Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1186eb64-ee57-4357-90a4-25d99e03e859.roa
File:                     1186eb64-ee57-4357-90a4-25d99e03e859.roa (raw, json)
Hash identifier:          lCi82tSqjIu2F3B7FM78FhnEkb57Ur3Tr07MmB/0TCo=
Subject key identifier:   D5:99:65:B3:B5:44:E6:33:02:87:99:C5:D2:27:AC:B7:06:13:5B:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5DFFCDF5631472D4D38525E66526BF3F0BCCA3FB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1186eb64-ee57-4357-90a4-25d99e03e859.roa
Signing time:             Tue 22 Apr 2025 17:01:56 +0000
ROA not before:           Tue 22 Apr 2025 17:01:56 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f11:4800::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:ff:cd:f5:63:14:72:d4:d3:85:25:e6:65:26:bf:3f:0b:cc:a3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 17:01:56 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=beac2f7caa471d4b346d9c2b7ea6807192d902154ccd6da8951774824ec069bc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d1:81:50:cf:f1:17:fc:82:0b:7c:64:70:b3:
                    e8:0f:d7:ce:f1:fd:d5:96:28:3a:5a:73:7b:5b:d6:
                    28:6f:e4:ec:48:d8:16:72:3d:0e:f7:3e:16:e8:f4:
                    d4:cb:72:ad:47:43:7a:4f:71:d7:8f:51:88:0e:99:
                    11:92:e9:98:f0:32:7d:65:19:a2:5b:81:e4:77:ac:
                    75:ae:29:d8:1c:94:f5:fb:c5:ce:df:7c:6c:92:39:
                    76:60:49:3c:e3:d9:98:3e:e7:9e:04:f7:9d:86:26:
                    96:87:d9:cd:06:ab:c7:f8:e9:7d:ef:b2:fc:68:bd:
                    3d:7d:35:b8:28:7a:bb:f0:69:a8:be:b7:4b:93:bd:
                    e7:53:eb:3d:8c:7a:6a:12:48:05:4d:30:98:e4:ec:
                    49:27:1e:ea:fb:b9:3a:0c:d2:c8:c2:06:e3:4f:a1:
                    56:87:a5:0e:2a:db:8a:32:ec:83:08:48:6b:7b:a6:
                    87:56:f2:6d:54:4e:2a:e7:c5:90:e9:b1:c8:50:9d:
                    1c:0c:89:15:ff:9a:f1:52:6f:4f:0f:78:2b:20:e8:
                    eb:2e:39:3b:14:ee:d3:0d:82:c8:01:92:00:9b:23:
                    af:6a:1a:f2:61:c6:10:64:fb:f9:75:2c:bd:a4:cd:
                    8b:1f:6a:14:72:86:39:ff:1a:d7:dd:db:4b:23:a2:
                    61:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:99:65:B3:B5:44:E6:33:02:87:99:C5:D2:27:AC:B7:06:13:5B:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1186eb64-ee57-4357-90a4-25d99e03e859.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f11:4800::/37

    Signature Algorithm: sha256WithRSAEncryption
         c7:e8:a2:79:1c:24:11:a0:cf:39:cf:26:87:a7:1b:53:84:49:
         9c:f0:0c:57:a3:8d:97:0b:4f:72:9e:cb:a6:a9:fb:32:8a:65:
         a3:5b:00:bf:f9:a1:30:00:b2:8e:ef:62:24:c0:30:f3:c1:0f:
         ef:3c:ac:3a:73:cf:f1:e8:62:d9:62:1d:c7:0e:9f:76:8c:2c:
         44:c3:d0:ed:71:87:e3:25:aa:da:4b:72:1c:8e:47:93:03:00:
         75:cf:e3:6d:71:3c:80:d1:1a:51:de:da:02:db:fb:36:f7:2d:
         a4:9a:19:81:05:71:1b:c5:32:71:d4:ce:42:82:a7:d7:db:44:
         e9:0d:43:88:72:04:77:3c:fd:de:71:20:d3:a2:76:d8:a9:97:
         53:ef:b1:8c:cf:6f:76:e2:c3:35:8a:c9:13:87:1b:fe:9a:8e:
         a3:99:b9:b0:99:fd:66:88:0e:15:7e:c3:e5:91:5b:9a:6b:ce:
         64:f3:6d:b3:ed:c6:d3:cc:55:7d:f1:85:e0:b6:44:0b:f0:1d:
         f5:23:7d:f4:00:64:af:f6:fa:b4:da:ea:09:eb:c6:bd:1a:cd:
         b4:27:95:66:c0:ab:ca:78:6a:61:4c:0f:57:1f:8f:49:33:de:
         f5:05:58:f6:ce:6c:62:ba:ee:39:22:f0:02:dd:3e:9d:ed:ca:
         20:4f:af:22
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUXf/N9WMUctTThSXmZSa/PwvMo/swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTcwMTU2WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZWFjMmY3Y2FhNDcxZDRiMzQ2ZDljMmI3ZWE2ODA3MTky
ZDkwMjE1NGNjZDZkYTg5NTE3NzQ4MjRlYzA2OWJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO0YFQz/EX/IILfGRws+gP187x/dWWKDpac3tb1ihv5OxI
2BZyPQ73Phbo9NTLcq1HQ3pPcdePUYgOmRGS6ZjwMn1lGaJbgeR3rHWuKdgclPX7
xc7ffGySOXZgSTzj2Zg+554E952GJpaH2c0Gq8f46X3vsvxovT19Nbgoervwaai+
t0uTvedT6z2MemoSSAVNMJjk7EknHur7uToM0sjCBuNPoVaHpQ4q24oy7IMISGt7
podW8m1UTirnxZDpschQnRwMiRX/mvFSb08PeCsg6OsuOTsU7tMNgsgBkgCbI69q
GvJhxhBk+/l1LL2kzYsfahRyhjn/Gtfd20sjomH9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU1Zlls7VE5jMCh5nF0iestwYTW9gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExODZlYjY0LWVlNTctNDM1Ny05MGE0LTI1ZDk5ZTAzZTg1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8RSDANBgkqhkiG9w0BAQsFAAOCAQEAx+iieRwkEaDPOc8mh6cbU4RJ
nPAMV6ONlwtPcp7Lpqn7Moplo1sAv/mhMACyju9iJMAw88EP7zysOnPP8ehi2WId
xw6fdowsRMPQ7XGH4yWq2ktyHI5HkwMAdc/jbXE8gNEaUd7aAtv7NvctpJoZgQVx
G8UycdTOQoKn19tE6Q1DiHIEdzz93nEg06J22KmXU++xjM9vduLDNYrJE4cb/pqO
o5m5sJn9ZogOFX7D5ZFbmmvOZPNts+3G08xVffGF4LZEC/Ad9SN99ABkr/b6tNrq
CevGvRrNtCeVZsCrynhqYUwPVx+PSTPe9QVY9s5sYrruOSLwAt0+ne3KIE+vIg==
-----END CERTIFICATE-----