Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/796c70f8-9f34-44b3-8a4b-26d8a656fe19.roa
File:                     796c70f8-9f34-44b3-8a4b-26d8a656fe19.roa (raw, json)
Hash identifier:          ZmNza72wkoVi9Jl8XihDrtYKHJFoYt8XGJfN6ohvsok=
Subject key identifier:   18:F5:E8:88:D3:57:6B:D5:80:19:1B:6A:8C:89:C0:B1:50:27:8E:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A3689ED6F58D607F24D55D7B7D9F8592E8D606A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/796c70f8-9f34-44b3-8a4b-26d8a656fe19.roa
Signing time:             Fri 25 Apr 2025 00:32:18 +0000
ROA not before:           Fri 25 Apr 2025 00:32:18 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f68:7400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:36:89:ed:6f:58:d6:07:f2:4d:55:d7:b7:d9:f8:59:2e:8d:60:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 25 00:32:18 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=7d054a9ac43c2217e6f895e7311e78edf7faa86d55154aa65977085a714cd1b7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4f:b9:86:77:33:9c:c0:98:02:f5:87:e5:b3:
                    20:85:6a:ec:fd:5d:77:45:ac:e5:1e:76:91:7e:ae:
                    10:6a:e1:c9:74:d1:c7:d4:f4:cf:36:02:8f:7e:62:
                    47:d7:4b:51:dd:81:a8:c7:eb:92:89:2e:d6:1f:b2:
                    d0:f2:9d:fe:ef:4b:55:59:e8:f5:5f:ef:13:f2:a7:
                    85:fe:6d:fd:2b:5a:eb:4c:78:a0:b1:ce:26:6b:ef:
                    e4:47:61:48:8f:3e:fa:7c:01:24:b6:35:15:bd:f6:
                    ce:79:9b:2c:d0:2b:09:84:ff:7e:59:e6:36:1a:c9:
                    a9:02:4e:ec:72:11:ac:66:e0:b4:aa:b7:72:06:43:
                    06:31:2d:d6:5b:19:a8:88:19:95:02:f3:07:95:f7:
                    32:20:17:39:d7:32:d9:be:82:b5:ce:a4:15:ce:e5:
                    5d:d7:4c:bd:22:5a:a9:80:2e:80:74:ee:6b:e5:2d:
                    16:df:0a:28:92:08:a7:b5:b6:78:9e:33:fe:17:c7:
                    3a:fe:40:3b:a1:87:cc:ef:af:cf:99:9b:67:ac:36:
                    14:58:d8:0e:d1:00:f8:23:d1:dc:df:ad:8f:8d:31:
                    ed:1d:b5:f2:71:c3:63:ef:36:11:15:a3:e6:45:80:
                    27:65:9e:0d:68:e0:91:28:46:aa:31:a9:5b:ed:40:
                    53:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F5:E8:88:D3:57:6B:D5:80:19:1B:6A:8C:89:C0:B1:50:27:8E:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/796c70f8-9f34-44b3-8a4b-26d8a656fe19.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f68:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:0e:57:cd:01:ec:2f:6b:95:18:a2:af:87:6b:f9:87:c7:ed:
         a5:e4:cd:7d:ee:f5:cc:6b:68:2b:eb:cc:59:18:6a:2e:30:8d:
         24:92:6a:f8:2d:5d:8b:a5:64:bc:d0:72:11:07:a7:75:e2:80:
         b9:c7:a0:67:d3:96:00:a8:5f:bf:29:c1:51:fe:db:7c:b3:c4:
         cc:b8:b9:dd:57:1d:3a:bf:62:6a:59:98:56:c1:e2:fc:32:3e:
         e7:e8:16:ee:f9:14:3e:b7:e7:31:a3:45:6d:b6:61:66:66:ba:
         b0:cd:91:38:29:74:79:61:b9:1c:10:fa:ac:ce:d3:8a:16:1d:
         c2:70:6c:8a:24:d4:d9:0d:73:52:c9:17:9b:78:d5:42:08:88:
         e5:e4:2a:62:a6:35:cf:d0:24:ab:20:f2:1e:4e:ba:ba:b6:ce:
         62:db:77:3d:97:22:35:e4:32:64:95:8e:d9:64:79:e0:77:b5:
         6e:68:9b:e4:38:43:54:d4:0e:57:5a:72:3d:f1:3c:a2:3b:7a:
         3f:af:40:5c:9a:15:1e:92:e7:e6:c9:6a:4f:b9:dc:d5:f2:7c:
         99:43:63:e4:c2:a4:b7:6d:ac:b7:3d:9f:b1:a9:aa:4e:46:ad:
         ed:16:65:4b:7e:21:58:24:3b:53:43:f4:ac:8b:14:93:6a:a7:
         4f:dc:6f:f9
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUajaJ7W9Y1gfyTVXXt9n4WS6NYGowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI1MDAzMjE4WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDA1NGE5YWM0M2MyMjE3ZTZmODk1ZTczMTFlNzhlZGY3
ZmFhODZkNTUxNTRhYTY1OTc3MDg1YTcxNGNkMWI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMT7mGdzOcwJgC9YflsyCFauz9XXdFrOUedpF+rhBq4cl0
0cfU9M82Ao9+YkfXS1HdgajH65KJLtYfstDynf7vS1VZ6PVf7xPyp4X+bf0rWutM
eKCxziZr7+RHYUiPPvp8ASS2NRW99s55myzQKwmE/35Z5jYayakCTuxyEaxm4LSq
t3IGQwYxLdZbGaiIGZUC8weV9zIgFznXMtm+grXOpBXO5V3XTL0iWqmALoB07mvl
LRbfCiiSCKe1tnieM/4Xxzr+QDuhh8zvr8+Zm2esNhRY2A7RAPgj0dzfrY+NMe0d
tfJxw2PvNhEVo+ZFgCdlng1o4JEoRqoxqVvtQFMlAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUGPXoiNNXa9WAGRtqjInAsVAnjjQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc5NmM3MGY4LTlmMzQtNDRiMy04YTRiLTI2ZDhhNjU2ZmUxOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9odDANBgkqhkiG9w0BAQsFAAOCAQEAow5XzQHsL2uVGKKvh2v5h8ft
peTNfe71zGtoK+vMWRhqLjCNJJJq+C1di6VkvNByEQendeKAucegZ9OWAKhfvynB
Uf7bfLPEzLi53VcdOr9ialmYVsHi/DI+5+gW7vkUPrfnMaNFbbZhZma6sM2ROCl0
eWG5HBD6rM7TihYdwnBsiiTU2Q1zUskXm3jVQgiI5eQqYqY1z9AkqyDyHk66urbO
Ytt3PZciNeQyZJWO2WR54He1bmib5DhDVNQOV1pyPfE8ojt6P69AXJoVHpLn5slq
T7nc1fJ8mUNj5MKkt22stz2fsamqTkat7RZlS34hWCQ7U0P0rIsUk2qnT9xv+Q==
-----END CERTIFICATE-----