Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b395dc86-1b36-4467-9052-5f1e6560d976.roa
File:                     b395dc86-1b36-4467-9052-5f1e6560d976.roa (raw, json)
Hash identifier:          9aurkva04fn5b8185zYmfAiMFtaL1smMQWcofah+1r0=
Subject key identifier:   D9:A3:04:5A:A3:BB:CF:80:D1:8D:10:5B:3C:E0:A9:97:A8:5E:29:BB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4615FA159B09DABDA6A32854AF850144B0A2818B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b395dc86-1b36-4467-9052-5f1e6560d976.roa
Signing time:             Mon 04 Aug 2025 17:10:26 +0000
ROA not before:           Mon 04 Aug 2025 17:10:26 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f18:8000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:15:fa:15:9b:09:da:bd:a6:a3:28:54:af:85:01:44:b0:a2:81:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 17:10:26 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=e5d4e619e2c074baf718091474e11a0ea065a07060523ea4ac2648ef7f06951b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b7:2d:5e:e7:87:b0:18:37:90:d8:e4:4c:e8:
                    97:6f:4c:45:0f:fb:22:24:82:05:09:4e:6d:ad:cb:
                    e6:9c:cc:c9:96:82:f8:80:f6:a2:a7:5c:2d:e6:e2:
                    b3:f8:a1:2a:0e:ed:e7:5d:5c:5d:3f:ac:0f:56:70:
                    9a:94:cd:a9:c4:36:ab:0d:ad:02:17:6e:83:cb:fc:
                    e4:dd:da:d1:b9:f6:ce:93:61:6e:1a:d1:23:13:06:
                    ab:c4:85:46:0c:6d:01:8a:65:e0:da:bb:e4:0b:3d:
                    7c:bd:bd:10:ae:27:11:0e:69:2f:04:86:52:5a:d4:
                    3e:59:0f:98:8c:4e:11:fa:8c:ed:e1:02:a9:b4:53:
                    05:e0:8a:3c:52:92:99:ef:d1:79:ab:99:31:68:f4:
                    c4:20:7e:3b:b3:f3:73:77:1e:00:f1:35:62:88:10:
                    0b:c7:bf:fc:d2:2a:0a:fc:c5:8a:22:4a:0a:57:55:
                    1e:bc:66:cd:65:42:f8:58:69:4d:ce:e6:9f:3b:ad:
                    06:f0:53:71:12:7b:82:e3:fd:57:9a:c9:9f:99:51:
                    0b:4b:02:53:92:47:86:65:7d:8b:9e:4d:de:2e:44:
                    6b:f7:40:4d:3b:5c:5b:b1:03:d9:bd:22:88:c7:f6:
                    0b:c2:0d:76:ee:48:c6:e0:e3:05:62:28:a4:d6:85:
                    98:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A3:04:5A:A3:BB:CF:80:D1:8D:10:5B:3C:E0:A9:97:A8:5E:29:BB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b395dc86-1b36-4467-9052-5f1e6560d976.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f18:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         09:fb:6f:f4:ce:bb:76:91:2d:85:19:0c:2d:8e:fa:eb:ae:0a:
         c9:62:f7:54:ed:c2:bf:5c:e7:27:a0:db:71:99:a1:94:35:50:
         a5:c0:af:38:09:f4:ff:ad:57:cf:d8:b0:91:2f:76:78:71:59:
         5c:de:14:83:4b:90:ea:f3:2d:ab:8c:fd:45:6e:ff:02:74:5e:
         ec:35:23:49:25:d2:63:e0:b3:16:0b:fb:c0:da:4a:7b:d0:de:
         03:f5:82:76:53:10:c6:27:76:4b:06:a5:f4:37:f4:b1:c5:36:
         7a:08:28:7b:77:07:7f:43:71:9e:93:d6:86:b5:b2:4d:cf:04:
         d2:57:c1:db:97:0a:d8:46:72:3e:68:65:f1:60:7c:1a:83:7f:
         9d:9e:f4:a3:ad:9f:cb:74:91:ca:46:ae:c3:04:36:68:36:ea:
         99:7d:cc:15:d1:bb:de:cd:04:17:02:04:b6:e5:fa:f6:2f:43:
         63:9c:1b:3a:50:b5:8d:70:e9:e3:9d:bc:88:27:78:82:ea:37:
         7f:66:77:eb:9e:d0:a6:1c:2b:03:4c:ba:21:8b:21:b4:9f:c7:
         09:3e:71:a9:88:8e:49:f2:8d:66:5f:d0:d5:5e:0e:47:48:ce:
         04:26:79:fe:b4:09:a9:68:f3:64:76:f1:dc:61:ed:ba:51:b1:
         66:60:cb:a1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURhX6FZsJ2r2moyhUr4UBRLCigYswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTcxMDI2WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNWQ0ZTYxOWUyYzA3NGJhZjcxODA5MTQ3NGUxMWEwZWEw
NjVhMDcwNjA1MjNlYTRhYzI2NDhlZjdmMDY5NTFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZty1e54ewGDeQ2ORM6JdvTEUP+yIkggUJTm2ty+aczMmW
gviA9qKnXC3m4rP4oSoO7eddXF0/rA9WcJqUzanENqsNrQIXboPL/OTd2tG59s6T
YW4a0SMTBqvEhUYMbQGKZeDau+QLPXy9vRCuJxEOaS8EhlJa1D5ZD5iMThH6jO3h
Aqm0UwXgijxSkpnv0XmrmTFo9MQgfjuz83N3HgDxNWKIEAvHv/zSKgr8xYoiSgpX
VR68Zs1lQvhYaU3O5p87rQbwU3ESe4Lj/VeayZ+ZUQtLAlOSR4ZlfYueTd4uRGv3
QE07XFuxA9m9IojH9gvCDXbuSMbg4wViKKTWhZh9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2aMEWqO7z4DRjRBbPOCpl6heKbswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzOTVkYzg2LTFiMzYtNDQ2Ny05MDUyLTVmMWU2NTYwZDk3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8YgDANBgkqhkiG9w0BAQsFAAOCAQEACftv9M67dpEthRkMLY76664K
yWL3VO3Cv1znJ6DbcZmhlDVQpcCvOAn0/61Xz9iwkS92eHFZXN4Ug0uQ6vMtq4z9
RW7/AnRe7DUjSSXSY+CzFgv7wNpKe9DeA/WCdlMQxid2Swal9Df0scU2eggoe3cH
f0NxnpPWhrWyTc8E0lfB25cK2EZyPmhl8WB8GoN/nZ70o62fy3SRykauwwQ2aDbq
mX3MFdG73s0EFwIEtuX69i9DY5wbOlC1jXDp4528iCd4guo3f2Z3657QphwrA0y6
IYshtJ/HCT5xqYiOSfKNZl/Q1V4OR0jOBCZ5/rQJqWjzZHbx3GHtulGxZmDLoQ==
-----END CERTIFICATE-----