Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d171a8a1-9f08-410d-8286-615fcfbb13fc.roa
File:                     d171a8a1-9f08-410d-8286-615fcfbb13fc.roa (raw, json)
Hash identifier:          iWpwi6sUCPiod4Bz7BmnYKazoNjMbY67Uhet5n0pN/Q=
Subject key identifier:   1D:07:87:7B:45:AC:C7:AC:D9:8E:71:63:B8:E1:E5:57:0B:5F:EB:09
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E8A771F5714AA02CDE26AEB269A98E92F8E150C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d171a8a1-9f08-410d-8286-615fcfbb13fc.roa
Signing time:             Mon 18 Aug 2025 15:10:28 +0000
ROA not before:           Mon 18 Aug 2025 15:10:28 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.15.176.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:8a:77:1f:57:14:aa:02:cd:e2:6a:eb:26:9a:98:e9:2f:8e:15:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 18 15:10:28 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=1a35f894c07c30864323767fb920e8ae87ffc1618229ebea6942f5891268166d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:73:42:58:17:6d:15:f2:dd:f9:5a:79:40:f9:
                    6f:47:d6:0c:9b:9c:47:85:6e:70:df:84:58:d7:fe:
                    ec:aa:c1:66:cf:7c:ea:bb:3c:9e:30:54:fa:b4:a0:
                    ad:8a:94:97:c7:59:a9:28:92:c2:cf:89:0b:ba:da:
                    52:95:62:ca:7d:79:1e:8f:1b:28:4d:42:22:41:82:
                    59:64:e3:21:55:c7:00:23:bf:f8:6d:c1:29:9f:ab:
                    d6:4b:17:51:ad:1d:79:45:aa:ea:fd:0b:1f:f1:3f:
                    8b:43:7e:b8:67:9b:c6:c6:c7:ce:c0:6f:19:55:09:
                    07:da:48:42:e4:9e:eb:18:41:c1:ba:23:0b:ba:30:
                    27:2b:60:3c:4d:d5:86:be:6e:76:b0:0f:bc:de:3b:
                    13:69:e0:b9:b3:4c:76:98:d1:f4:3d:ea:30:64:6f:
                    6a:b7:e1:65:08:2d:16:11:a7:44:4a:70:7e:7c:66:
                    4a:e0:3a:3b:46:4e:b8:d9:12:bc:e3:82:72:d8:2a:
                    36:6f:a3:ab:49:15:09:0f:9d:35:9f:ed:fa:9f:62:
                    20:cb:cc:8c:64:62:46:07:47:05:6a:80:8e:4a:29:
                    92:38:4d:81:8f:7f:b2:a3:15:fd:12:a1:21:64:98:
                    8e:ee:0c:b2:7b:08:6a:1b:ff:08:2c:eb:37:57:2f:
                    03:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:07:87:7B:45:AC:C7:AC:D9:8E:71:63:B8:E1:E5:57:0B:5F:EB:09
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d171a8a1-9f08-410d-8286-615fcfbb13fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.15.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ba:7a:f8:6a:ae:96:2e:87:4d:87:6a:ae:c5:6c:50:b0:8b:ee:
         cb:1a:46:77:89:80:b4:fc:dd:41:f3:7a:ad:da:ee:96:c6:39:
         a4:bf:ac:e1:63:df:c4:f7:1d:3b:78:61:77:c5:cc:3c:83:fe:
         ce:4a:18:59:82:97:cc:cd:ce:56:4e:b4:0b:54:db:eb:e5:d8:
         c5:a0:13:ad:54:6f:8d:d1:fa:0c:09:b0:34:db:b0:42:b3:b5:
         3a:22:79:cb:59:67:83:18:37:bc:82:43:c0:d2:40:de:3b:52:
         0e:2c:34:ce:a2:fc:e0:7e:cf:50:a6:ba:b5:9d:c5:80:8c:72:
         85:73:e5:da:65:89:ef:23:9a:a6:12:8d:57:88:77:71:f6:29:
         44:73:12:31:32:3c:c4:36:18:7c:30:bc:17:d8:ec:ab:23:53:
         2b:85:a7:9e:f0:62:e7:d0:27:4f:33:4d:8b:89:f5:74:11:f9:
         dd:3f:cc:e6:89:11:f6:c4:84:f1:56:13:c1:cd:64:a5:ce:d2:
         f6:42:b7:42:f1:56:ae:c4:db:d0:3c:2e:42:67:ea:52:51:fe:
         db:03:2d:2d:f2:5d:58:80:10:44:b5:69:8c:52:e6:e4:f1:7b:
         93:07:96:3a:fd:3b:b1:28:ea:67:7e:42:14:55:12:05:43:af:
         e7:77:6d:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHop3H1cUqgLN4mrrJpqY6S+OFQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE4MTUxMDI4WhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYTM1Zjg5NGMwN2MzMDg2NDMyMzc2N2ZiOTIwZThhZTg3
ZmZjMTYxODIyOWViZWE2OTQyZjU4OTEyNjgxNjZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXc0JYF20V8t35WnlA+W9H1gybnEeFbnDfhFjX/uyqwWbP
fOq7PJ4wVPq0oK2KlJfHWakoksLPiQu62lKVYsp9eR6PGyhNQiJBgllk4yFVxwAj
v/htwSmfq9ZLF1GtHXlFqur9Cx/xP4tDfrhnm8bGx87AbxlVCQfaSELknusYQcG6
Iwu6MCcrYDxN1Ya+bnawD7zeOxNp4LmzTHaY0fQ96jBkb2q34WUILRYRp0RKcH58
ZkrgOjtGTrjZErzjgnLYKjZvo6tJFQkPnTWf7fqfYiDLzIxkYkYHRwVqgI5KKZI4
TYGPf7KjFf0SoSFkmI7uDLJ7CGob/wgs6zdXLwMdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHQeHe0Wsx6zZjnFjuOHlVwtf6wkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QxNzFhOGExLTlmMDgtNDEwZC04Mjg2LTYxNWZjZmJiMTNmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQQD7AwDQYJKoZIhvcNAQELBQADggEBALp6+Gquli6HTYdqrsVsULCL7ssa
RneJgLT83UHzeq3a7pbGOaS/rOFj38T3HTt4YXfFzDyD/s5KGFmCl8zNzlZOtAtU
2+vl2MWgE61Ub43R+gwJsDTbsEKztToiectZZ4MYN7yCQ8DSQN47Ug4sNM6i/OB+
z1CmurWdxYCMcoVz5dplie8jmqYSjVeId3H2KURzEjEyPMQ2GHwwvBfY7KsjUyuF
p57wYufQJ08zTYuJ9XQR+d0/zOaJEfbEhPFWE8HNZKXO0vZCt0LxVq7E29A8LkJn
6lJR/tsDLS3yXViAEES1aYxS5uTxe5MHljr9O7Eo6md+QhRVEgVDr+d3bc4=
-----END CERTIFICATE-----