Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/844abc15-f137-4ba6-91a9-3db90fdebd62.roa
File:                     844abc15-f137-4ba6-91a9-3db90fdebd62.roa (raw, json)
Hash identifier:          WhSu6QVkezzon7Q0PuxuavQcbMCBSYP/oTpLOvHAecA=
Subject key identifier:   4A:6F:70:90:16:3B:14:1F:AD:1A:96:DE:24:D2:93:EF:41:D3:23:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       16EA7BA1773854DD657596CEC55F94534C52883E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/844abc15-f137-4ba6-91a9-3db90fdebd62.roa
Signing time:             Mon 11 Aug 2025 15:10:19 +0000
ROA not before:           Mon 11 Aug 2025 15:10:19 +0000
ROA not after:            Mon 15 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.27.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:ea:7b:a1:77:38:54:dd:65:75:96:ce:c5:5f:94:53:4c:52:88:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 11 15:10:19 2025 GMT
            Not After : Sep 15 23:59:59 2025 GMT
        Subject: serialNumber=eb9cc433e5081f165302a544f4cdafc0d43d40b3b44f37b891c6000f714dbb60, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a1:a6:85:b2:3a:fb:43:85:5a:33:71:b2:04:
                    e7:9c:6e:97:76:b2:59:b0:86:44:d5:cb:15:14:ba:
                    cf:31:6e:b9:32:f0:b5:8c:06:40:f8:91:be:3b:13:
                    a0:6b:f2:f0:4a:ec:25:f7:97:2a:6f:c2:48:30:a2:
                    b7:a1:49:35:82:8e:c1:2a:d4:3c:8d:52:48:c6:98:
                    4f:4a:cd:80:60:1b:01:8c:c6:ff:4e:00:42:d7:26:
                    a2:04:a6:26:8b:d1:09:1c:be:e0:b1:d1:bd:ff:5e:
                    fd:39:c8:9b:6e:12:c1:dc:03:ac:4b:2f:c4:b5:73:
                    1b:09:b6:ae:e7:72:96:7a:ba:d9:c6:b6:dd:04:26:
                    00:fa:0a:29:47:54:ed:4f:d5:83:08:e6:6a:ce:c4:
                    c3:08:d2:e5:88:c6:10:d5:02:71:e3:d2:0a:54:c8:
                    27:be:75:c3:f1:28:bd:13:b2:1f:db:c3:f3:10:15:
                    3b:0a:69:62:fb:4a:51:a3:56:29:90:be:ff:29:fe:
                    29:c5:cf:a1:6d:97:2c:4a:d6:c6:ae:16:d8:d9:e3:
                    48:8e:e6:cd:58:6b:5d:12:c1:52:37:c1:01:9a:cd:
                    b2:d0:c6:e8:08:3b:f0:14:ec:e7:20:e7:e2:c0:60:
                    17:d5:12:40:7f:8d:45:ce:7b:c1:21:9a:46:eb:e6:
                    01:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:6F:70:90:16:3B:14:1F:AD:1A:96:DE:24:D2:93:EF:41:D3:23:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/844abc15-f137-4ba6-91a9-3db90fdebd62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.27.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         24:d9:33:9c:ff:03:d6:35:c3:b3:8f:a3:2d:f6:9b:10:d7:93:
         bd:7c:7e:45:ee:ba:8f:7f:55:1b:a4:f9:90:35:22:b2:b8:8c:
         78:a9:7b:fe:6a:da:ee:c8:1a:f2:1e:d7:3b:ed:01:bc:bf:18:
         be:e2:0a:17:0f:26:e4:b8:2f:d3:d8:26:83:bf:93:4c:13:73:
         d6:ee:5e:ba:90:92:de:fb:3c:10:d8:a2:8c:55:59:94:43:bd:
         5c:54:1c:b0:76:95:a3:97:e1:32:7a:bd:de:9a:c5:76:52:e7:
         2b:9c:93:6c:cd:47:91:b7:7e:52:07:f6:0d:d2:97:fa:40:ff:
         dd:c5:a0:ac:0b:22:b6:f5:cc:4f:6c:c6:07:1d:a5:8e:49:2f:
         b3:d9:bc:81:94:af:59:1a:dd:99:4a:ac:b9:39:f2:90:98:52:
         f8:4c:58:cf:02:3d:b6:09:ac:03:f4:9f:ae:6d:9c:c7:34:71:
         45:36:4e:9a:30:fc:28:6f:13:73:6b:81:95:f4:7e:b1:84:05:
         bd:7e:f6:07:82:13:91:97:fc:0d:dd:48:a0:bb:8e:11:37:92:
         83:29:95:90:dc:1c:0d:bc:67:9f:06:0c:d8:75:98:af:e8:80:
         43:10:88:9e:19:79:f5:db:cb:d3:69:01:70:a9:09:1b:d8:c3:
         4f:56:d0:22
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFup7oXc4VN1ldZbOxV+UU0xSiD4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODExMTUxMDE5WhcNMjUwOTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjljYzQzM2U1MDgxZjE2NTMwMmE1NDRmNGNkYWZjMGQ0
M2Q0MGIzYjQ0ZjM3Yjg5MWM2MDAwZjcxNGRiYjYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCooaaFsjr7Q4VaM3GyBOecbpd2slmwhkTVyxUUus8xbrky
8LWMBkD4kb47E6Br8vBK7CX3lypvwkgworehSTWCjsEq1DyNUkjGmE9KzYBgGwGM
xv9OAELXJqIEpiaL0QkcvuCx0b3/Xv05yJtuEsHcA6xLL8S1cxsJtq7ncpZ6utnG
tt0EJgD6CilHVO1P1YMI5mrOxMMI0uWIxhDVAnHj0gpUyCe+dcPxKL0Tsh/bw/MQ
FTsKaWL7SlGjVimQvv8p/inFz6FtlyxK1sauFtjZ40iO5s1Ya10SwVI3wQGazbLQ
xugIO/AU7Ocg5+LAYBfVEkB/jUXOe8Ehmkbr5gHvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUSm9wkBY7FB+tGpbeJNKT70HTI4MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg0NGFiYzE1LWYxMzctNGJhNi05MWE5LTNkYjkwZmRlYmQ2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQGzANBgkqhkiG9w0BAQsFAAOCAQEAJNkznP8D1jXDs4+jLfabENeTvXx+
Re66j39VG6T5kDUisriMeKl7/mra7sga8h7XO+0BvL8YvuIKFw8m5Lgv09gmg7+T
TBNz1u5eupCS3vs8ENiijFVZlEO9XFQcsHaVo5fhMnq93prFdlLnK5yTbM1Hkbd+
Ugf2DdKX+kD/3cWgrAsitvXMT2zGBx2ljkkvs9m8gZSvWRrdmUqsuTnykJhS+ExY
zwI9tgmsA/Sfrm2cxzRxRTZOmjD8KG8Tc2uBlfR+sYQFvX72B4ITkZf8Dd1IoLuO
ETeSgymVkNwcDbxnnwYM2HWYr+iAQxCInhl59dvL02kBcKkJG9jDT1bQIg==
-----END CERTIFICATE-----