP4PPcuPxr9k+tIEZsnb/oXCMQapiktGcXB5yosFSA9wvRNTHvjAISfIc5teTB
UHzN3aCWJ8m1fZ7tS2GPSZg/sxeqoGyXATjqc0gSLuJ4C3+BYR4cahcqPCho7Jjk
S4inaDEuzVlIjncnbWhWQXIvkhDW/E6sDoIAB/9JAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzXPm3wI3Dip13ymX9hFbwbCK3/cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4MzRlMDRjLWY1NjMtNDA2NC1hMWY5LTcwNjgzOWFlNDdlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdDANBgkqhkiG9w0BAQsFAAOCAQEAZGOQH0G1CloULwtN0oDgfM5PGe27
98ggBvTu1DqVSaEFAUKrw6Bb9YA4bo9oIJ0fDdWjWE9mT1iFgfPUwaL147ebHt33
Ox6K1xb5wdQGj7AORlnJfAH6ctDAMz1aG+8Je9n/fN/QSlraMejzNu2zMEgTlNHN
K0Rk4l/T8mrXP1R8BbGYpuAL2gJwk87SC2N87OEwoE3ey2eAvmlQMM107Yt3C6xY
8Xoeg4AQsM6GdjHHarzBw+fpnys3szhr3BbVCRC6qdhAd1OhSMyWPrdo4Tiu0PKM
h2y6CVS86lfJKjbxf0BSyMuRMN62bcgxjDNTvK+GkiQHWMjlU1FDiSnVHg==
-----END CERTIFICATE-----