Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9ba2a87-d329-47eb-8f9e-502f1328b33e.roa
File:                     d9ba2a87-d329-47eb-8f9e-502f1328b33e.roa (raw, json)
Hash identifier:          fvfXRiVjtEtXYQkg9iuuNBckFJqQ9NZDibrjiXaTIJk=
Subject key identifier:   A8:1A:FA:37:97:00:97:BA:67:7A:BE:C9:3E:63:1E:45:9D:9D:B3:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A23B5ABE6AC2B138DA9C78A968AB74A1B81D5D4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9ba2a87-d329-47eb-8f9e-502f1328b33e.roa
Signing time:             Fri 13 Jun 2025 00:30:27 +0000
ROA not before:           Fri 13 Jun 2025 00:30:27 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.156.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:23:b5:ab:e6:ac:2b:13:8d:a9:c7:8a:96:8a:b7:4a:1b:81:d5:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 00:30:27 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=048f096629a28fd256d77db58433debb2f91d66545f6d333a91b1414e8d3c534, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ca:c0:ee:39:ba:b0:77:bb:f5:92:6c:de:5e:
                    d3:ce:d0:20:de:d5:98:68:47:f7:a4:1d:58:ab:ae:
                    8b:36:24:2b:c3:e3:c6:02:58:07:df:fa:d6:64:e8:
                    d6:cc:3f:58:39:14:13:bd:49:26:c9:ba:80:33:ea:
                    60:76:de:35:89:46:9b:fa:46:6a:35:b9:37:b8:51:
                    7a:97:36:7a:13:05:db:77:6a:35:32:54:62:4d:42:
                    67:7b:44:53:6e:3f:46:88:1b:f7:21:4d:35:b0:72:
                    01:e0:c4:bb:3a:9d:35:b7:63:79:a6:66:15:cc:7d:
                    38:61:bf:d8:3b:1e:c4:ec:99:4f:29:03:ed:60:73:
                    c0:81:24:87:b8:50:36:56:53:c8:1b:00:86:00:a9:
                    47:18:af:a9:84:de:09:74:7a:1f:37:15:dc:1e:8c:
                    a5:54:dc:e6:db:76:4f:9b:c2:8f:3e:bf:0c:bc:c0:
                    e7:14:99:e5:2e:32:46:1b:e0:11:24:77:84:1f:82:
                    b2:a7:cd:13:a2:95:ee:d3:f6:ed:cf:09:9d:2f:55:
                    c9:1f:d4:20:67:ea:bc:df:b9:ee:2f:cd:bd:9b:05:
                    cf:43:95:f0:f7:50:ca:cc:f8:32:34:28:d0:37:7e:
                    e4:35:d3:f6:0a:0e:8b:97:56:c1:da:9a:1a:44:b9:
                    5b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1A:FA:37:97:00:97:BA:67:7A:BE:C9:3E:63:1E:45:9D:9D:B3:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9ba2a87-d329-47eb-8f9e-502f1328b33e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.156.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         76:b3:b6:b4:3a:d8:34:36:f8:23:0c:6d:ea:5d:c2:80:88:d9:
         27:a5:a2:7f:93:b9:43:19:15:d7:73:3b:08:2a:e4:94:32:e7:
         84:41:22:1e:7d:92:4e:db:f8:a6:e0:a1:2f:c2:0f:14:dd:3b:
         72:4e:04:74:d2:cc:97:00:97:87:43:9b:3b:8d:88:de:9f:21:
         15:d5:d2:5a:ac:93:64:e2:75:3c:db:1a:62:1b:23:d9:67:8d:
         df:13:26:06:41:ba:18:61:4d:7a:be:81:88:13:1e:05:e0:3a:
         80:37:e5:6d:9d:1d:56:93:2e:e9:a3:8b:e3:f5:5b:c6:18:9b:
         80:5f:fa:cf:c0:f3:26:a6:5b:a7:ef:38:84:3c:6d:0a:af:74:
         3f:31:95:05:05:10:ff:f8:2b:ef:67:8e:25:7a:49:a9:06:08:
         fe:66:7d:d2:da:fa:66:36:a2:0b:b5:42:41:f0:1f:d9:3f:22:
         ac:5e:05:5e:09:a3:12:fa:23:cb:8a:69:8e:b3:2d:12:27:cb:
         11:56:c6:b9:da:75:5d:e7:b2:69:03:0e:b4:73:06:c7:16:cf:
         f7:c5:c1:8e:e3:7a:fa:03:56:8b:a5:15:a0:22:e4:80:2f:04:
         52:cb:42:c5:67:f7:b4:77:08:b3:db:d6:be:d6:e3:4b:f3:0c:
         b9:e4:0c:72
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeiO1q+asKxONqceKloq3ShuB1dQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMDAzMDI3WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDhmMDk2NjI5YTI4ZmQyNTZkNzdkYjU4NDMzZGViYjJm
OTFkNjY1NDVmNmQzMzNhOTFiMTQxNGU4ZDNjNTM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZysDuObqwd7v1kmzeXtPO0CDe1ZhoR/ekHVirros2JCvD
48YCWAff+tZk6NbMP1g5FBO9SSbJuoAz6mB23jWJRpv6Rmo1uTe4UXqXNnoTBdt3
ajUyVGJNQmd7RFNuP0aIG/chTTWwcgHgxLs6nTW3Y3mmZhXMfThhv9g7HsTsmU8p
A+1gc8CBJIe4UDZWU8gbAIYAqUcYr6mE3gl0eh83FdwejKVU3Obbdk+bwo8+vwy8
wOcUmeUuMkYb4BEkd4QfgrKnzROile7T9u3PCZ0vVckf1CBn6rzfue4vzb2bBc9D
lfD3UMrM+DI0KNA3fuQ10/YKDouXVsHamhpEuVspAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqBr6N5cAl7pner7JPmMeRZ2ds2owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5YmEyYTg3LWQzMjktNDdlYi04ZjllLTUwMmYxMzI4YjMzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIQnDANBgkqhkiG9w0BAQsFAAOCAQEAdrO2tDrYNDb4Iwxt6l3CgIjZJ6Wi
f5O5QxkV13M7CCrklDLnhEEiHn2STtv4puChL8IPFN07ck4EdNLMlwCXh0ObO42I
3p8hFdXSWqyTZOJ1PNsaYhsj2WeN3xMmBkG6GGFNer6BiBMeBeA6gDflbZ0dVpMu
6aOL4/VbxhibgF/6z8DzJqZbp+84hDxtCq90PzGVBQUQ//gr72eOJXpJqQYI/mZ9
0tr6ZjaiC7VCQfAf2T8irF4FXgmjEvojy4ppjrMtEifLEVbGudp1XeeyaQMOtHMG
xxbP98XBjuN6+gNWi6UVoCLkgC8EUstCxWf3tHcIs9vWvtbjS/MMueQMcg==
-----END CERTIFICATE-----