Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa
File:                     3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa (raw, json)
Hash identifier:          7z4Pok+TfOsWRJR63s0Z2wi22UXmRibY4iVKomZe4JQ=
Subject key identifier:   32:91:DC:BE:70:AC:37:13:33:FF:A7:78:36:C6:29:DB:0E:0F:34:A8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       098D43DE2E26475CD1A44807421C1B87A278EAC0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa
Signing time:             Wed 06 Aug 2025 00:21:47 +0000
ROA not before:           Wed 06 Aug 2025 00:21:47 +0000
ROA not after:            Wed 10 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 11 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:8d:43:de:2e:26:47:5c:d1:a4:48:07:42:1c:1b:87:a2:78:ea:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  6 00:21:47 2025 GMT
            Not After : Sep 10 23:59:59 2025 GMT
        Subject: serialNumber=5639466e995552d81e400120ce6e89bf33b12716c59cec87d9b15dfe09baa3b1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2c:2f:7f:a7:ad:8a:93:ca:12:53:49:8f:00:
                    c8:26:a1:d5:89:ef:26:64:92:b6:64:88:35:d5:31:
                    2b:fe:c2:e0:d8:6f:48:92:e8:fe:2e:fd:75:33:61:
                    85:32:e7:d7:56:b4:dc:49:1f:7d:5b:14:c9:fe:36:
                    85:4d:67:d0:5e:b0:13:df:24:aa:94:b3:c2:88:05:
                    38:d0:9d:b2:d3:d8:e5:39:c9:ce:3f:a3:a2:3f:20:
                    1f:18:75:e5:50:7d:28:9c:9a:47:47:42:ae:e7:75:
                    03:57:2a:6e:40:43:78:31:4a:db:46:de:ef:8a:4b:
                    15:91:7a:a4:ff:1b:f1:e1:f5:87:13:25:55:6f:9c:
                    d1:06:9b:5e:ba:9a:64:c7:5a:be:03:d1:a2:cf:1e:
                    cc:6f:1d:19:b4:a9:97:72:9c:04:b1:bb:d0:c4:a6:
                    d0:46:73:78:4c:ed:57:69:08:77:61:49:ac:03:d1:
                    33:14:45:15:f5:a2:9f:c8:ff:44:28:17:de:77:20:
                    1c:c0:61:8e:49:78:eb:e3:28:b5:85:0d:69:48:cb:
                    c3:29:e3:bb:d1:be:66:74:05:7a:79:3f:cb:a9:e9:
                    86:41:e5:bb:3a:af:c2:ff:c9:f6:5d:53:51:c7:a4:
                    fd:b1:77:4b:52:d7:f7:45:4b:a2:06:df:51:8c:b8:
                    4b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:91:DC:BE:70:AC:37:13:33:FF:A7:78:36:C6:29:DB:0E:0F:34:A8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:a9:7c:75:aa:4d:88:fa:05:53:14:4e:b3:9c:52:a6:1f:e7:
         f2:90:23:52:c9:d2:22:25:52:b2:e2:cc:04:16:30:9c:0a:86:
         62:6a:69:b3:60:54:13:3c:04:2d:a5:e6:7b:eb:23:35:db:77:
         3f:38:cd:b0:57:f9:56:4d:bb:9e:67:9a:a8:9c:49:df:11:03:
         c2:62:d3:a4:46:21:56:37:2a:a9:ae:61:58:47:67:27:e4:ce:
         8a:6f:08:9d:4f:23:48:97:a2:ac:33:28:55:fb:ea:33:4f:d6:
         2f:ba:f9:9f:11:9c:66:54:c3:d2:46:38:ce:c6:84:9b:e5:36:
         2f:a5:11:2d:93:5d:e5:17:22:0b:66:a2:25:4f:f7:1a:75:87:
         45:50:e6:65:91:6c:11:7c:6d:d9:ff:1f:18:10:03:cf:8c:83:
         60:ef:d8:53:dc:0b:44:b1:23:b1:00:23:3e:04:e4:c4:06:ec:
         eb:d7:ab:9b:9c:f7:7f:fb:4b:44:8a:d1:6e:b2:43:6a:07:9f:
         80:36:8f:57:72:32:76:86:b0:c6:66:55:a6:29:41:89:43:e5:
         cc:fc:00:d4:18:7b:f1:6a:10:83:65:5e:47:44:8f:9d:a8:99:
         0d:d5:78:e4:69:ae:f7:5a:1c:89:c6:67:5a:11:a9:82:fc:51:
         bd:be:5d:34
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUCY1D3i4mR1zRpEgHQhwbh6J46sAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA2MDAyMTQ3WhcNMjUwOTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjM5NDY2ZTk5NTU1MmQ4MWU0MDAxMjBjZTZlODliZjMz
YjEyNzE2YzU5Y2VjODdkOWIxNWRmZTA5YmFhM2IxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFLC9/p62Kk8oSU0mPAMgmodWJ7yZkkrZkiDXVMSv+wuDY
b0iS6P4u/XUzYYUy59dWtNxJH31bFMn+NoVNZ9BesBPfJKqUs8KIBTjQnbLT2OU5
yc4/o6I/IB8YdeVQfSicmkdHQq7ndQNXKm5AQ3gxSttG3u+KSxWReqT/G/Hh9YcT
JVVvnNEGm166mmTHWr4D0aLPHsxvHRm0qZdynASxu9DEptBGc3hM7VdpCHdhSawD
0TMURRX1op/I/0QoF953IBzAYY5JeOvjKLWFDWlIy8Mp47vRvmZ0BXp5P8up6YZB
5bs6r8L/yfZdU1HHpP2xd0tS1/dFS6IG31GMuEshAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUMpHcvnCsNxMz/6d4NsYp2w4PNKgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjZTMxZGQ2LTYzZTktNDNjNC04NGZkLTRiZmRhZDUwNWJjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB9gMA0GCSqGSIb3DQEBCwUAA4IBAQCHqXx1qk2I+gVTFE6znFKmH+fy
kCNSydIiJVKy4swEFjCcCoZiammzYFQTPAQtpeZ76yM123c/OM2wV/lWTbueZ5qo
nEnfEQPCYtOkRiFWNyqprmFYR2cn5M6KbwidTyNIl6KsMyhV++ozT9YvuvmfEZxm
VMPSRjjOxoSb5TYvpREtk13lFyILZqIlT/cadYdFUOZlkWwRfG3Z/x8YEAPPjINg
79hT3AtEsSOxACM+BOTEBuzr16ubnPd/+0tEitFuskNqB5+ANo9XcjJ2hrDGZlWm
KUGJQ+XM/ADUGHvxahCDZV5HRI+dqJkN1Xjkaa73WhyJxmdaEamC/FG9vl00
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:10:19 2025 by rpki-client