Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1f32224-d90c-4834-9dd6-5bb1a05fb638.roa
File:                     b1f32224-d90c-4834-9dd6-5bb1a05fb638.roa (raw, json)
Hash identifier:          brJ81+2/jblmoua6OV0Zc+AEGWYVHdIgwlBVa9yQoCc=
Subject key identifier:   B2:D5:02:42:A9:D1:EE:E5:DF:37:8B:91:83:EE:F9:39:12:D7:93:9E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C8928BA91A5B3B21A613E62B9FBA0FEF2FE2918
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1f32224-d90c-4834-9dd6-5bb1a05fb638.roa
Signing time:             Mon 04 Aug 2025 16:32:01 +0000
ROA not before:           Mon 04 Aug 2025 16:32:01 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1e::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:89:28:ba:91:a5:b3:b2:1a:61:3e:62:b9:fb:a0:fe:f2:fe:29:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 16:32:01 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=cb644a0c77f04500f172ba32fe88e08c5a6ead233d0f92a35749f1e6587f7084, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c3:96:0d:7e:b7:d8:d3:3e:52:99:15:da:be:
                    03:68:f9:72:7f:e3:4d:e8:9b:8f:19:05:3f:2d:4b:
                    2b:8b:f9:4c:6b:ee:1c:87:89:e3:db:20:42:43:a1:
                    30:82:ee:f3:4d:0d:49:39:41:b2:8d:44:96:5a:33:
                    a7:c1:4d:58:4a:4e:ff:2e:51:79:b2:d5:d0:36:9d:
                    41:cd:e5:b1:9f:bc:f9:9e:7f:5c:41:22:b5:fa:e4:
                    a9:ca:06:86:21:81:18:02:9d:dd:e2:b9:fb:7a:13:
                    f5:d2:dc:0d:ed:8b:09:db:9a:ab:fe:1e:22:1b:d8:
                    5a:9e:fe:5b:fe:96:9f:e3:e1:d2:26:35:73:26:92:
                    e0:96:9f:1e:69:fd:09:55:f6:5d:c9:54:f7:86:96:
                    e5:b5:5d:e1:f4:b2:44:39:43:b9:2e:73:2f:e6:35:
                    c8:22:dc:41:30:c2:05:f6:94:1b:54:35:66:5c:a5:
                    bc:af:fb:9e:15:94:a4:4f:02:c4:3a:f4:45:b5:d5:
                    cd:d2:de:fa:91:ee:ac:ef:d8:bf:95:c8:cd:fe:b7:
                    af:a8:3d:c5:29:6a:bf:f4:9a:bd:e7:07:ec:24:7d:
                    44:67:85:97:04:cb:15:fe:25:d9:0c:c5:43:ee:37:
                    94:55:0f:c3:b8:6e:80:7a:3a:c1:6e:ab:94:62:5e:
                    22:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D5:02:42:A9:D1:EE:E5:DF:37:8B:91:83:EE:F9:39:12:D7:93:9E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1f32224-d90c-4834-9dd6-5bb1a05fb638.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1e::/36

    Signature Algorithm: sha256WithRSAEncryption
         4e:b9:4c:a4:42:ca:56:40:10:44:e4:75:2e:84:64:08:62:66:
         66:2c:ef:da:96:30:38:8b:5d:1f:6c:93:44:31:e2:20:2e:89:
         e3:d4:eb:98:14:3a:f1:34:ae:b1:83:c4:93:aa:57:18:9e:e2:
         74:21:ca:03:c4:23:18:cc:c9:68:5e:fe:a7:c2:d9:be:71:95:
         9b:84:cb:5a:88:37:b1:c7:f2:da:c3:00:16:16:86:ae:e9:60:
         9d:eb:46:7c:be:0f:1b:4c:29:ed:74:f0:12:82:db:b6:e8:9b:
         24:b3:b8:d9:5e:e1:84:e1:d1:5c:e3:34:25:ee:98:d3:ba:1f:
         45:fd:a5:79:0a:e4:3d:84:44:82:75:c6:fc:65:9d:14:1b:32:
         00:a6:23:29:8a:29:df:9c:eb:70:20:df:b2:61:8b:92:a6:f0:
         2e:c2:e9:91:e1:32:ce:4a:b4:fb:d4:97:a1:14:b1:d2:5e:24:
         79:65:26:d5:04:16:c7:cd:98:21:f7:10:a4:b0:a5:95:ed:89:
         02:89:5c:fb:8e:68:56:eb:c0:3b:66:1e:b7:f3:43:dd:dd:21:
         de:a0:1e:82:ed:e3:e2:f2:83:1f:e4:02:77:6f:54:08:71:8e:
         0e:97:fc:69:36:c0:94:3c:72:9a:8c:30:99:92:13:e1:51:37:
         b9:7a:26:c5
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPIkoupGls7IaYT5iufug/vL+KRgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTYzMjAxWhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjY0NGEwYzc3ZjA0NTAwZjE3MmJhMzJmZTg4ZTA4YzVh
NmVhZDIzM2QwZjkyYTM1NzQ5ZjFlNjU4N2Y3MDg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBw5YNfrfY0z5SmRXavgNo+XJ/403om48ZBT8tSyuL+Uxr
7hyHiePbIEJDoTCC7vNNDUk5QbKNRJZaM6fBTVhKTv8uUXmy1dA2nUHN5bGfvPme
f1xBIrX65KnKBoYhgRgCnd3iuft6E/XS3A3tiwnbmqv+HiIb2Fqe/lv+lp/j4dIm
NXMmkuCWnx5p/QlV9l3JVPeGluW1XeH0skQ5Q7kucy/mNcgi3EEwwgX2lBtUNWZc
pbyv+54VlKRPAsQ69EW11c3S3vqR7qzv2L+VyM3+t6+oPcUpar/0mr3nB+wkfURn
hZcEyxX+JdkMxUPuN5RVD8O4boB6OsFuq5RiXiLHAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUstUCQqnR7uXfN4uRg+75ORLXk54wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IxZjMyMjI0LWQ5MGMtNDgzNC05ZGQ2LTViYjFhMDVmYjYzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8eADANBgkqhkiG9w0BAQsFAAOCAQEATrlMpELKVkAQROR1LoRkCGJm
Zizv2pYwOItdH2yTRDHiIC6J49TrmBQ68TSusYPEk6pXGJ7idCHKA8QjGMzJaF7+
p8LZvnGVm4TLWog3scfy2sMAFhaGrulgnetGfL4PG0wp7XTwEoLbtuibJLO42V7h
hOHRXOM0Je6Y07ofRf2leQrkPYREgnXG/GWdFBsyAKYjKYop35zrcCDfsmGLkqbw
LsLpkeEyzkq0+9SXoRSx0l4keWUm1QQWx82YIfcQpLClle2JAolc+45oVuvAO2Ye
t/ND3d0h3qAegu3j4vKDH+QCd29UCHGODpf8aTbAlDxymowwmZIT4VE3uXomxQ==
-----END CERTIFICATE-----