Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/91760b1f-d1bf-4e34-9cae-8fe5ec98cdd6.roa
File:                     91760b1f-d1bf-4e34-9cae-8fe5ec98cdd6.roa (raw, json)
Hash identifier:          BkjwADNZY/o3DH0sWtF5cb6v9iKzE475S8YefdRbPEE=
Subject key identifier:   EF:17:6E:13:9A:0F:5B:C9:92:0F:C2:B9:28:F3:73:CE:D4:D3:F0:FF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D95E2358985B885DE2BF8284FDEFA9C83E0BD39
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/91760b1f-d1bf-4e34-9cae-8fe5ec98cdd6.roa
Signing time:             Tue 24 Jun 2025 00:01:13 +0000
ROA not before:           Tue 24 Jun 2025 00:01:13 +0000
ROA not after:            Tue 29 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.65.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:95:e2:35:89:85:b8:85:de:2b:f8:28:4f:de:fa:9c:83:e0:bd:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 24 00:01:13 2025 GMT
            Not After : Jul 29 23:59:59 2025 GMT
        Subject: serialNumber=b2433421ae7fb5e36e6ed82ee60bb2861723fb0eee2b34445ed190c07407a3e8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:18:fb:10:5b:53:80:59:32:23:ca:e8:de:35:
                    9d:a5:49:d0:63:a7:0e:92:90:95:2e:59:e5:00:ee:
                    86:63:17:11:b8:e1:26:98:68:e7:67:40:87:c6:2f:
                    d5:7f:f0:ec:9b:db:55:5c:f3:55:a1:a6:c1:02:e6:
                    50:8b:2c:5f:4c:84:dc:38:2e:23:9a:7d:f6:2b:b4:
                    43:2a:07:4c:1e:21:e3:f0:8e:21:3a:b4:ce:54:b5:
                    35:1d:9b:6c:df:27:15:76:25:0b:7a:ce:f8:76:06:
                    c2:6b:33:2d:11:a1:87:d4:0a:24:a9:a2:d8:a8:e9:
                    db:cb:06:9e:07:0f:b4:d7:7e:ee:dd:7c:7b:f7:08:
                    4a:8d:36:ae:e5:38:83:f3:20:cf:aa:d6:00:b9:b8:
                    5f:2a:1b:56:3d:4b:6c:7e:6e:a9:f1:ea:e3:65:ec:
                    d1:6b:6f:ad:f0:ed:b5:72:1d:3c:e5:a7:f6:88:5f:
                    95:88:fa:77:c1:c3:8c:c0:07:37:f5:9c:a2:ba:94:
                    f2:32:9b:d5:fe:d5:77:3f:7d:84:00:a9:ec:7b:cf:
                    cd:b8:50:52:49:da:1b:48:c2:02:37:a5:b4:b6:71:
                    e5:b9:f2:12:c4:e8:8e:e3:5d:c9:8a:d9:9a:e3:ed:
                    1a:20:20:a4:1a:c5:2d:43:89:50:94:8c:36:92:aa:
                    ef:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:17:6E:13:9A:0F:5B:C9:92:0F:C2:B9:28:F3:73:CE:D4:D3:F0:FF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/91760b1f-d1bf-4e34-9cae-8fe5ec98cdd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d9:1c:bf:84:f9:98:ea:26:b1:e9:37:6d:05:ba:48:b0:f1:3f:
         d6:92:09:cb:27:d1:25:3b:77:4f:4f:77:95:db:90:b0:7e:b3:
         21:00:6b:4e:06:87:97:5d:1e:a8:bd:c8:38:e6:ed:9a:94:a1:
         42:12:1f:f7:8b:86:0c:a6:36:e0:62:6d:1d:84:80:b3:aa:29:
         df:31:ed:35:7e:13:d3:10:b7:98:ac:0b:fd:09:2d:aa:45:d6:
         e6:1e:f3:b3:6f:6d:59:1f:d7:a6:b4:12:ac:db:1e:76:75:e8:
         72:45:ba:0e:10:61:cf:12:50:c7:23:4c:e5:20:af:d7:c8:9b:
         31:00:57:40:47:7c:6c:77:de:ef:c9:76:8e:6c:bb:a2:fe:cf:
         6e:5e:34:c9:e9:a6:18:e0:38:ec:fa:e3:58:83:99:00:84:a5:
         a3:c6:86:c6:f2:2c:a4:4d:ab:8c:bf:b9:1f:48:99:6b:6a:1e:
         34:97:06:56:29:0a:d0:64:71:4b:8b:79:5e:57:62:be:30:83:
         28:d4:bc:d1:33:ff:15:5f:de:1d:30:26:c4:dc:6a:ad:d2:fb:
         94:8b:4f:61:d3:83:62:13:8c:89:2e:01:b1:66:34:39:4a:08:
         d9:6d:eb:c6:ff:26:47:38:30:a7:33:c4:b9:ce:bc:38:9b:53:
         fb:f8:82:29
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHZXiNYmFuIXeK/goT976nIPgvTkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjI0MDAwMTEzWhcNMjUwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjQzMzQyMWFlN2ZiNWUzNmU2ZWQ4MmVlNjBiYjI4NjE3
MjNmYjBlZWUyYjM0NDQ1ZWQxOTBjMDc0MDdhM2U4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWGPsQW1OAWTIjyujeNZ2lSdBjpw6SkJUuWeUA7oZjFxG4
4SaYaOdnQIfGL9V/8Oyb21Vc81WhpsEC5lCLLF9MhNw4LiOaffYrtEMqB0weIePw
jiE6tM5UtTUdm2zfJxV2JQt6zvh2BsJrMy0RoYfUCiSpotio6dvLBp4HD7TXfu7d
fHv3CEqNNq7lOIPzIM+q1gC5uF8qG1Y9S2x+bqnx6uNl7NFrb63w7bVyHTzlp/aI
X5WI+nfBw4zABzf1nKK6lPIym9X+1Xc/fYQAqex7z824UFJJ2htIwgI3pbS2ceW5
8hLE6I7jXcmK2Zrj7RogIKQaxS1DiVCUjDaSqu8zAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7xduE5oPW8mSD8K5KPNzztTT8P8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkxNzYwYjFmLWQxYmYtNGUzNC05Y2FlLThmZTVlYzk4Y2RkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQQTANBgkqhkiG9w0BAQsFAAOCAQEA2Ry/hPmY6iax6TdtBbpIsPE/1pIJ
yyfRJTt3T093lduQsH6zIQBrTgaHl10eqL3IOObtmpShQhIf94uGDKY24GJtHYSA
s6op3zHtNX4T0xC3mKwL/QktqkXW5h7zs29tWR/XprQSrNsednXockW6DhBhzxJQ
xyNM5SCv18ibMQBXQEd8bHfe78l2jmy7ov7Pbl40yemmGOA47PrjWIOZAISlo8aG
xvIspE2rjL+5H0iZa2oeNJcGVikK0GRxS4t5XldivjCDKNS80TP/FV/eHTAmxNxq
rdL7lItPYdODYhOMiS4BsWY0OUoI2W3rxv8mRzgwpzPEuc68OJtT+/iCKQ==
-----END CERTIFICATE-----