Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afbb9459-9f83-4359-a830-b3ddaa638879.roa
File:                     afbb9459-9f83-4359-a830-b3ddaa638879.roa (raw, json)
Hash identifier:          LJMaERTccrJuIea7Lu5lG4nmE0LHifoKZTukSKa8t/w=
Subject key identifier:   92:5F:53:8A:6E:58:02:2B:6F:93:7C:3D:85:55:3C:34:13:20:90:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       198A34AAC2E436E177B89564ADE2063037AB2870
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afbb9459-9f83-4359-a830-b3ddaa638879.roa
Signing time:             Tue 22 Apr 2025 17:10:30 +0000
ROA not before:           Tue 22 Apr 2025 17:10:30 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1e:4000::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:8a:34:aa:c2:e4:36:e1:77:b8:95:64:ad:e2:06:30:37:ab:28:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 17:10:30 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=ff7c6dbf66affa30524a26091849363af867e92da930d34494663bae34f2f1cc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:64:07:cc:c8:45:53:1a:1f:3d:3a:54:58:7e:
                    17:47:58:12:7e:ce:07:c0:e6:05:72:ce:6d:f5:de:
                    9d:47:27:66:c6:c7:a0:62:e7:48:8a:a4:c6:53:25:
                    a9:a4:ae:23:a8:34:d7:9b:d3:cc:ea:32:f7:be:ef:
                    06:b7:e1:a2:4d:7d:6d:c0:83:58:41:6c:4e:66:78:
                    81:63:05:27:27:38:72:44:50:69:23:d2:37:c5:a7:
                    bc:87:a7:51:d3:fe:05:6f:f5:1d:48:ab:82:f1:ad:
                    86:b8:bd:ee:0c:0d:fb:2e:51:82:b5:73:f9:5e:ef:
                    7a:38:7c:ad:75:cd:23:9c:e5:be:d7:35:93:46:d0:
                    79:4f:57:3f:df:1e:bd:a4:61:73:54:37:66:a5:c3:
                    64:38:3f:9a:72:4c:3f:f9:b9:76:59:1e:b3:9a:2b:
                    05:f4:90:7b:6b:9b:ad:2c:3b:b2:4a:6b:54:af:60:
                    70:d0:69:72:f7:1e:79:be:ce:57:e9:58:73:13:6a:
                    66:f9:9e:e9:36:3b:31:5e:8a:14:b0:79:95:5f:fc:
                    71:04:d6:27:36:9c:85:e9:02:e1:04:3b:d2:2b:48:
                    09:22:8e:dd:f9:92:8c:b9:f7:a1:93:26:7d:5b:79:
                    7a:26:3d:52:b0:ee:09:15:b2:fb:a7:8f:65:c9:93:
                    aa:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:5F:53:8A:6E:58:02:2B:6F:93:7C:3D:85:55:3C:34:13:20:90:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afbb9459-9f83-4359-a830-b3ddaa638879.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1e:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         7f:2b:90:9d:e2:14:f6:6b:47:f8:cf:6a:5e:0e:91:a2:1a:cc:
         c4:29:9a:a9:73:6a:c0:7a:6d:0c:b9:17:b5:d3:10:a0:65:95:
         53:ab:56:53:1c:18:a4:69:af:3d:16:5c:b1:4c:3c:6e:ea:65:
         0b:82:86:bf:db:08:47:a9:9f:02:04:67:55:e6:9c:e0:f9:99:
         57:0c:70:85:0d:9a:dd:e8:08:cb:2a:cd:e5:51:15:ee:89:50:
         77:6b:3f:f9:8c:a7:ca:c2:f3:5a:e5:b1:60:a1:f6:b3:10:aa:
         e6:38:df:49:a2:f1:4f:ab:bb:26:33:80:d6:77:49:11:19:4e:
         1d:0a:2f:28:55:13:94:02:7f:66:7a:8c:14:78:db:4a:20:f8:
         6c:9b:55:f5:fb:a3:0b:a5:41:98:cb:11:ec:60:21:6e:78:68:
         db:0f:a5:6c:1d:f3:9d:10:0b:48:71:87:fe:40:82:f1:2f:38:
         a7:d6:86:0b:9a:ee:25:9c:da:f2:fd:0b:fd:99:c9:09:40:0d:
         78:17:94:b8:7c:a3:6e:40:e0:57:4f:3c:c6:1e:a5:9c:ee:bd:
         04:c5:a0:51:8f:63:7c:ce:69:c2:b1:a0:89:54:05:13:74:61:
         ba:c5:e7:42:75:81:a2:a6:ff:29:52:48:9d:12:d0:50:bb:98:
         39:d3:7e:95
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGYo0qsLkNuF3uJVkreIGMDerKHAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTcxMDMwWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjdjNmRiZjY2YWZmYTMwNTI0YTI2MDkxODQ5MzYzYWY4
NjdlOTJkYTkzMGQzNDQ5NDY2M2JhZTM0ZjJmMWNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFZAfMyEVTGh89OlRYfhdHWBJ+zgfA5gVyzm313p1HJ2bG
x6Bi50iKpMZTJamkriOoNNeb08zqMve+7wa34aJNfW3Ag1hBbE5meIFjBScnOHJE
UGkj0jfFp7yHp1HT/gVv9R1Iq4LxrYa4ve4MDfsuUYK1c/le73o4fK11zSOc5b7X
NZNG0HlPVz/fHr2kYXNUN2alw2Q4P5pyTD/5uXZZHrOaKwX0kHtrm60sO7JKa1Sv
YHDQaXL3Hnm+zlfpWHMTamb5nuk2OzFeihSweZVf/HEE1ic2nIXpAuEEO9IrSAki
jt35koy596GTJn1beXomPVKw7gkVsvunj2XJk6ovAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUkl9Tim5YAitvk3w9hVU8NBMgkMswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmYmI5NDU5LTlmODMtNDM1OS1hODMwLWIzZGRhYTYzODg3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8eQDANBgkqhkiG9w0BAQsFAAOCAQEAfyuQneIU9mtH+M9qXg6RohrM
xCmaqXNqwHptDLkXtdMQoGWVU6tWUxwYpGmvPRZcsUw8buplC4KGv9sIR6mfAgRn
Veac4PmZVwxwhQ2a3egIyyrN5VEV7olQd2s/+YynysLzWuWxYKH2sxCq5jjfSaLx
T6u7JjOA1ndJERlOHQovKFUTlAJ/ZnqMFHjbSiD4bJtV9fujC6VBmMsR7GAhbnho
2w+lbB3znRALSHGH/kCC8S84p9aGC5ruJZza8v0L/ZnJCUANeBeUuHyjbkDgV088
xh6lnO69BMWgUY9jfM5pwrGgiVQFE3RhusXnQnWBoqb/KVJInRLQULuYOdN+lQ==
-----END CERTIFICATE-----