Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba0d353d-c483-4a75-8b4d-9310ac524acd.roa
File:                     ba0d353d-c483-4a75-8b4d-9310ac524acd.roa (raw, json)
Hash identifier:          XQgDlg8pisZchX4+uMUH3MyGMSf/hRzjGG+2gSbsevw=
Subject key identifier:   AA:97:5A:AC:BA:43:8B:74:56:B3:97:C5:44:74:40:98:55:2B:69:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A71F02CD753677FC21909D2053610F1A738E96B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba0d353d-c483-4a75-8b4d-9310ac524acd.roa
Signing time:             Mon 21 Apr 2025 17:40:26 +0000
ROA not before:           Mon 21 Apr 2025 17:40:26 +0000
ROA not after:            Mon 26 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:2040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:71:f0:2c:d7:53:67:7f:c2:19:09:d2:05:36:10:f1:a7:38:e9:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 21 17:40:26 2025 GMT
            Not After : May 26 23:59:59 2025 GMT
        Subject: serialNumber=27c848d172cecc146bdc79b6fbe9440228d5996bcadfca4c04940ea976864f6f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b7:50:92:99:30:85:e1:bb:a2:14:84:e2:d5:
                    33:5a:3b:a8:fd:a2:c8:c1:0b:80:a7:6c:85:38:a3:
                    2d:5c:ee:70:81:83:1a:2b:68:fc:cf:91:79:5d:39:
                    a5:49:b6:ac:23:3f:d7:51:99:0e:82:bf:36:34:28:
                    23:5f:fb:78:da:52:ce:80:0a:40:a2:5d:5d:a4:a1:
                    eb:8b:46:0d:ed:5e:95:f8:24:e3:00:89:7d:b0:93:
                    cc:33:46:4b:4e:e0:ac:18:96:11:95:b4:51:90:7f:
                    bb:aa:2b:2e:af:66:11:98:b7:bb:aa:04:5f:f1:38:
                    46:1c:b4:e1:7a:6a:70:80:b0:62:75:36:16:b9:a6:
                    d6:c7:39:9e:28:62:52:ff:b8:d8:5f:2f:cf:25:dd:
                    a1:43:02:72:0a:3f:c4:e5:7d:ef:99:f7:0e:fc:c6:
                    02:c4:a7:61:f0:6c:22:66:ee:1d:3a:ec:82:93:63:
                    12:aa:fb:74:7e:ce:b3:b7:4f:9f:2b:2e:ba:2e:3c:
                    90:3f:92:0f:8f:d7:53:70:ca:3b:d5:28:01:42:36:
                    91:10:23:18:03:c0:af:5f:e6:21:f9:5e:ef:60:74:
                    20:a4:7a:64:3c:0d:09:8e:db:b3:3e:a2:a0:1e:17:
                    da:0b:c5:eb:ec:3a:bb:fd:6f:07:78:53:81:0d:31:
                    b8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:97:5A:AC:BA:43:8B:74:56:B3:97:C5:44:74:40:98:55:2B:69:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba0d353d-c483-4a75-8b4d-9310ac524acd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:7a:e2:d8:b4:ca:41:1e:2f:16:63:94:d0:37:e3:bd:42:fc:
         d3:92:bd:5e:c4:3e:0d:7d:f1:e7:a8:34:69:f7:e6:c3:f0:77:
         d1:ce:24:14:6d:3d:bc:41:a9:a4:19:46:d6:89:63:2b:37:e4:
         33:c3:02:11:80:9c:22:f4:84:6d:1a:c7:bd:d1:d3:9e:aa:02:
         49:9f:f0:cf:95:0d:4a:d8:58:b3:49:56:20:83:18:7f:17:a3:
         25:fc:16:89:15:31:1d:a6:34:9e:ca:11:56:66:cf:85:c7:0b:
         00:7e:85:d0:9f:07:c0:23:24:17:b2:cf:0d:ab:77:c7:d7:29:
         c0:fe:28:6a:a3:86:8b:92:70:fc:fc:cd:e7:2e:f5:08:15:36:
         5d:ee:f8:ce:6b:95:71:00:bf:8e:a6:c9:51:95:11:18:54:08:
         e8:c3:11:97:02:35:4f:90:f1:06:7a:56:31:75:7c:b2:fd:7b:
         97:6c:b1:da:ec:bd:09:8a:05:b4:d8:8d:e6:4c:32:fb:7d:b4:
         c4:f9:7f:b6:06:9b:75:b6:c0:28:3a:7a:6b:7d:08:ff:eb:b6:
         c8:a7:ca:dc:b2:e8:43:00:35:40:02:9a:97:77:4c:5a:f2:05:
         97:7f:2d:06:8c:da:4c:f2:c9:f7:9b:58:1f:c4:c8:4f:44:79:
         e0:1f:c1:64
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKnHwLNdTZ3/CGQnSBTYQ8ac46WswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIxMTc0MDI2WhcNMjUwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyN2M4NDhkMTcyY2VjYzE0NmJkYzc5YjZmYmU5NDQwMjI4
ZDU5OTZiY2FkZmNhNGMwNDk0MGVhOTc2ODY0ZjZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQt1CSmTCF4buiFITi1TNaO6j9osjBC4CnbIU4oy1c7nCB
gxoraPzPkXldOaVJtqwjP9dRmQ6CvzY0KCNf+3jaUs6ACkCiXV2koeuLRg3tXpX4
JOMAiX2wk8wzRktO4KwYlhGVtFGQf7uqKy6vZhGYt7uqBF/xOEYctOF6anCAsGJ1
Nha5ptbHOZ4oYlL/uNhfL88l3aFDAnIKP8Tlfe+Z9w78xgLEp2HwbCJm7h067IKT
YxKq+3R+zrO3T58rLrouPJA/kg+P11NwyjvVKAFCNpEQIxgDwK9f5iH5Xu9gdCCk
emQ8DQmO27M+oqAeF9oLxevsOrv9bwd4U4ENMbhfAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqpdarLpDi3RWs5fFRHRAmFUracUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhMGQzNTNkLWM0ODMtNGE3NS04YjRkLTkzMTBhYzUyNGFjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hIEAwDQYJKoZIhvcNAQELBQADggEBACp64ti0ykEeLxZjlNA3471C
/NOSvV7EPg198eeoNGn35sPwd9HOJBRtPbxBqaQZRtaJYys35DPDAhGAnCL0hG0a
x73R056qAkmf8M+VDUrYWLNJViCDGH8XoyX8FokVMR2mNJ7KEVZmz4XHCwB+hdCf
B8AjJBeyzw2rd8fXKcD+KGqjhouScPz8zecu9QgVNl3u+M5rlXEAv46myVGVERhU
COjDEZcCNU+Q8QZ6VjF1fLL9e5dssdrsvQmKBbTYjeZMMvt9tMT5f7YGm3W2wCg6
emt9CP/rtsinytyy6EMANUACmpd3TFryBZd/LQaM2kzyyfebWB/EyE9EeeAfwWQ=
-----END CERTIFICATE-----