Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf0db80d-89dd-40a9-aa65-8ce696ebcb8f.roa
File:                     bf0db80d-89dd-40a9-aa65-8ce696ebcb8f.roa (raw, json)
Hash identifier:          MbhD/s41mEo+q2CiPj/OvUet+TUy+F9HBRZiQ0JZqSU=
Subject key identifier:   D5:18:CB:F4:B3:BE:B6:B7:9F:29:AC:A6:5D:D5:85:84:6C:97:AA:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B3ECFFDF9D80FF103412AD257924DBCB17379EE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf0db80d-89dd-40a9-aa65-8ce696ebcb8f.roa
Signing time:             Fri 13 Jun 2025 00:41:18 +0000
ROA not before:           Fri 13 Jun 2025 00:41:18 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.184.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:3e:cf:fd:f9:d8:0f:f1:03:41:2a:d2:57:92:4d:bc:b1:73:79:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 00:41:18 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=c9609334ce66dfbf9574592a984a0eee41ac64bd37ea31e51411944b46ff9f3a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:99:8c:f0:65:4d:99:2a:23:05:32:6c:21:0f:
                    0b:3f:dd:af:a4:cd:b1:de:89:10:6d:69:56:77:00:
                    15:6f:f9:8c:12:fd:43:14:85:02:01:b6:39:1b:ea:
                    c7:36:c3:52:82:fc:d7:ab:7a:4a:7e:5d:a0:84:27:
                    56:67:80:98:20:08:73:eb:8a:68:02:da:0f:9e:46:
                    6b:d8:bd:24:f5:11:e1:6d:c2:22:96:d3:52:97:85:
                    6e:cc:d5:9d:6a:e8:70:81:c9:b1:49:25:76:7d:7d:
                    3d:50:19:9a:13:da:93:e1:f5:6b:91:f2:37:b4:33:
                    d2:95:fc:9e:a5:71:64:1e:f0:0e:00:0e:37:6b:08:
                    42:38:67:0d:d3:6d:a1:c0:23:21:17:c7:87:57:4d:
                    40:69:01:5f:63:4a:ee:ad:39:d3:f7:c2:dd:9e:08:
                    07:bb:96:bd:90:2d:3b:f0:26:e5:c2:5c:93:4d:be:
                    15:e5:93:65:2e:0d:d6:d1:82:c7:bf:de:61:44:a3:
                    a7:d0:ac:ba:77:38:9b:91:61:fb:52:ea:f0:40:34:
                    0b:17:dc:38:8d:2c:e8:20:00:97:a7:50:4e:33:5a:
                    72:ce:e9:5a:6a:ef:5a:63:05:90:f8:0a:f5:9c:8d:
                    83:16:0a:c3:61:14:93:25:63:95:14:c3:dd:9b:26:
                    88:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:18:CB:F4:B3:BE:B6:B7:9F:29:AC:A6:5D:D5:85:84:6C:97:AA:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf0db80d-89dd-40a9-aa65-8ce696ebcb8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.184.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         44:8d:29:71:9e:f5:41:34:9c:64:af:8f:0b:8b:ab:cd:bc:1c:
         9f:b6:01:a0:59:5c:1d:a3:d5:4b:7d:e7:5c:ac:a6:f9:4f:2d:
         7f:23:01:fa:51:38:1d:41:52:e4:fe:25:78:dd:b5:9d:d5:11:
         65:e1:11:63:72:3b:77:eb:cb:fc:dd:83:65:be:5f:4c:17:4c:
         21:c8:d4:23:22:58:09:93:ad:bb:86:51:ae:f4:89:16:5f:07:
         47:c8:7f:0b:99:f7:eb:a5:c9:bf:c7:8b:6f:2a:8b:e9:70:c5:
         97:21:ed:0c:8b:5c:67:a4:b8:df:55:5e:cd:bd:21:8d:ed:4e:
         2f:c0:5e:87:2f:68:40:7e:d8:63:d2:ef:0d:4d:1c:9d:d3:44:
         c6:50:96:0b:1f:a5:8b:f1:c1:01:07:03:2d:70:cd:70:c0:f4:
         f6:e2:c3:af:00:dd:03:ce:bd:7f:eb:ca:d0:b8:34:49:1d:b8:
         c6:cd:f7:5e:b2:13:bc:15:e7:29:51:e8:0e:6e:bb:1e:b4:a8:
         3d:d6:96:f2:33:c1:f6:c6:09:c6:3b:b7:64:fd:84:cf:41:a8:
         91:7c:87:88:fd:41:00:1c:0c:c4:75:cc:dc:7e:9e:b0:e9:ee:
         75:73:d2:8c:b4:0e:fe:7b:1f:1d:d7:2a:0a:35:ac:8d:fe:79:
         c6:d9:1b:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCz7P/fnYD/EDQSrSV5JNvLFzee4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMDA0MTE4WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTYwOTMzNGNlNjZkZmJmOTU3NDU5MmE5ODRhMGVlZTQx
YWM2NGJkMzdlYTMxZTUxNDExOTQ0YjQ2ZmY5ZjNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8mYzwZU2ZKiMFMmwhDws/3a+kzbHeiRBtaVZ3ABVv+YwS
/UMUhQIBtjkb6sc2w1KC/Nerekp+XaCEJ1ZngJggCHPrimgC2g+eRmvYvST1EeFt
wiKW01KXhW7M1Z1q6HCBybFJJXZ9fT1QGZoT2pPh9WuR8je0M9KV/J6lcWQe8A4A
DjdrCEI4Zw3TbaHAIyEXx4dXTUBpAV9jSu6tOdP3wt2eCAe7lr2QLTvwJuXCXJNN
vhXlk2UuDdbRgse/3mFEo6fQrLp3OJuRYftS6vBANAsX3DiNLOggAJenUE4zWnLO
6Vpq71pjBZD4CvWcjYMWCsNhFJMlY5UUw92bJoh/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1RjL9LO+trefKaymXdWFhGyXqtMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmMGRiODBkLTg5ZGQtNDBhOS1hYTY1LThjZTY5NmViY2I4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYQuEAwDQYJKoZIhvcNAQELBQADggEBAESNKXGe9UE0nGSvjwuLq828HJ+2
AaBZXB2j1Ut951yspvlPLX8jAfpROB1BUuT+JXjdtZ3VEWXhEWNyO3fry/zdg2W+
X0wXTCHI1CMiWAmTrbuGUa70iRZfB0fIfwuZ9+ulyb/Hi28qi+lwxZch7QyLXGek
uN9VXs29IY3tTi/AXocvaEB+2GPS7w1NHJ3TRMZQlgsfpYvxwQEHAy1wzXDA9Pbi
w68A3QPOvX/rytC4NEkduMbN916yE7wV5ylR6A5uux60qD3WlvIzwfbGCcY7t2T9
hM9BqJF8h4j9QQAcDMR1zNx+nrDp7nVz0oy0Dv57Hx3XKgo1rI3+ecbZGzI=
-----END CERTIFICATE-----