Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5408789c-97f1-4f47-ba64-b2e307733664.roa
File:                     5408789c-97f1-4f47-ba64-b2e307733664.roa (raw, json)
Hash identifier:          Xoy5x0Lb0QfxiacHq/8kwuWT77AE8F/xtNkc4TOKeNU=
Subject key identifier:   C8:97:F7:B1:3B:F0:A5:03:EC:56:84:51:F3:06:3F:89:E0:01:22:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2576035F7AE749DC187B80234F70D7A7AB5AB031
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5408789c-97f1-4f47-ba64-b2e307733664.roa
Signing time:             Fri 13 Jun 2025 16:12:01 +0000
ROA not before:           Fri 13 Jun 2025 16:12:01 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffb:8000::/39 maxlen: 39
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 16 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:76:03:5f:7a:e7:49:dc:18:7b:80:23:4f:70:d7:a7:ab:5a:b0:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 16:12:01 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=0dfda654f14542fd5362c0fee8fc71bb958c9253e81c853547f0e3bdb667a52d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a4:0c:75:b9:01:8e:2a:b3:80:a2:12:f7:07:
                    4c:9f:91:64:a3:7b:ff:fd:92:da:db:c6:1b:eb:bb:
                    df:95:5e:c5:66:67:6c:66:c4:ac:ac:36:a9:25:3b:
                    ae:5e:a1:6f:27:13:59:e9:34:c6:f3:27:86:7e:e9:
                    a3:2f:37:41:c0:7b:26:30:66:9d:b1:2d:21:04:02:
                    36:79:4e:3a:85:f0:3b:1c:38:70:40:cb:37:6e:df:
                    9d:16:e4:0b:c1:7b:27:98:c1:18:82:ff:d3:d3:7e:
                    6c:38:9b:c2:bd:42:d2:8e:27:5e:af:79:51:b3:cc:
                    f9:a8:ce:93:4b:c9:a2:06:d9:c1:37:b7:f4:04:8c:
                    60:14:9f:7c:2c:4a:d3:b5:bc:1d:9a:58:3a:d3:12:
                    a0:03:b4:b1:ee:95:f1:88:9b:7b:03:21:c7:bb:ea:
                    bd:6b:02:2d:d6:2e:44:25:3d:39:d5:37:d5:c9:5e:
                    26:43:99:2c:d1:ae:b1:0d:9b:50:d8:06:06:da:56:
                    9c:ba:0c:0d:3c:67:fb:91:bf:a5:fd:98:e5:43:e0:
                    47:9c:a1:1d:96:4e:07:cb:55:18:f5:a8:5a:d3:77:
                    38:c2:93:5f:25:23:d4:6e:7e:90:99:f7:22:a5:1a:
                    3e:fc:51:1a:32:cf:e4:54:6b:e4:76:dc:a0:dc:5b:
                    4c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:97:F7:B1:3B:F0:A5:03:EC:56:84:51:F3:06:3F:89:E0:01:22:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5408789c-97f1-4f47-ba64-b2e307733664.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         bd:21:a2:f8:96:d9:0e:b3:49:d4:83:e4:af:11:e9:01:b3:fe:
         e6:9d:18:f3:84:e5:3d:2d:a9:ff:e9:39:99:96:1b:6a:e3:43:
         5f:ed:7f:d1:8a:21:48:f8:06:2f:d0:85:e2:7d:04:c4:cc:8a:
         3a:ff:27:24:0a:3b:d0:52:22:a8:4b:bd:81:5d:95:59:1b:47:
         03:c0:4d:24:7d:e6:23:ea:1f:fc:27:f8:60:5e:13:6f:51:56:
         6a:0b:42:6c:e6:a0:b0:5c:3a:04:1f:01:31:ed:19:32:b5:2a:
         ce:0c:a2:2f:30:9f:5a:82:3e:9c:bb:9c:d9:6b:d0:f7:18:53:
         1d:5d:67:b2:33:0d:13:47:2a:f6:b9:85:16:9e:c4:71:1f:d0:
         0e:1a:ed:7e:80:1c:77:7e:0f:a9:3d:65:d2:55:20:48:30:03:
         82:d0:26:b7:c2:50:87:d7:a0:ab:85:1d:8f:c7:3f:7a:97:cf:
         df:9e:ee:cf:4f:b4:3b:76:33:6f:08:e6:c7:97:e5:3e:ce:4e:
         e4:95:36:92:e0:f3:0e:39:4b:e0:ed:6e:49:5c:ea:f8:55:e2:
         24:ff:0e:84:60:f4:e9:02:0c:94:87:5f:bc:cb:14:02:44:c6:
         b9:98:7a:c6:e6:12:48:20:76:2a:fc:a6:23:98:bc:b0:2a:20:
         28:77:d4:ab
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJXYDX3rnSdwYe4AjT3DXp6tasDEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMTYxMjAxWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGZkYTY1NGYxNDU0MmZkNTM2MmMwZmVlOGZjNzFiYjk1
OGM5MjUzZTgxYzg1MzU0N2YwZTNiZGI2NjdhNTJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1pAx1uQGOKrOAohL3B0yfkWSje//9ktrbxhvru9+VXsVm
Z2xmxKysNqklO65eoW8nE1npNMbzJ4Z+6aMvN0HAeyYwZp2xLSEEAjZ5TjqF8Dsc
OHBAyzdu350W5AvBeyeYwRiC/9PTfmw4m8K9QtKOJ16veVGzzPmozpNLyaIG2cE3
t/QEjGAUn3wsStO1vB2aWDrTEqADtLHulfGIm3sDIce76r1rAi3WLkQlPTnVN9XJ
XiZDmSzRrrENm1DYBgbaVpy6DA08Z/uRv6X9mOVD4EecoR2WTgfLVRj1qFrTdzjC
k18lI9RufpCZ9yKlGj78URoyz+RUa+R23KDcW0wVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUyJf3sTvwpQPsVoRR8wY/ieABIqowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0MDg3ODljLTk3ZjEtNGY0Ny1iYTY0LWIyZTMwNzczMzY2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/7gDANBgkqhkiG9w0BAQsFAAOCAQEAvSGi+JbZDrNJ1IPkrxHpAbP+
5p0Y84TlPS2p/+k5mZYbauNDX+1/0YohSPgGL9CF4n0ExMyKOv8nJAo70FIiqEu9
gV2VWRtHA8BNJH3mI+of/Cf4YF4Tb1FWagtCbOagsFw6BB8BMe0ZMrUqzgyiLzCf
WoI+nLuc2WvQ9xhTHV1nsjMNE0cq9rmFFp7EcR/QDhrtfoAcd34PqT1l0lUgSDAD
gtAmt8JQh9egq4Udj8c/epfP357uz0+0O3Yzbwjmx5flPs5O5JU2kuDzDjlL4O1u
SVzq+FXiJP8OhGD06QIMlIdfvMsUAkTGuZh6xuYSSCB2KvymI5i8sCogKHfUqw==
-----END CERTIFICATE-----
Generated at Sun Jun 15 01:11:34 2025 by rpki-client