Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28bd6f98-f067-4fb1-ad83-83c73490e09e.roa
File:                     28bd6f98-f067-4fb1-ad83-83c73490e09e.roa (raw, json)
Hash identifier:          RvCQRe7gh16/Ljp9Jm9UvBwKBlmRMSn3v1iM70AOYyY=
Subject key identifier:   4D:DB:4D:67:60:66:E6:EE:30:BC:B0:55:DE:B5:D4:62:07:57:7E:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A9B4C4EEBF04CCF2849E03F3668CEC65AE70118
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28bd6f98-f067-4fb1-ad83-83c73490e09e.roa
Signing time:             Sat 19 Jul 2025 00:20:13 +0000
ROA not before:           Sat 19 Jul 2025 00:20:13 +0000
ROA not after:            Sat 23 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffe:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:9b:4c:4e:eb:f0:4c:cf:28:49:e0:3f:36:68:ce:c6:5a:e7:01:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 19 00:20:13 2025 GMT
            Not After : Aug 23 23:59:59 2025 GMT
        Subject: serialNumber=653379120bf30f821abb840e57794a119755b11a69a74324f9f59211b5dba344, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:94:d2:a2:cc:6a:b7:d0:9b:bf:6f:b7:68:a7:
                    40:2c:48:5e:65:ba:35:26:2f:a7:bd:2d:ae:f2:b4:
                    b6:9a:c6:43:d4:eb:62:7a:a2:51:0a:99:e3:20:56:
                    a9:73:b9:91:83:7f:a5:05:75:57:54:41:ba:c8:8d:
                    de:b5:e5:a5:17:0f:a5:52:b0:53:3a:32:78:58:26:
                    ec:36:f9:7b:11:59:3c:8d:52:5f:d1:e2:a9:df:80:
                    bd:6c:b2:e1:18:c1:0e:5e:87:40:fe:aa:93:ec:8e:
                    bb:f6:4f:50:6a:30:13:dd:6c:6a:58:ee:73:1e:4a:
                    db:96:92:63:34:a2:17:fc:82:44:35:65:9f:51:31:
                    18:54:29:b3:6c:8c:cd:3a:5e:51:19:8c:56:32:aa:
                    4c:0d:1b:5e:f3:97:5b:0d:c9:de:5b:38:e3:2c:9d:
                    fa:b1:d3:93:14:03:31:95:16:71:b9:b8:d0:ee:2a:
                    34:67:05:2f:69:39:3d:6b:45:02:4a:d2:83:d9:45:
                    bc:7c:56:b8:cd:b6:51:ca:c5:6b:29:81:ac:5e:79:
                    a0:ee:60:9f:2f:53:02:f2:5c:9a:17:dd:f2:db:6f:
                    f0:10:ca:dc:fd:c6:43:3a:09:59:b5:6f:0d:4e:3d:
                    87:91:24:6d:d9:d4:2b:3f:cb:e4:07:4a:19:ef:64:
                    de:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:DB:4D:67:60:66:E6:EE:30:BC:B0:55:DE:B5:D4:62:07:57:7E:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28bd6f98-f067-4fb1-ad83-83c73490e09e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffe:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         85:93:07:1e:f4:7c:45:fe:60:46:b8:28:ca:15:b0:58:75:c8:
         9f:e8:87:48:21:0a:4b:8e:9b:8c:f8:1e:c1:f9:21:87:6d:ee:
         4e:15:50:72:c5:09:5e:3f:62:bf:50:e6:cd:69:cd:8b:d8:cb:
         2a:af:28:fe:a6:02:eb:4b:8a:85:75:57:c9:96:7f:7b:8f:0d:
         b3:17:2d:c7:7e:c4:e5:c8:d7:d5:36:7b:1e:aa:3e:7e:59:64:
         3f:b6:63:86:8f:4d:fc:e3:aa:ae:86:a4:fd:f5:55:cf:a1:41:
         ef:c4:23:03:d7:96:d1:56:25:00:39:58:fd:6a:60:ea:7a:be:
         e4:66:f6:11:d0:95:4b:e0:42:57:93:bf:90:ee:00:ef:a4:76:
         ae:62:f1:93:a1:bf:92:dc:1d:28:9e:35:a3:f2:f0:bc:c4:33:
         62:d1:2b:21:5c:e8:d0:4e:68:88:48:0d:98:0e:7a:06:f6:48:
         65:c4:72:da:e8:c4:2b:f9:d2:44:c2:f4:26:09:79:3f:80:b3:
         43:c1:23:df:8c:42:50:90:e2:0d:1f:25:aa:87:88:13:e3:5e:
         0d:1c:99:71:07:5a:28:ea:17:3d:b8:52:8c:c9:78:93:fe:03:
         d4:c3:74:f9:51:78:39:9d:04:3d:ff:55:ac:6d:8c:cf:cc:7a:
         cc:6d:15:2e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUeptMTuvwTM8oSeA/NmjOxlrnARgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE5MDAyMDEzWhcNMjUwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NTMzNzkxMjBiZjMwZjgyMWFiYjg0MGU1Nzc5NGExMTk3
NTViMTFhNjlhNzQzMjRmOWY1OTIxMWI1ZGJhMzQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGlNKizGq30Ju/b7dop0AsSF5lujUmL6e9La7ytLaaxkPU
62J6olEKmeMgVqlzuZGDf6UFdVdUQbrIjd615aUXD6VSsFM6MnhYJuw2+XsRWTyN
Ul/R4qnfgL1ssuEYwQ5eh0D+qpPsjrv2T1BqMBPdbGpY7nMeStuWkmM0ohf8gkQ1
ZZ9RMRhUKbNsjM06XlEZjFYyqkwNG17zl1sNyd5bOOMsnfqx05MUAzGVFnG5uNDu
KjRnBS9pOT1rRQJK0oPZRbx8VrjNtlHKxWspgaxeeaDuYJ8vUwLyXJoX3fLbb/AQ
ytz9xkM6CVm1bw1OPYeRJG3Z1Cs/y+QHShnvZN5BAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUTdtNZ2Bm5u4wvLBV3rXUYgdXfogwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4YmQ2Zjk4LWYwNjctNGZiMS1hZDgzLTgzYzczNDkwZTA5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/+EDANBgkqhkiG9w0BAQsFAAOCAQEAhZMHHvR8Rf5gRrgoyhWwWHXI
n+iHSCEKS46bjPgewfkhh23uThVQcsUJXj9iv1DmzWnNi9jLKq8o/qYC60uKhXVX
yZZ/e48Nsxctx37E5cjX1TZ7Hqo+fllkP7Zjho9N/OOqroak/fVVz6FB78QjA9eW
0VYlADlY/Wpg6nq+5Gb2EdCVS+BCV5O/kO4A76R2rmLxk6G/ktwdKJ41o/LwvMQz
YtErIVzo0E5oiEgNmA56BvZIZcRy2ujEK/nSRML0Jgl5P4CzQ8Ej34xCUJDiDR8l
qoeIE+NeDRyZcQdaKOoXPbhSjMl4k/4D1MN0+VF4OZ0EPf9VrG2Mz8x6zG0VLg==
-----END CERTIFICATE-----
Generated at Tue Aug 5 17:27:43 2025 by rpki-client