Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/338fdc47-3615-4058-8892-7f965b8f45a4.roa
File:                     338fdc47-3615-4058-8892-7f965b8f45a4.roa (raw, json)
Hash identifier:          hlK4o6bDGj7sv0NxiMUTsHA2pSlaYm+1GcXCVeJFY0Y=
Subject key identifier:   DE:E1:98:05:07:0F:94:5F:4D:D4:CC:13:95:EC:3C:49:94:89:FB:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6229CEA018EDF2BA8EC9E178483589922585F3CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/338fdc47-3615-4058-8892-7f965b8f45a4.roa
Signing time:             Mon 04 Aug 2025 16:01:19 +0000
ROA not before:           Mon 04 Aug 2025 16:01:19 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 09 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:29:ce:a0:18:ed:f2:ba:8e:c9:e1:78:48:35:89:92:25:85:f3:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 16:01:19 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=052d30d0c75ca71572b2b10df391b25eb56c0bccabce5536bd9fc843de4fc892, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:cd:e7:6c:95:2f:28:50:28:ce:41:3d:c5:94:
                    60:d0:f9:3f:ed:f2:a4:f6:ef:35:71:32:78:43:bf:
                    41:e7:ed:31:f6:24:5b:f3:b7:6a:17:1f:0f:82:52:
                    19:ed:67:67:be:e3:e9:1d:77:ee:84:da:9f:bb:3c:
                    d3:c6:b5:a8:dc:f7:c6:93:99:3d:3f:2e:19:d3:b3:
                    21:39:96:f4:99:12:39:47:b1:40:8b:2a:29:b4:0b:
                    fa:5e:33:9a:5e:af:1e:81:d4:3c:13:51:bd:82:53:
                    8b:0a:f2:bf:8d:e2:87:18:12:d1:d5:37:0a:da:68:
                    f1:21:e4:2a:7f:ab:7b:fc:f2:9b:66:c6:04:b8:41:
                    59:46:f1:18:33:a3:bd:9f:28:a1:b6:ca:5d:d1:32:
                    47:e4:63:4b:cf:85:38:79:3d:50:c7:f0:12:d4:52:
                    5c:a5:4c:62:f2:86:fe:b7:a4:e3:81:1f:86:a1:c9:
                    42:9a:b5:96:0d:59:4d:43:24:22:d4:e2:bb:e0:75:
                    c3:7c:33:65:16:78:26:d0:40:2f:7c:80:33:48:ee:
                    8d:50:23:a3:4d:5e:e9:89:c9:24:ce:48:44:a8:24:
                    09:e2:c1:79:fd:1f:f1:d9:38:74:86:ee:d5:03:1b:
                    f1:24:ae:bf:d4:b7:44:6b:47:47:4b:5c:21:e5:9a:
                    ed:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E1:98:05:07:0F:94:5F:4D:D4:CC:13:95:EC:3C:49:94:89:FB:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/338fdc47-3615-4058-8892-7f965b8f45a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         41:a0:6d:76:c7:cd:8e:f1:2d:90:b9:29:c5:0a:c2:bc:df:24:
         1d:3f:f8:05:21:49:55:2d:88:e4:2e:77:0c:46:d6:52:41:a5:
         62:cf:ea:b1:24:bf:de:a0:51:fb:f9:a1:29:75:24:f6:76:0b:
         3f:79:c3:24:91:95:e0:ad:3d:41:9d:1b:df:ec:43:84:74:ce:
         28:a2:10:69:03:a4:ab:c9:a6:c2:33:17:5a:df:b0:e0:87:87:
         39:a5:5a:06:c3:c9:d6:cf:47:e0:f3:c9:aa:36:f8:50:e6:88:
         3f:61:dd:e1:26:2f:73:e1:7d:8a:eb:ce:c4:8c:2c:fd:dd:c1:
         9e:9c:3b:25:40:d0:9e:e2:6e:17:98:ea:bf:de:ed:1d:00:dd:
         a5:f8:b5:74:04:7f:63:0d:e6:f6:2f:e7:d1:ac:33:f6:b0:a6:
         06:be:32:3c:50:ef:23:5e:c5:4a:5a:f0:1f:ef:01:8a:7a:43:
         21:b7:3d:33:43:da:0a:62:7d:16:0a:6d:01:61:5d:bf:93:f9:
         33:8c:ec:9a:35:28:be:f0:7e:ed:7c:8d:1a:3b:f3:bf:42:79:
         7d:87:fc:5f:dd:55:95:51:01:84:9b:43:aa:02:59:4b:1e:04:
         29:e7:c1:e9:b1:37:d8:cb:0e:ca:dc:57:ae:1a:3f:64:e7:0b:
         a9:c5:62:75
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUYinOoBjt8rqOyeF4SDWJkiWF88owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTYwMTE5WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTJkMzBkMGM3NWNhNzE1NzJiMmIxMGRmMzkxYjI1ZWI1
NmMwYmNjYWJjZTU1MzZiZDlmYzg0M2RlNGZjODkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxzedslS8oUCjOQT3FlGDQ+T/t8qT27zVxMnhDv0Hn7TH2
JFvzt2oXHw+CUhntZ2e+4+kdd+6E2p+7PNPGtajc98aTmT0/LhnTsyE5lvSZEjlH
sUCLKim0C/peM5perx6B1DwTUb2CU4sK8r+N4ocYEtHVNwraaPEh5Cp/q3v88ptm
xgS4QVlG8Rgzo72fKKG2yl3RMkfkY0vPhTh5PVDH8BLUUlylTGLyhv63pOOBH4ah
yUKatZYNWU1DJCLU4rvgdcN8M2UWeCbQQC98gDNI7o1QI6NNXumJySTOSESoJAni
wXn9H/HZOHSG7tUDG/Ekrr/Ut0RrR0dLXCHlmu0DAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU3uGYBQcPlF9N1MwTlew8SZSJ+1QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzOGZkYzQ3LTM2MTUtNDA1OC04ODkyLTdmOTY1YjhmNDVhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wwDANBgkqhkiG9w0BAQsFAAOCAQEAQaBtdsfNjvEtkLkpxQrCvN8k
HT/4BSFJVS2I5C53DEbWUkGlYs/qsSS/3qBR+/mhKXUk9nYLP3nDJJGV4K09QZ0b
3+xDhHTOKKIQaQOkq8mmwjMXWt+w4IeHOaVaBsPJ1s9H4PPJqjb4UOaIP2Hd4SYv
c+F9iuvOxIws/d3Bnpw7JUDQnuJuF5jqv97tHQDdpfi1dAR/Yw3m9i/n0awz9rCm
Br4yPFDvI17FSlrwH+8BinpDIbc9M0PaCmJ9FgptAWFdv5P5M4zsmjUovvB+7XyN
Gjvzv0J5fYf8X91VlVEBhJtDqgJZSx4EKefB6bE32MsOytxXrho/ZOcLqcVidQ==
-----END CERTIFICATE-----