Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a06ef9a-306c-48a7-a898-08249a2104fa.roa
File:                     2a06ef9a-306c-48a7-a898-08249a2104fa.roa (raw, json)
Hash identifier:          glp8uUU4bNOIZQjDrVZMIax8AGIl5pqBlNQ2gygRVh8=
Subject key identifier:   84:89:A7:18:CB:80:E3:8B:44:9B:BD:7D:0A:19:19:51:5E:6B:9A:F2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F5003DC3033AB0715C3AEB4755659FE55F6CA83
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a06ef9a-306c-48a7-a898-08249a2104fa.roa
Signing time:             Wed 02 Apr 2025 00:20:15 +0000
ROA not before:           Wed 02 Apr 2025 00:20:15 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:50:03:dc:30:33:ab:07:15:c3:ae:b4:75:56:59:fe:55:f6:ca:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  2 00:20:15 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: serialNumber=98aa134babe6f3128508cd92ef6f7b9e3dc51ce8ffdb2a0813947793c89a12bb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:dc:8b:16:74:d7:d3:27:c5:92:f8:5a:e0:
                    16:f7:73:35:66:34:78:e8:df:ce:36:ed:d9:03:45:
                    b8:6e:d8:c9:8b:ab:2f:7e:e7:1f:6c:05:ed:28:15:
                    94:9a:90:38:eb:5a:e4:de:1f:ec:1b:af:b5:6c:3c:
                    74:e7:cc:74:3f:85:55:e3:64:84:2b:49:2c:ba:2d:
                    5d:7d:88:c5:bf:9d:0e:19:be:6c:d4:07:8e:bb:5d:
                    6a:ef:6f:52:cc:9e:cf:e7:fa:51:ba:88:93:eb:5b:
                    41:54:b0:a6:02:50:97:0d:c7:46:c8:f0:2c:79:e5:
                    7c:56:18:34:ce:42:a0:5e:f0:62:e0:dc:67:15:2f:
                    5b:de:14:b3:42:98:86:81:01:e0:38:3a:bc:89:3e:
                    31:e4:70:5a:a3:48:30:94:36:8c:f7:05:51:e5:2c:
                    d3:38:98:fd:8c:14:81:b3:0c:d4:ab:6c:7e:2d:77:
                    35:29:96:31:8e:40:bd:a1:7b:49:e7:8d:34:c7:73:
                    6c:2a:5a:e7:fa:f2:99:33:d9:23:aa:65:3f:b7:bd:
                    78:d6:6b:0c:18:e1:9b:51:11:d3:3d:3e:2f:db:da:
                    ca:7b:25:ea:26:e4:dd:33:f9:ae:fd:9f:35:2d:ff:
                    73:f3:eb:8c:d5:c3:70:3a:d5:2f:24:18:84:1a:01:
                    6b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:89:A7:18:CB:80:E3:8B:44:9B:BD:7D:0A:19:19:51:5E:6B:9A:F2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a06ef9a-306c-48a7-a898-08249a2104fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:d9:dd:8b:c0:ea:22:70:5a:69:e2:0d:e8:50:ed:70:b1:da:
         c2:52:a8:0f:81:09:ea:94:91:6d:2f:0d:04:b6:e1:17:f5:b5:
         9d:f2:c8:e6:37:1a:61:75:63:68:dd:2f:64:7f:ea:25:29:1b:
         d4:fe:ed:6a:57:58:c2:ce:2d:33:a5:d4:90:11:19:27:43:a4:
         bb:c8:0d:56:26:cd:f4:15:f5:95:d2:dd:20:9b:4b:ad:e8:0f:
         5f:07:6d:78:18:f1:c0:85:0b:ab:d3:e3:a6:99:e5:1f:17:11:
         e0:0b:e7:79:aa:19:f8:ba:eb:c5:4e:fe:43:36:87:91:d2:12:
         aa:51:12:99:5f:9c:f7:29:bc:cd:d3:19:a6:bf:db:df:c9:28:
         c9:ce:43:81:5e:b0:ec:4c:34:8f:de:a9:42:57:ce:48:f0:75:
         57:1f:9f:b6:96:64:98:d7:f9:02:c6:31:a0:a6:f7:e7:30:c5:
         b8:be:c6:66:70:d1:d6:b1:a4:88:a8:87:a0:e7:1c:75:2b:28:
         b1:2a:18:03:85:31:24:8e:b3:77:44:65:fc:cc:25:db:b8:d0:
         e4:99:8f:ed:e3:14:92:25:c1:0e:e5:42:ca:58:b2:ae:78:16:
         d4:52:91:91:dc:4f:e1:63:d0:02:a8:77:8b:f4:bf:35:d6:b6:
         3f:b4:af:65
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUX1AD3DAzqwcVw660dVZZ/lX2yoMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDAyMDAyMDE1WhcNMjUwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OGFhMTM0YmFiZTZmMzEyODUwOGNkOTJlZjZmN2I5ZTNk
YzUxY2U4ZmZkYjJhMDgxMzk0Nzc5M2M4OWExMmJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxHdyLFnTX0yfFkvha4Bb3czVmNHjo38427dkDRbhu2MmL
qy9+5x9sBe0oFZSakDjrWuTeH+wbr7VsPHTnzHQ/hVXjZIQrSSy6LV19iMW/nQ4Z
vmzUB467XWrvb1LMns/n+lG6iJPrW0FUsKYCUJcNx0bI8Cx55XxWGDTOQqBe8GLg
3GcVL1veFLNCmIaBAeA4OryJPjHkcFqjSDCUNoz3BVHlLNM4mP2MFIGzDNSrbH4t
dzUpljGOQL2he0nnjTTHc2wqWuf68pkz2SOqZT+3vXjWawwY4ZtREdM9Pi/b2sp7
Jeom5N0z+a79nzUt/3Pz64zVw3A61S8kGIQaAWtRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUhImnGMuA44tEm719ChkZUV5rmvIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhMDZlZjlhLTMwNmMtNDhhNy1hODk4LTA4MjQ5YTIxMDRmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gIDANBgkqhkiG9w0BAQsFAAOCAQEAHNndi8DqInBaaeIN6FDtcLHa
wlKoD4EJ6pSRbS8NBLbhF/W1nfLI5jcaYXVjaN0vZH/qJSkb1P7taldYws4tM6XU
kBEZJ0Oku8gNVibN9BX1ldLdIJtLregPXwdteBjxwIULq9PjppnlHxcR4AvneaoZ
+LrrxU7+QzaHkdISqlESmV+c9ym8zdMZpr/b38koyc5DgV6w7Ew0j96pQlfOSPB1
Vx+ftpZkmNf5AsYxoKb35zDFuL7GZnDR1rGkiKiHoOccdSsosSoYA4UxJI6zd0Rl
/Mwl27jQ5JmP7eMUkiXBDuVCyliyrngW1FKRkdxP4WPQAqh3i/S/Nda2P7SvZQ==
-----END CERTIFICATE-----