Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425642c2-ae67-4aad-931d-f508fb8f82b3.roa
File:                     425642c2-ae67-4aad-931d-f508fb8f82b3.roa (raw, json)
Hash identifier:          tMva1W4QT29DAT3x4Fkocl9EeFWqLjWPsm4iOpLU6qU=
Subject key identifier:   F3:A7:B2:D9:78:46:8F:6E:5E:B1:4C:92:93:92:6E:9C:BA:98:A2:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D95F0EF85B4BBB535885134D0159DEBE51D0AE7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425642c2-ae67-4aad-931d-f508fb8f82b3.roa
Signing time:             Tue 22 Apr 2025 00:00:53 +0000
ROA not before:           Tue 22 Apr 2025 00:00:53 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.195.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:95:f0:ef:85:b4:bb:b5:35:88:51:34:d0:15:9d:eb:e5:1d:0a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 00:00:53 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=764642d7acfe69d60052beecd4b93c7848dc6426cc9c72d49d89bf40b82f1631, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1e:fd:b9:f3:55:ee:c4:fc:b7:76:b4:31:58:
                    3d:8c:56:8c:41:2b:ad:cd:7b:9f:e8:3c:94:34:c0:
                    ff:b9:0f:07:f7:49:36:e1:7e:07:4f:cd:15:40:e7:
                    df:78:a6:47:07:ea:fb:0d:41:83:7c:3e:70:a4:6e:
                    94:68:e1:8f:ba:77:34:2f:ee:b8:9f:98:fa:cb:81:
                    bc:00:32:72:af:0b:64:86:98:96:a2:df:80:40:fe:
                    56:5b:1b:7d:4a:fd:3b:21:f8:39:7c:cf:fc:88:e1:
                    0c:e2:b5:cf:f7:33:a7:02:e5:3d:59:0d:9d:6d:25:
                    28:df:2b:4e:dc:0e:c3:c5:5b:45:31:ce:2e:75:08:
                    cb:8d:7d:05:94:5a:c8:69:7c:90:04:68:31:bb:6e:
                    8e:41:79:0a:a4:3d:84:52:77:47:9c:ed:76:bb:dc:
                    be:aa:2b:ae:6f:0e:67:b9:43:2d:06:82:ce:c1:0b:
                    e3:39:db:4a:cc:8c:d3:7f:7a:7a:89:41:b5:0c:d7:
                    11:fe:64:e4:a2:2c:77:e4:aa:10:ff:19:d1:8e:d1:
                    a3:02:9f:5b:35:8c:03:f3:32:68:8d:1e:35:68:61:
                    98:e9:d1:2f:fd:26:47:31:77:fe:29:cc:eb:9e:79:
                    de:33:da:97:81:8d:a4:fb:6c:80:54:3d:5c:62:86:
                    a4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A7:B2:D9:78:46:8F:6E:5E:B1:4C:92:93:92:6E:9C:BA:98:A2:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425642c2-ae67-4aad-931d-f508fb8f82b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.195.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4a:72:f4:18:25:94:ef:c4:96:49:0e:cd:d9:30:a6:22:8d:9d:
         38:8a:cb:6e:8e:63:71:a2:ed:2d:29:86:1c:50:54:6e:37:2f:
         f6:bc:c1:30:6c:d9:f9:3f:6e:27:07:33:46:69:55:9d:ab:49:
         46:a4:b5:a1:63:a2:21:7c:63:74:11:c9:76:39:ca:b6:3e:30:
         39:4f:e5:c6:8a:29:09:8b:2e:20:97:b5:aa:43:0e:27:0a:b7:
         8a:bc:46:80:09:7b:23:51:49:94:cf:c0:54:7c:29:bf:1a:1d:
         5d:b8:91:b7:9b:24:69:ba:0c:f5:dd:05:89:75:73:59:7d:71:
         e3:28:9b:c5:ca:26:d5:e7:18:8d:e8:6f:20:27:98:6f:d0:10:
         65:56:02:17:4d:4f:9d:de:43:c1:db:e4:6f:a5:aa:3c:b8:ee:
         98:b6:68:9b:e0:45:fb:8d:eb:b3:f4:b7:57:e2:68:f2:4e:3f:
         72:98:1e:93:2b:47:0c:8b:5b:e4:cf:5d:fe:37:d4:76:9f:c4:
         b2:de:b2:6d:71:06:a6:3c:d2:31:46:95:e1:1d:13:be:85:2c:
         a9:e5:ca:40:56:0f:8d:39:c1:fd:78:7f:eb:be:2d:7a:99:db:
         a0:c9:a5:41:d4:08:72:53:06:ec:15:05:fc:8e:1c:76:4f:29:
         0b:45:03:0b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTZXw74W0u7U1iFE00BWd6+UdCucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMDAwMDUzWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjQ2NDJkN2FjZmU2OWQ2MDA1MmJlZWNkNGI5M2M3ODQ4
ZGM2NDI2Y2M5YzcyZDQ5ZDg5YmY0MGI4MmYxNjMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGHv2581XuxPy3drQxWD2MVoxBK63Ne5/oPJQ0wP+5Dwf3
STbhfgdPzRVA5994pkcH6vsNQYN8PnCkbpRo4Y+6dzQv7rifmPrLgbwAMnKvC2SG
mJai34BA/lZbG31K/Tsh+Dl8z/yI4Qzitc/3M6cC5T1ZDZ1tJSjfK07cDsPFW0Ux
zi51CMuNfQWUWshpfJAEaDG7bo5BeQqkPYRSd0ec7Xa73L6qK65vDme5Qy0Ggs7B
C+M520rMjNN/enqJQbUM1xH+ZOSiLHfkqhD/GdGO0aMCn1s1jAPzMmiNHjVoYZjp
0S/9Jkcxd/4pzOueed4z2peBjaT7bIBUPVxihqQRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU86ey2XhGj25esUySk5JunLqYosEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyNTY0MmMyLWFlNjctNGFhZC05MzFkLWY1MDhmYjhmODJiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQwzANBgkqhkiG9w0BAQsFAAOCAQEASnL0GCWU78SWSQ7N2TCmIo2dOIrL
bo5jcaLtLSmGHFBUbjcv9rzBMGzZ+T9uJwczRmlVnatJRqS1oWOiIXxjdBHJdjnK
tj4wOU/lxoopCYsuIJe1qkMOJwq3irxGgAl7I1FJlM/AVHwpvxodXbiRt5skaboM
9d0FiXVzWX1x4yibxcom1ecYjehvICeYb9AQZVYCF01Pnd5Dwdvkb6WqPLjumLZo
m+BF+43rs/S3V+Jo8k4/cpgekytHDItb5M9d/jfUdp/Est6ybXEGpjzSMUaV4R0T
voUsqeXKQFYPjTnB/Xh/674tepnboMmlQdQIclMG7BUF/I4cdk8pC0UDCw==
-----END CERTIFICATE-----