Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34596f5f-17dd-4745-b0d3-0cdec552b218.roa
File:                     34596f5f-17dd-4745-b0d3-0cdec552b218.roa (raw, json)
Hash identifier:          XhKcl6YXp4GB7Vt4Rn+WGzz1p/Wazm+QmyV/Ttf3Xvs=
Subject key identifier:   69:AF:26:C0:BE:DD:EF:01:49:82:92:B8:C2:10:5E:A1:FC:ED:C2:DA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       42B7A41E2615654C62A9F44E1986B05034B68207
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34596f5f-17dd-4745-b0d3-0cdec552b218.roa
Signing time:             Fri 13 Jun 2025 17:22:01 +0000
ROA not before:           Fri 13 Jun 2025 17:22:01 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f14:c000::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:b7:a4:1e:26:15:65:4c:62:a9:f4:4e:19:86:b0:50:34:b6:82:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 17:22:01 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=fe3a43b8027fb05bec713c6aa187c9d3dd0daf39ab10ed2802c853aba01eabf4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:02:3d:18:42:a8:f8:4f:53:33:5f:a7:27:90:
                    79:99:73:61:02:80:37:ff:10:c5:91:6d:99:e6:d2:
                    21:a4:2e:de:8d:f3:23:7f:e6:b7:c6:bf:0f:17:20:
                    8b:51:7d:c2:2b:d6:90:b9:c2:27:06:82:eb:7a:72:
                    ae:1e:d1:5c:50:e8:ad:16:44:d1:e3:d2:6c:c8:78:
                    f8:04:af:4f:26:ed:d5:81:96:8d:5d:07:a4:a0:40:
                    59:73:c1:b9:14:1d:6b:6e:f8:bf:eb:57:7f:12:e7:
                    8c:2e:9d:e4:b1:12:91:55:0e:f1:bf:2d:75:f7:96:
                    54:51:8e:a2:02:a5:f3:91:b6:57:48:e2:15:37:4a:
                    fc:f3:31:5c:d2:48:b3:7e:f8:5c:bc:25:b9:ef:b3:
                    e0:74:cc:c1:eb:31:92:c2:ff:49:05:4f:30:e9:f3:
                    10:bf:6e:a1:aa:9d:1c:b1:d6:d9:ed:8b:5b:bc:cb:
                    21:cf:45:8a:1c:69:db:a0:75:94:59:aa:c9:d2:92:
                    69:82:2d:0d:f7:a4:f9:e4:02:99:6b:b8:78:61:93:
                    92:08:8a:63:9a:f3:a1:77:28:00:ce:4b:53:19:cb:
                    d9:55:6b:e1:a7:58:89:bb:1e:80:57:b8:e7:f1:25:
                    2a:bb:3e:37:e5:63:64:56:f8:60:9f:68:06:c5:88:
                    97:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AF:26:C0:BE:DD:EF:01:49:82:92:B8:C2:10:5E:A1:FC:ED:C2:DA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34596f5f-17dd-4745-b0d3-0cdec552b218.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f14:c000::/37

    Signature Algorithm: sha256WithRSAEncryption
         39:cd:7a:ca:a6:26:0b:a8:ca:f6:29:c5:48:60:fa:f3:1e:32:
         21:ac:be:f4:e7:a7:ee:54:16:59:84:58:a7:9d:0c:64:3e:7a:
         c6:a6:88:4e:51:4f:bf:09:a4:b4:b7:1f:6e:ae:86:08:04:bb:
         24:bd:a5:9b:59:0c:46:d7:6c:03:4e:c2:09:19:95:ea:d7:e5:
         43:e0:6e:86:a9:90:11:cf:53:bf:3f:de:98:d7:00:22:d1:e2:
         0d:f5:f6:32:13:1b:83:f5:9d:60:36:df:d1:62:9f:07:ce:a2:
         d2:aa:05:66:fb:ee:79:fc:48:9c:d5:90:d1:54:1d:aa:9b:cb:
         e9:af:66:2b:d8:80:11:84:d6:2e:66:00:c4:4d:fa:b1:4f:44:
         77:ef:fb:9b:67:04:ec:bf:95:36:aa:b7:a3:6c:7c:1b:51:bd:
         4d:8f:8b:99:78:d3:76:07:12:86:b0:ae:b7:ab:15:cb:4e:d5:
         25:95:21:8f:6e:2e:d1:54:74:1f:ab:4e:64:d7:94:cb:80:20:
         08:45:9f:1f:d9:9b:8b:e2:12:8c:d7:49:88:2e:1e:78:02:b3:
         d6:ee:bc:c7:45:68:af:bd:5e:73:b4:2b:cf:93:5c:90:8e:b6:
         6b:ba:68:d6:34:e3:79:9c:a2:3a:bc:6b:73:6c:ee:5f:03:35:
         59:13:80:97
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQrekHiYVZUxiqfROGYawUDS2ggcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMTcyMjAxWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZTNhNDNiODAyN2ZiMDViZWM3MTNjNmFhMTg3YzlkM2Rk
MGRhZjM5YWIxMGVkMjgwMmM4NTNhYmEwMWVhYmY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgAj0YQqj4T1MzX6cnkHmZc2ECgDf/EMWRbZnm0iGkLt6N
8yN/5rfGvw8XIItRfcIr1pC5wicGgut6cq4e0VxQ6K0WRNHj0mzIePgEr08m7dWB
lo1dB6SgQFlzwbkUHWtu+L/rV38S54wuneSxEpFVDvG/LXX3llRRjqICpfORtldI
4hU3SvzzMVzSSLN++Fy8Jbnvs+B0zMHrMZLC/0kFTzDp8xC/bqGqnRyx1tnti1u8
yyHPRYocadugdZRZqsnSkmmCLQ33pPnkAplruHhhk5IIimOa86F3KADOS1MZy9lV
a+GnWIm7HoBXuOfxJSq7PjflY2RW+GCfaAbFiJe3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUaa8mwL7d7wFJgpK4whBeofztwtowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0NTk2ZjVmLTE3ZGQtNDc0NS1iMGQzLTBjZGVjNTUyYjIxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8UwDANBgkqhkiG9w0BAQsFAAOCAQEAOc16yqYmC6jK9inFSGD68x4y
Iay+9Oen7lQWWYRYp50MZD56xqaITlFPvwmktLcfbq6GCAS7JL2lm1kMRtdsA07C
CRmV6tflQ+BuhqmQEc9Tvz/emNcAItHiDfX2MhMbg/WdYDbf0WKfB86i0qoFZvvu
efxInNWQ0VQdqpvL6a9mK9iAEYTWLmYAxE36sU9Ed+/7m2cE7L+VNqq3o2x8G1G9
TY+LmXjTdgcShrCut6sVy07VJZUhj24u0VR0H6tOZNeUy4AgCEWfH9mbi+ISjNdJ
iC4eeAKz1u68x0Vor71ec7Qrz5NckI62a7po1jTjeZyiOrxrc2zuXwM1WROAlw==
-----END CERTIFICATE-----