Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4963540b-ec7a-49a7-9f72-11cb956c55de.roa
File:                     4963540b-ec7a-49a7-9f72-11cb956c55de.roa (raw, json)
Hash identifier:          CeUaI0bjFciXUcHs/0TTj0uU+zGdxMYo/wb+MDiVJnw=
Subject key identifier:   F0:09:C7:8B:5E:7D:CE:02:C9:FA:9E:C6:10:BA:98:D0:A0:DC:22:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09CC82AC6F9B3F3A17A94DDAF4F2DB32F6D22235
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4963540b-ec7a-49a7-9f72-11cb956c55de.roa
Signing time:             Fri 23 May 2025 00:11:00 +0000
ROA not before:           Fri 23 May 2025 00:11:00 +0000
ROA not after:            Fri 27 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.120.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:cc:82:ac:6f:9b:3f:3a:17:a9:4d:da:f4:f2:db:32:f6:d2:22:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 23 00:11:00 2025 GMT
            Not After : Jun 27 23:59:59 2025 GMT
        Subject: serialNumber=eb4878ea9217797531a95de7b28e43f0e276775432cda8814dde9871cae859fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7c:1a:70:5f:11:83:84:b7:1e:87:80:e0:37:
                    57:71:45:82:5f:f9:0e:b8:28:b7:02:f4:74:28:b2:
                    f5:8a:cf:d2:d8:f2:3f:a2:c5:9c:c6:32:e2:23:02:
                    e8:03:2d:b2:a2:e5:2c:4d:8e:b3:30:7e:6d:fb:cf:
                    18:d8:a9:20:f6:92:ed:9c:ab:6b:96:46:97:ca:24:
                    d9:1c:96:34:73:fb:66:f7:9a:77:db:db:60:ad:fa:
                    69:e9:e7:c3:1a:6a:00:fb:3a:c0:19:f2:29:ec:71:
                    a6:00:0b:63:73:65:b6:36:1d:b6:87:05:fd:49:30:
                    07:5a:b4:5f:1f:ae:7a:da:c5:7e:07:45:d3:67:73:
                    1b:38:3b:5b:ef:7c:b3:b6:90:3d:db:46:8d:34:03:
                    e9:61:74:bd:35:74:2c:bf:76:43:9b:dd:89:be:90:
                    22:0a:16:c8:53:32:73:ef:3a:8c:b7:79:0a:00:41:
                    69:85:45:a2:c2:38:d2:76:f0:39:fc:ac:17:c9:f2:
                    55:0e:68:06:e4:86:f1:40:a2:85:e9:e4:f1:71:60:
                    8c:d2:34:b4:3a:ee:32:80:3a:09:fa:15:0d:ad:3b:
                    1d:76:8e:46:7b:59:fc:88:d3:4f:de:27:46:41:63:
                    ff:59:c9:33:e4:64:17:20:46:56:1a:5e:dd:80:a3:
                    44:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:09:C7:8B:5E:7D:CE:02:C9:FA:9E:C6:10:BA:98:D0:A0:DC:22:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4963540b-ec7a-49a7-9f72-11cb956c55de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.120.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:f3:fc:9a:6e:b1:60:2e:9f:e6:de:10:cd:f8:de:17:52:26:
         66:4f:fc:f7:67:01:e8:6d:75:6f:5c:ac:7d:61:a6:8d:2c:f5:
         47:28:71:44:fe:0d:f4:46:d4:cf:45:10:53:6e:95:8f:a5:d7:
         24:c6:4d:d5:c6:dd:99:ab:56:b4:fb:24:86:e3:16:ba:1a:ee:
         d3:b9:f3:b7:e0:b7:81:be:05:ef:29:14:96:f2:4a:ac:a3:bd:
         97:e4:cc:14:44:8e:9c:23:e4:af:8f:80:61:fc:0f:cc:53:72:
         8b:11:85:ce:ce:9f:86:1e:ef:2d:7b:88:92:1f:69:9a:5d:1a:
         31:4f:b7:15:f8:bc:2a:bc:ff:9d:e2:53:b7:e4:a9:ec:2d:c8:
         22:a9:3b:c7:93:16:5b:62:6b:a4:78:72:d5:aa:b7:5e:e9:3e:
         03:e5:fb:72:90:05:7e:6c:80:0d:15:c8:9b:b9:31:f5:90:65:
         a7:2e:79:f1:c8:ff:ef:b8:00:cd:cb:e1:c5:c9:e5:12:fa:59:
         9b:a5:08:70:96:19:aa:69:d6:d6:1b:6e:26:3e:19:0d:80:7a:
         c0:08:74:35:e7:9c:d8:40:6e:c6:27:34:c4:83:b2:51:8a:0d:
         02:10:b4:a4:a5:9a:61:79:d5:f3:65:08:6f:0c:84:04:13:89:
         9e:72:9e:8a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCcyCrG+bPzoXqU3a9PLbMvbSIjUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTIzMDAxMTAwWhcNMjUwNjI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjQ4NzhlYTkyMTc3OTc1MzFhOTVkZTdiMjhlNDNmMGUy
NzY3NzU0MzJjZGE4ODE0ZGRlOTg3MWNhZTg1OWZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWfBpwXxGDhLceh4DgN1dxRYJf+Q64KLcC9HQosvWKz9LY
8j+ixZzGMuIjAugDLbKi5SxNjrMwfm37zxjYqSD2ku2cq2uWRpfKJNkcljRz+2b3
mnfb22Ct+mnp58MaagD7OsAZ8inscaYAC2NzZbY2HbaHBf1JMAdatF8frnraxX4H
RdNncxs4O1vvfLO2kD3bRo00A+lhdL01dCy/dkOb3Ym+kCIKFshTMnPvOoy3eQoA
QWmFRaLCONJ28Dn8rBfJ8lUOaAbkhvFAooXp5PFxYIzSNLQ67jKAOgn6FQ2tOx12
jkZ7WfyI00/eJ0ZBY/9ZyTPkZBcgRlYaXt2Ao0SXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8AnHi159zgLJ+p7GELqY0KDcIo4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5NjM1NDBiLWVjN2EtNDlhNy05ZjcyLTExY2I5NTZjNTVkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQeDANBgkqhkiG9w0BAQsFAAOCAQEAWPP8mm6xYC6f5t4QzfjeF1ImZk/8
92cB6G11b1ysfWGmjSz1RyhxRP4N9EbUz0UQU26Vj6XXJMZN1cbdmatWtPskhuMW
uhru07nzt+C3gb4F7ykUlvJKrKO9l+TMFESOnCPkr4+AYfwPzFNyixGFzs6fhh7v
LXuIkh9pml0aMU+3Ffi8Krz/neJTt+Sp7C3IIqk7x5MWW2JrpHhy1aq3Xuk+A+X7
cpAFfmyADRXIm7kx9ZBlpy558cj/77gAzcvhxcnlEvpZm6UIcJYZqmnW1htuJj4Z
DYB6wAh0Neec2EBuxic0xIOyUYoNAhC0pKWaYXnV82UIbwyEBBOJnnKeig==
-----END CERTIFICATE-----