Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50df9869-643c-4c4e-a4f0-626d92c514cb.roa
File:                     50df9869-643c-4c4e-a4f0-626d92c514cb.roa (raw, json)
Hash identifier:          HZJXAnUMTYvAKQjygQ1IBXdbABtZcNwrJxDJxVQlYOs=
Subject key identifier:   7E:1A:85:0E:93:01:45:0C:FA:5B:46:AC:94:FD:BC:D7:51:0B:0F:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17E37DE142007A106D85F810774B4F40C41D81B8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50df9869-643c-4c4e-a4f0-626d92c514cb.roa
Signing time:             Tue 22 Apr 2025 00:21:20 +0000
ROA not before:           Tue 22 Apr 2025 00:21:20 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:c080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:e3:7d:e1:42:00:7a:10:6d:85:f8:10:77:4b:4f:40:c4:1d:81:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 00:21:20 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=bc025e0db01d84d15aa9baa39fe4f08d58dd5b4d5dca4af8b0b33be519a48ccc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:72:b0:4c:45:a3:d8:85:5f:05:fc:0f:0f:0f:
                    62:aa:2b:e1:84:fb:9b:42:c8:60:6c:77:aa:81:7c:
                    d4:82:af:bc:83:f8:da:84:bb:b0:24:72:be:c7:05:
                    12:6a:e2:98:18:e4:42:cb:e0:dc:e6:cc:4d:70:98:
                    a1:cd:ed:82:31:17:d8:75:21:21:15:9f:ff:fe:64:
                    db:55:b6:b0:24:90:7a:d6:21:e4:10:3a:5d:31:e8:
                    ec:d9:93:13:6f:5d:e5:09:c6:b7:bd:23:cf:f9:76:
                    20:1b:40:72:0b:9f:4c:89:49:42:08:4f:36:08:05:
                    b8:1b:39:c3:27:29:07:4e:48:a2:92:51:55:11:23:
                    c6:3e:3f:8d:67:ff:8b:97:28:c2:5c:f2:98:01:4a:
                    d1:31:2d:da:17:7d:8b:ed:bb:0d:50:30:eb:24:4c:
                    8a:32:e1:d1:4a:a2:83:83:9a:70:81:b7:cb:38:7a:
                    77:52:fd:fe:da:48:2b:cd:56:28:87:a0:47:5e:b1:
                    03:5a:09:7b:7d:bd:05:3b:f3:22:84:1d:b2:90:5e:
                    17:f2:0f:31:57:a9:ea:f3:ed:d2:bf:81:e2:14:cd:
                    a3:a1:34:86:48:8a:41:fa:c2:21:c0:32:91:9d:8b:
                    3e:62:5d:47:96:da:f4:e7:2f:31:c8:b3:ea:fc:e3:
                    65:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:1A:85:0E:93:01:45:0C:FA:5B:46:AC:94:FD:BC:D7:51:0B:0F:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50df9869-643c-4c4e-a4f0-626d92c514cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:c080::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:07:95:4c:09:18:a4:76:8d:1a:33:fe:d0:e2:7a:ef:76:e4:
         f5:d3:54:d5:81:4c:5b:93:2f:74:d6:5f:1f:23:d1:ec:a0:f3:
         5c:8e:1b:36:68:13:81:35:52:c8:55:9e:72:7c:d6:1e:46:15:
         73:25:19:22:71:ba:0a:c9:4a:28:80:fd:73:cd:b1:0c:1e:bb:
         cf:f1:27:ae:fd:3e:40:11:f1:9c:58:51:1e:4c:0f:8b:1c:af:
         39:fd:2d:c3:68:12:f4:4d:7b:02:fb:56:d0:37:59:46:cf:1d:
         f2:d2:42:bd:af:25:14:34:cb:69:5a:46:24:03:4b:2f:c0:0c:
         88:5c:ae:51:4c:84:84:44:99:2e:26:92:dd:6c:b8:83:e7:64:
         18:eb:9e:52:9f:e4:f7:ba:31:ad:56:3d:ea:88:69:83:26:4f:
         4d:21:3c:85:b0:db:d1:d1:43:7f:67:50:a2:9f:a2:b5:6d:4d:
         d8:e9:b2:d9:88:e2:aa:80:33:71:64:0b:63:cb:7d:d1:f2:ee:
         88:26:18:a8:d3:bd:3a:e1:d3:47:37:b0:dc:19:12:d8:2a:97:
         63:bb:98:0c:c2:59:e5:96:cb:c4:b1:4f:7b:34:84:b9:99:79:
         44:86:3a:8a:2d:1f:76:a2:95:8d:01:2a:5a:28:fd:7a:3e:a1:
         b6:33:81:b6
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUF+N94UIAehBthfgQd0tPQMQdgbgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMDAyMTIwWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzAyNWUwZGIwMWQ4NGQxNWFhOWJhYTM5ZmU0ZjA4ZDU4
ZGQ1YjRkNWRjYTRhZjhiMGIzM2JlNTE5YTQ4Y2NjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMcrBMRaPYhV8F/A8PD2KqK+GE+5tCyGBsd6qBfNSCr7yD
+NqEu7Akcr7HBRJq4pgY5ELL4NzmzE1wmKHN7YIxF9h1ISEVn//+ZNtVtrAkkHrW
IeQQOl0x6OzZkxNvXeUJxre9I8/5diAbQHILn0yJSUIITzYIBbgbOcMnKQdOSKKS
UVURI8Y+P41n/4uXKMJc8pgBStExLdoXfYvtuw1QMOskTIoy4dFKooODmnCBt8s4
endS/f7aSCvNViiHoEdesQNaCXt9vQU78yKEHbKQXhfyDzFXqerz7dK/geIUzaOh
NIZIikH6wiHAMpGdiz5iXUeW2vTnLzHIs+r842WlAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUfhqFDpMBRQz6W0aslP2811ELDxMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUwZGY5ODY5LTY0M2MtNGM0ZS1hNGYwLTYyNmQ5MmM1MTRjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hwIAwDQYJKoZIhvcNAQELBQADggEBAF8HlUwJGKR2jRoz/tDieu92
5PXTVNWBTFuTL3TWXx8j0eyg81yOGzZoE4E1UshVnnJ81h5GFXMlGSJxugrJSiiA
/XPNsQweu8/xJ679PkAR8ZxYUR5MD4scrzn9LcNoEvRNewL7VtA3WUbPHfLSQr2v
JRQ0y2laRiQDSy/ADIhcrlFMhIREmS4mkt1suIPnZBjrnlKf5Pe6Ma1WPeqIaYMm
T00hPIWw29HRQ39nUKKforVtTdjpstmI4qqAM3FkC2PLfdHy7ogmGKjTvTrh00c3
sNwZEtgql2O7mAzCWeWWy8SxT3s0hLmZeUSGOootH3ailY0BKloo/Xo+obYzgbY=
-----END CERTIFICATE-----