Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/866a68a9-989e-463b-be1d-493465d7a0ab.roa
File:                     866a68a9-989e-463b-be1d-493465d7a0ab.roa (raw, json)
Hash identifier:          tAhGHMQpynW8sYVStBMR1WctBHFVPOVr4xUmnexUf40=
Subject key identifier:   76:06:77:7E:AA:83:2B:11:1A:27:DA:14:08:D4:0E:D5:D8:25:21:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32CBDC080FA466C76143DF8090F792D3D189D995
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/866a68a9-989e-463b-be1d-493465d7a0ab.roa
Signing time:             Fri 18 Jul 2025 00:11:11 +0000
ROA not before:           Fri 18 Jul 2025 00:11:11 +0000
ROA not after:            Fri 22 Aug 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ffa:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:cb:dc:08:0f:a4:66:c7:61:43:df:80:90:f7:92:d3:d1:89:d9:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 18 00:11:11 2025 GMT
            Not After : Aug 22 23:59:59 2025 GMT
        Subject: serialNumber=2fe16584e93613de6da3ad308f50ce6107d608f8023cd5e81b38f63e3c4c0366, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:de:70:66:bd:ec:df:b5:81:e3:8b:dd:f8:c0:
                    1c:6e:a1:9e:fd:3e:d6:16:47:44:6b:80:4d:77:41:
                    3c:48:56:19:ed:93:00:22:c2:f7:99:15:a0:64:bf:
                    55:f9:71:c2:08:33:14:3b:b9:7c:5c:88:c6:a9:4c:
                    77:e6:ba:c8:33:f1:cd:c0:ba:0c:95:52:75:91:d7:
                    a1:6f:c8:db:f2:ac:f3:65:03:c1:09:c5:c2:e4:e7:
                    bd:78:33:f7:9f:e6:71:0f:44:d5:97:de:27:25:2b:
                    d9:9b:b0:38:c7:35:3c:f3:68:2c:58:fd:39:d9:85:
                    09:7f:08:08:4e:e6:83:43:e6:a1:82:0c:a9:c9:e9:
                    51:6c:c1:34:0c:71:cf:6d:e8:85:d6:e2:46:d7:e1:
                    6f:f7:99:5c:e9:24:ff:74:38:e6:39:87:b4:c4:61:
                    1e:75:42:e3:01:6b:11:5e:2e:64:b3:41:21:e6:0b:
                    a9:9c:36:77:d0:20:ef:da:78:fa:01:21:8e:7f:61:
                    72:5a:1d:29:81:a3:7d:5e:3f:c2:7e:fa:a3:b1:36:
                    1b:cd:b2:fd:fa:0d:31:82:20:5d:95:5e:14:55:92:
                    35:98:f2:25:02:a1:49:dc:0c:2c:fc:27:69:ab:6b:
                    0a:b4:d7:44:ad:64:51:da:f7:a3:5e:b1:84:42:48:
                    5f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:06:77:7E:AA:83:2B:11:1A:27:DA:14:08:D4:0E:D5:D8:25:21:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/866a68a9-989e-463b-be1d-493465d7a0ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffa:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b4:a8:66:55:a3:f7:1c:7e:1e:d3:cb:ab:d1:2d:f0:80:c8:ae:
         30:58:6d:5e:85:c5:be:f7:7f:3b:10:82:c2:0f:93:de:d8:85:
         e0:fa:a4:42:7b:85:f2:d8:16:0b:7c:48:22:fa:4b:06:fc:cc:
         7b:5d:f8:6f:9c:de:20:13:7f:09:8d:17:13:66:30:1a:36:ae:
         6a:69:32:2a:bb:f3:84:da:a3:b9:aa:c0:84:28:40:ba:d3:7a:
         a0:0b:ba:0d:2a:4d:a4:96:1b:21:7f:83:4c:2e:cc:02:e4:0d:
         9f:f7:96:d1:1f:f1:f4:80:05:f0:c7:4d:fc:5c:25:c4:54:39:
         4b:0b:f9:27:fb:e1:03:55:d7:f8:09:33:b4:e9:8d:f5:87:d4:
         0d:ef:fc:ed:6b:77:9d:c0:2b:ce:2a:17:e5:78:0d:9f:76:fa:
         bd:df:ac:c1:14:5e:0d:18:97:76:cf:00:d2:7e:37:7c:36:1f:
         a7:67:dc:ed:4a:55:1c:25:e7:67:c9:1d:cd:1c:67:25:e4:63:
         31:31:a6:c9:96:44:fc:ea:f6:de:ad:59:52:21:97:4a:2c:d4:
         26:8e:57:ee:66:c8:7d:91:22:a6:f6:10:4c:45:e0:e9:8b:ea:
         5f:97:74:59:b8:09:a7:4f:69:16:cd:5d:15:ea:b1:56:e1:84:
         c3:9d:6e:f2
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMsvcCA+kZsdhQ9+AkPeS09GJ2ZUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE4MDAxMTExWhcNMjUwODIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZmUxNjU4NGU5MzYxM2RlNmRhM2FkMzA4ZjUwY2U2MTA3
ZDYwOGY4MDIzY2Q1ZTgxYjM4ZjYzZTNjNGMwMzY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+3nBmvezftYHji934wBxuoZ79PtYWR0RrgE13QTxIVhnt
kwAiwveZFaBkv1X5ccIIMxQ7uXxciMapTHfmusgz8c3AugyVUnWR16FvyNvyrPNl
A8EJxcLk5714M/ef5nEPRNWX3iclK9mbsDjHNTzzaCxY/TnZhQl/CAhO5oND5qGC
DKnJ6VFswTQMcc9t6IXW4kbX4W/3mVzpJP90OOY5h7TEYR51QuMBaxFeLmSzQSHm
C6mcNnfQIO/aePoBIY5/YXJaHSmBo31eP8J++qOxNhvNsv36DTGCIF2VXhRVkjWY
8iUCoUncDCz8J2mrawq010StZFHa96NesYRCSF+HAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUdgZ3fqqDKxEaJ9oUCNQO1dglIQwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg2NmE2OGE5LTk4OWUtNDYzYi1iZTFkLTQ5MzQ2NWQ3YTBhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/6IDANBgkqhkiG9w0BAQsFAAOCAQEAtKhmVaP3HH4e08ur0S3wgMiu
MFhtXoXFvvd/OxCCwg+T3tiF4PqkQnuF8tgWC3xIIvpLBvzMe134b5zeIBN/CY0X
E2YwGjauamkyKrvzhNqjuarAhChAutN6oAu6DSpNpJYbIX+DTC7MAuQNn/eW0R/x
9IAF8MdN/FwlxFQ5Swv5J/vhA1XX+AkztOmN9YfUDe/87Wt3ncArzioX5XgNn3b6
vd+swRReDRiXds8A0n43fDYfp2fc7UpVHCXnZ8kdzRxnJeRjMTGmyZZE/Or23q1Z
UiGXSizUJo5X7mbIfZEipvYQTEXg6YvqX5d0WbgJp09pFs1dFeqxVuGEw51u8g==
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:02:20 2025 by rpki-client