Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab683a78-14b6-4a64-b744-55c9b85a9b70.roa
File:                     ab683a78-14b6-4a64-b744-55c9b85a9b70.roa (raw, json)
Hash identifier:          Bjr3KJyKlbeXxUEgAtBLR5cTOUXOZjZDORvh7tR/tns=
Subject key identifier:   82:01:62:75:23:4B:1C:93:76:A4:F9:D3:8C:49:1F:88:D4:ED:54:E1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60D1211850A2959F9CE167A96AF14EEF54D1CCF5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab683a78-14b6-4a64-b744-55c9b85a9b70.roa
Signing time:             Mon 21 Apr 2025 18:00:24 +0000
ROA not before:           Mon 21 Apr 2025 18:00:24 +0000
ROA not after:            Mon 26 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff2:8020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:d1:21:18:50:a2:95:9f:9c:e1:67:a9:6a:f1:4e:ef:54:d1:cc:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 21 18:00:24 2025 GMT
            Not After : May 26 23:59:59 2025 GMT
        Subject: serialNumber=d1dfc97682aa2af777445b208a0a793b67bc907ec74d5b06a893553fcda923df, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:00:e3:28:2b:21:de:2d:fa:11:51:70:83:a1:
                    26:d9:91:d5:0e:16:45:e7:6c:ad:01:90:e3:b6:8d:
                    09:14:c9:c1:2f:3a:40:20:1a:a6:21:79:c2:1d:c3:
                    4a:22:94:df:b2:5a:bb:80:ea:46:44:9d:e4:2a:17:
                    ae:ed:d0:da:33:33:bd:dd:2f:7e:ce:72:c3:8b:e5:
                    88:c7:90:c4:33:20:ac:cc:58:0c:62:63:c1:70:bb:
                    3c:f2:33:8e:69:ad:72:90:0a:46:54:c3:67:e3:e6:
                    5d:57:34:b5:b8:4b:38:3e:e9:5f:64:14:ce:ce:61:
                    f3:6a:00:30:d7:24:2a:e4:c2:26:1f:39:9e:7b:50:
                    90:b5:92:e4:86:98:6c:ec:42:85:68:0d:7f:2f:78:
                    bf:51:4c:30:9e:f0:b5:ed:1d:62:53:d1:18:55:13:
                    81:a6:72:62:a8:f5:ff:0a:f6:ac:26:08:c1:6c:c7:
                    0e:3e:89:9c:29:ae:4e:a0:f6:47:44:84:21:b1:63:
                    8a:ac:6c:c1:9a:dd:23:ea:b6:1b:2d:29:16:d7:f8:
                    23:b5:d1:2b:36:d0:16:97:72:d2:83:a9:8d:27:ac:
                    14:7a:20:fb:28:01:76:b0:90:5d:f8:36:18:12:ff:
                    14:d0:02:94:8f:7c:a4:66:5d:28:ee:d1:55:a1:c9:
                    60:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:01:62:75:23:4B:1C:93:76:A4:F9:D3:8C:49:1F:88:D4:ED:54:E1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab683a78-14b6-4a64-b744-55c9b85a9b70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:a2:27:32:c1:63:39:83:d2:24:34:57:f9:bb:48:61:2e:cd:
         b0:52:45:fa:2a:91:36:75:f9:2c:60:ef:39:92:f0:e7:42:d8:
         b2:d1:7a:61:f7:04:1a:10:8c:4f:57:17:30:03:1f:b6:09:a2:
         50:0b:b5:27:84:35:c5:f7:ba:3d:3c:d8:cd:11:58:b7:46:07:
         2e:fa:d5:fb:d2:ec:57:ac:e7:ab:93:0a:f2:cb:de:f4:72:0c:
         81:7a:5b:94:b0:23:70:60:d5:b3:6d:8e:12:c2:59:a2:5c:83:
         fb:12:50:ce:af:41:fc:cf:e5:8d:71:89:49:f9:50:7d:5d:aa:
         21:e3:0f:7f:89:6b:44:b2:30:d1:d6:d6:c8:2d:eb:43:db:96:
         4d:f6:89:56:ee:cd:bb:26:00:7c:2b:f7:9b:21:54:93:eb:ee:
         0c:db:ec:31:eb:0e:6a:f2:c8:94:5d:fc:57:62:d4:84:27:d9:
         8d:17:e8:00:69:0b:5f:51:f9:2e:a1:82:a3:47:26:95:83:1a:
         02:fb:76:69:2a:b9:a5:90:19:66:7c:a7:03:a9:70:88:29:02:
         c3:ca:c6:f4:36:40:3c:9b:5f:01:2f:3b:19:78:3a:9a:f2:48:
         46:7a:6a:96:1e:69:18:f6:d1:a1:48:4a:d7:2f:6e:8a:f5:7c:
         23:5a:dd:29
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUYNEhGFCilZ+c4WepavFO71TRzPUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIxMTgwMDI0WhcNMjUwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMWRmYzk3NjgyYWEyYWY3Nzc0NDViMjA4YTBhNzkzYjY3
YmM5MDdlYzc0ZDViMDZhODkzNTUzZmNkYTkyM2RmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzAOMoKyHeLfoRUXCDoSbZkdUOFkXnbK0BkOO2jQkUycEv
OkAgGqYhecIdw0oilN+yWruA6kZEneQqF67t0NozM73dL37OcsOL5YjHkMQzIKzM
WAxiY8FwuzzyM45prXKQCkZUw2fj5l1XNLW4Szg+6V9kFM7OYfNqADDXJCrkwiYf
OZ57UJC1kuSGmGzsQoVoDX8veL9RTDCe8LXtHWJT0RhVE4GmcmKo9f8K9qwmCMFs
xw4+iZwprk6g9kdEhCGxY4qsbMGa3SPqthstKRbX+CO10Ss20BaXctKDqY0nrBR6
IPsoAXawkF34NhgS/xTQApSPfKRmXSju0VWhyWCRAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUggFidSNLHJN2pPnTjEkfiNTtVOEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiNjgzYTc4LTE0YjYtNGE2NC1iNzQ0LTU1YzliODVhOWI3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/ygCAwDQYJKoZIhvcNAQELBQADggEBAKuiJzLBYzmD0iQ0V/m7SGEu
zbBSRfoqkTZ1+Sxg7zmS8OdC2LLRemH3BBoQjE9XFzADH7YJolALtSeENcX3uj08
2M0RWLdGBy761fvS7Fes56uTCvLL3vRyDIF6W5SwI3Bg1bNtjhLCWaJcg/sSUM6v
QfzP5Y1xiUn5UH1dqiHjD3+Ja0SyMNHW1sgt60Pblk32iVbuzbsmAHwr95shVJPr
7gzb7DHrDmryyJRd/Fdi1IQn2Y0X6ABpC19R+S6hgqNHJpWDGgL7dmkquaWQGWZ8
pwOpcIgpAsPKxvQ2QDybXwEvOxl4OprySEZ6apYeaRj20aFIStcvbor1fCNa3Sk=
-----END CERTIFICATE-----