Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b395dc86-1b36-4467-9052-5f1e6560d976.roa
File:                     b395dc86-1b36-4467-9052-5f1e6560d976.roa (raw, json)
Hash identifier:          etOPX5lDwSvMLc9/BvzZ1BUJB2gY+TYD6Ld8IbrHtS8=
Subject key identifier:   DC:D2:C2:5D:A3:08:BB:E7:42:66:BE:2E:4F:F5:BD:E9:FC:6A:A3:3A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53C4AE6C76A6E12FCBE2EE3AB344079E0D52A98C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b395dc86-1b36-4467-9052-5f1e6560d976.roa
Signing time:             Tue 22 Apr 2025 17:21:25 +0000
ROA not before:           Tue 22 Apr 2025 17:21:25 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f18:8000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:c4:ae:6c:76:a6:e1:2f:cb:e2:ee:3a:b3:44:07:9e:0d:52:a9:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 17:21:25 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=390a046d7b75c50bba8bd6c1b276e7aa399c79d53556f311c320b6d7be2d6f88, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d3:87:13:29:98:4d:04:5e:d4:c6:a0:1d:71:
                    78:47:fc:8a:dd:34:b5:ad:33:2a:09:47:34:90:07:
                    96:12:e3:fe:1b:45:02:78:f1:82:b1:3f:6a:65:2f:
                    ee:eb:82:11:23:10:d4:5b:59:5a:62:d9:df:ef:83:
                    f4:c2:7c:13:92:ce:cf:c4:e8:30:0c:79:54:1a:90:
                    78:a9:93:30:39:60:b1:fe:7f:a7:cc:75:c1:f9:9b:
                    2c:fb:a3:a0:18:b8:3d:11:ac:60:2d:2d:47:a0:a6:
                    51:26:f5:45:94:ae:cf:0f:c8:e6:9b:8c:6a:e4:0d:
                    24:85:58:e7:d1:53:40:66:22:ab:f9:dd:6b:6b:d3:
                    80:22:aa:b7:f5:25:f2:c3:0c:cf:54:12:b3:78:00:
                    25:c4:e1:bb:7f:a7:a5:0c:4e:15:30:5f:3f:ad:cb:
                    ab:e8:55:26:02:50:69:03:d1:2a:93:49:68:04:51:
                    db:3a:7c:76:8b:b6:f7:82:a0:f9:84:a5:ed:68:f6:
                    ee:03:7f:29:bf:e4:9f:a8:c0:2c:e5:96:00:8c:3f:
                    01:7f:0d:c4:9b:57:89:c5:9a:d0:1d:bd:59:90:63:
                    91:b2:1d:57:54:77:ba:f7:60:46:a4:70:af:2b:c8:
                    e3:83:6c:7b:ca:12:73:93:bc:10:df:95:f2:a7:ca:
                    64:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D2:C2:5D:A3:08:BB:E7:42:66:BE:2E:4F:F5:BD:E9:FC:6A:A3:3A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b395dc86-1b36-4467-9052-5f1e6560d976.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f18:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a0:30:50:dd:b4:64:a1:78:a4:fd:01:75:a2:87:20:3e:15:b4:
         7f:e3:4e:73:16:d7:45:f2:d2:8c:e1:bc:b3:c6:1d:61:a0:f8:
         b8:a6:81:6d:f0:c0:17:1c:f8:bd:b7:70:d6:56:4b:0c:77:ba:
         b9:cf:ae:d9:3c:16:10:7a:3c:14:7f:35:dc:f6:84:bc:75:90:
         5d:f7:60:82:85:71:88:19:51:b6:17:c3:99:89:cc:1b:6f:24:
         99:06:2b:b9:89:23:bd:66:14:40:2f:a6:7d:66:4a:c0:a1:b4:
         22:e0:f5:22:f3:a6:61:7d:fa:aa:a5:70:f2:11:a6:6f:c2:16:
         12:cb:17:6b:fe:1a:97:7c:a6:e4:26:28:1e:bd:3e:d4:43:e3:
         80:25:86:59:49:c2:a0:6c:b9:b4:4a:b0:94:05:45:28:30:9c:
         69:6b:8d:3f:c6:a1:a7:01:27:43:21:81:8b:00:7d:c3:ce:88:
         de:94:cd:b9:72:e8:36:74:34:a2:4a:2a:81:a2:ee:5f:d7:fc:
         fc:5f:fb:31:36:73:d7:c9:a8:f5:39:a3:32:26:81:6f:0a:a6:
         fc:17:00:41:07:2c:09:55:e7:68:c0:b4:89:81:f9:dc:3f:03:
         4c:0a:f4:5f:62:10:f6:39:57:0d:6c:bf:6c:34:b2:1f:26:ce:
         5a:06:36:7e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUU8SubHam4S/L4u46s0QHng1SqYwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTcyMTI1WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTBhMDQ2ZDdiNzVjNTBiYmE4YmQ2YzFiMjc2ZTdhYTM5
OWM3OWQ1MzU1NmYzMTFjMzIwYjZkN2JlMmQ2Zjg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC04cTKZhNBF7UxqAdcXhH/IrdNLWtMyoJRzSQB5YS4/4b
RQJ48YKxP2plL+7rghEjENRbWVpi2d/vg/TCfBOSzs/E6DAMeVQakHipkzA5YLH+
f6fMdcH5myz7o6AYuD0RrGAtLUegplEm9UWUrs8PyOabjGrkDSSFWOfRU0BmIqv5
3Wtr04Aiqrf1JfLDDM9UErN4ACXE4bt/p6UMThUwXz+ty6voVSYCUGkD0SqTSWgE
Uds6fHaLtveCoPmEpe1o9u4Dfym/5J+owCzllgCMPwF/DcSbV4nFmtAdvVmQY5Gy
HVdUd7r3YEakcK8ryOODbHvKEnOTvBDflfKnymS3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU3NLCXaMIu+dCZr4uT/W96fxqozowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzOTVkYzg2LTFiMzYtNDQ2Ny05MDUyLTVmMWU2NTYwZDk3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8YgDANBgkqhkiG9w0BAQsFAAOCAQEAoDBQ3bRkoXik/QF1oocgPhW0
f+NOcxbXRfLSjOG8s8YdYaD4uKaBbfDAFxz4vbdw1lZLDHe6uc+u2TwWEHo8FH81
3PaEvHWQXfdggoVxiBlRthfDmYnMG28kmQYruYkjvWYUQC+mfWZKwKG0IuD1IvOm
YX36qqVw8hGmb8IWEssXa/4al3ym5CYoHr0+1EPjgCWGWUnCoGy5tEqwlAVFKDCc
aWuNP8ahpwEnQyGBiwB9w86I3pTNuXLoNnQ0okoqgaLuX9f8/F/7MTZz18mo9Tmj
MiaBbwqm/BcAQQcsCVXnaMC0iYH53D8DTAr0X2IQ9jlXDWy/bDSyHybOWgY2fg==
-----END CERTIFICATE-----