Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa
File:                     3fa4f6da-6073-4400-a522-35f62e2343ee.roa (raw, json)
Hash identifier:          nD0QHTvtu2lil/V7raW2wznGK9XM4pvMvyCOOBIznzc=
Subject key identifier:   BA:37:38:E6:21:91:79:97:21:49:6C:4A:7C:57:77:60:2B:0D:1D:B4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C3542086351E82EA3C0D8C845C3A33853476456
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa
Signing time:             Mon 05 May 2025 15:30:23 +0000
ROA not before:           Mon 05 May 2025 15:30:23 +0000
ROA not after:            Mon 09 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.16.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 13 May 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:35:42:08:63:51:e8:2e:a3:c0:d8:c8:45:c3:a3:38:53:47:64:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May  5 15:30:23 2025 GMT
            Not After : Jun  9 23:59:59 2025 GMT
        Subject: serialNumber=a984cdc3efa4d9ee5fcd3b7968242dc3eea6bd64d2736c846631dcc3c9afc954, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:17:c2:9d:c1:52:5c:eb:15:84:7c:05:c2:10:
                    44:c8:80:ed:b7:50:18:dc:31:f5:fe:00:d0:bf:23:
                    25:a3:47:25:a3:ce:60:2e:e6:8d:59:1b:05:39:a3:
                    59:e2:80:39:19:72:83:dd:4d:a4:7d:4c:17:09:e4:
                    a0:3a:b9:92:18:b9:6a:d0:b9:32:95:3c:d8:f8:6e:
                    c9:be:ab:81:15:98:f5:0d:54:ec:a2:27:72:d1:05:
                    69:4b:14:8c:8c:95:bf:bc:bc:bc:da:7d:56:1a:f2:
                    7e:d2:9e:b9:b3:a9:f3:0e:7e:31:5c:4f:2d:77:e9:
                    98:32:2e:fb:61:5e:95:dd:0e:e8:f5:41:a4:48:0d:
                    03:6a:97:e6:00:b8:ec:0a:75:ac:63:11:7c:03:b8:
                    1a:b6:ca:8c:82:ec:f4:de:0e:05:6f:4f:b2:6e:9d:
                    2b:4d:21:47:e9:ba:52:e8:52:a3:a1:39:fc:b5:aa:
                    32:39:a3:b5:33:29:33:a8:ac:bb:ae:e2:29:12:88:
                    34:fa:9c:a2:f5:41:5a:bf:c8:77:0b:0f:b4:12:c6:
                    58:86:bb:c3:3a:52:8b:f1:cc:5d:a5:0b:04:fe:78:
                    73:7b:8f:fe:f2:6d:68:7a:ed:fb:cf:69:cd:42:11:
                    e3:4b:65:e1:53:96:55:74:03:a2:f9:09:de:f4:41:
                    7a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:37:38:E6:21:91:79:97:21:49:6C:4A:7C:57:77:60:2B:0D:1D:B4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c5:7c:64:b6:17:d8:4c:d9:43:29:d9:81:28:63:64:75:d4:be:
         69:bf:aa:b1:f6:ac:e4:df:83:be:f6:2e:81:b1:21:11:f9:67:
         83:84:33:26:ee:16:7e:96:07:a7:c6:d1:08:b5:45:85:2e:aa:
         86:ca:93:57:1b:ef:bb:c5:24:b6:e2:b8:4d:51:5b:15:71:27:
         d4:60:a0:0f:75:3f:9b:2d:cd:d5:cb:3e:48:f4:0d:43:eb:be:
         6d:f6:d3:4d:b2:9c:3e:e0:61:97:57:3b:28:b7:9c:43:3b:d7:
         c7:4a:85:24:b3:bc:88:63:63:63:8d:a5:94:52:67:e5:81:48:
         48:8e:14:c1:d2:a3:60:65:36:dc:cb:59:a9:a4:75:bc:0a:4f:
         84:81:11:93:ec:1d:1c:2a:0d:4a:f9:44:3f:cf:ca:5f:16:ca:
         c7:8c:11:ff:6c:2a:dd:41:af:c5:b9:0c:26:a3:e4:c8:3a:83:
         a1:7a:cb:ed:e0:82:9c:f9:eb:80:31:f6:51:6e:9a:d9:fe:25:
         87:c2:dc:13:05:cc:b6:16:ba:65:fd:0c:fb:04:9b:35:6d:6f:
         5c:1c:38:f5:07:08:c8:5d:2e:86:90:39:b3:a3:9c:41:f6:84:
         fe:bf:d3:f5:a8:f9:d1:c3:d0:74:7a:db:e5:d2:87:d2:f0:1b:
         17:32:d4:07
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULDVCCGNR6C6jwNjIRcOjOFNHZFYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTA1MTUzMDIzWhcNMjUwNjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTg0Y2RjM2VmYTRkOWVlNWZjZDNiNzk2ODI0MmRjM2Vl
YTZiZDY0ZDI3MzZjODQ2NjMxZGNjM2M5YWZjOTU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjF8KdwVJc6xWEfAXCEETIgO23UBjcMfX+ANC/IyWjRyWj
zmAu5o1ZGwU5o1nigDkZcoPdTaR9TBcJ5KA6uZIYuWrQuTKVPNj4bsm+q4EVmPUN
VOyiJ3LRBWlLFIyMlb+8vLzafVYa8n7SnrmzqfMOfjFcTy136ZgyLvthXpXdDuj1
QaRIDQNql+YAuOwKdaxjEXwDuBq2yoyC7PTeDgVvT7JunStNIUfpulLoUqOhOfy1
qjI5o7UzKTOorLuu4ikSiDT6nKL1QVq/yHcLD7QSxliGu8M6UovxzF2lCwT+eHN7
j/7ybWh67fvPac1CEeNLZeFTllV0A6L5Cd70QXoxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUujc45iGReZchSWxKfFd3YCsNHbQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmYTRmNmRhLTYwNzMtNDQwMC1hNTIyLTM1ZjYyZTIzNDNlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBHEDANBgkqhkiG9w0BAQsFAAOCAQEAxXxkthfYTNlDKdmBKGNkddS+ab+q
sfas5N+DvvYugbEhEflng4QzJu4WfpYHp8bRCLVFhS6qhsqTVxvvu8UktuK4TVFb
FXEn1GCgD3U/my3N1cs+SPQNQ+u+bfbTTbKcPuBhl1c7KLecQzvXx0qFJLO8iGNj
Y42llFJn5YFISI4UwdKjYGU23MtZqaR1vApPhIERk+wdHCoNSvlEP8/KXxbKx4wR
/2wq3UGvxbkMJqPkyDqDoXrL7eCCnPnrgDH2UW6a2f4lh8LcEwXMtha6Zf0M+wSb
NW1vXBw49QcIyF0uhpA5s6OcQfaE/r/T9aj50cPQdHrb5dKH0vAbFzLUBw==
-----END CERTIFICATE-----