Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be58a495-3b46-4802-b20e-0b767c46bf90.roa
File:                     be58a495-3b46-4802-b20e-0b767c46bf90.roa (raw, json)
Hash identifier:          zZP+tKYpmCUL3+SHct3D42qVGIi44MPqy+AvwJLZZqM=
Subject key identifier:   85:EA:34:79:15:46:E9:4B:EF:F2:66:E8:EF:FC:60:06:32:C6:42:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EC1D2645529C64D0A198572CC58F513C598034F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be58a495-3b46-4802-b20e-0b767c46bf90.roa
Signing time:             Sat 26 Apr 2025 00:10:23 +0000
ROA not before:           Sat 26 Apr 2025 00:10:23 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffa:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:c1:d2:64:55:29:c6:4d:0a:19:85:72:cc:58:f5:13:c5:98:03:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 26 00:10:23 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=42914c2b2653570ec9dedfe52afe53143641173b9c3848e8006e569b8bb28f02, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:81:fb:39:c9:b6:62:51:40:10:62:23:59:cb:
                    70:c3:5e:1a:33:a2:31:ed:34:79:be:56:68:bf:28:
                    14:1f:a2:d8:52:1c:90:5c:ed:ab:18:db:26:80:af:
                    92:40:f8:7c:90:9d:01:f2:2c:ae:32:b5:47:48:7f:
                    55:2d:5b:ac:46:bd:a6:03:00:e8:e2:40:96:f4:4f:
                    88:28:c1:cc:1a:67:b0:7b:23:a4:2e:56:3f:fe:2a:
                    a7:e2:30:5b:11:aa:7c:3a:bd:15:a3:24:fe:7b:8c:
                    fe:b6:af:9a:c6:bb:d9:b9:63:cd:91:13:60:bb:d6:
                    72:8c:ef:ff:21:a7:e8:66:01:90:9c:ca:5e:9f:41:
                    84:4b:cd:7a:26:04:eb:5d:a9:1f:c4:90:fd:20:e2:
                    7e:30:22:09:ea:d2:0f:dc:eb:1b:e4:5d:61:2c:78:
                    9d:3a:52:3e:04:1e:84:a6:3e:8c:5f:64:ad:e2:b3:
                    bc:4e:68:26:b1:0e:9f:03:0f:19:f9:31:e3:05:5c:
                    bf:6e:df:0a:fd:51:92:56:0c:fd:7d:b0:58:57:51:
                    5d:1c:17:81:de:dc:2a:95:89:d9:cf:5f:54:60:25:
                    03:37:04:83:81:05:1e:0d:36:c8:f1:81:37:40:78:
                    de:d5:08:7c:35:33:55:37:68:4d:b4:06:37:5d:33:
                    d3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:EA:34:79:15:46:E9:4B:EF:F2:66:E8:EF:FC:60:06:32:C6:42:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be58a495-3b46-4802-b20e-0b767c46bf90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffa:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:3b:ce:98:6f:87:84:4f:01:00:55:93:4a:81:90:a9:25:a8:
         77:e6:52:7b:73:17:63:54:f9:68:b8:91:cd:ab:d8:41:c2:f7:
         47:ea:df:d6:7e:14:6e:cc:47:30:36:2b:6d:c8:59:07:27:ea:
         57:dd:a9:80:e6:d9:42:62:55:19:bc:1f:aa:be:a6:b2:96:db:
         97:80:4e:a3:9c:ca:1f:66:c3:f9:16:3d:2c:66:f6:b3:cc:04:
         5f:ee:3b:2e:94:46:10:1a:73:d8:dc:cd:05:98:cd:e5:35:f3:
         c1:ac:c0:36:58:88:f2:1b:a3:79:26:74:fd:78:ac:43:1e:b6:
         ee:cd:ed:79:dc:75:df:60:c5:16:d6:13:01:31:f8:46:63:eb:
         6d:bc:b3:0a:df:5f:e6:0f:3e:15:b0:38:43:5a:d9:1b:99:78:
         50:e2:3d:8d:c0:4a:7d:05:f9:c6:d5:a8:99:e5:62:ff:0c:aa:
         d0:0a:f3:8e:23:38:88:96:c2:aa:bc:f1:74:2c:43:3f:fa:0b:
         db:2b:6a:60:19:fd:d4:56:c1:51:a5:a3:90:54:23:53:a2:09:
         3f:72:b3:ef:33:98:e4:7e:fc:48:49:bb:6b:3f:c8:05:62:9c:
         23:a2:3d:25:8d:db:73:8b:ad:e4:26:37:73:03:8a:7a:d0:0a:
         47:e9:ef:97
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTsHSZFUpxk0KGYVyzFj1E8WYA08wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI2MDAxMDIzWhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjkxNGMyYjI2NTM1NzBlYzlkZWRmZTUyYWZlNTMxNDM2
NDExNzNiOWMzODQ4ZTgwMDZlNTY5YjhiYjI4ZjAyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEgfs5ybZiUUAQYiNZy3DDXhozojHtNHm+Vmi/KBQfothS
HJBc7asY2yaAr5JA+HyQnQHyLK4ytUdIf1UtW6xGvaYDAOjiQJb0T4gowcwaZ7B7
I6QuVj/+KqfiMFsRqnw6vRWjJP57jP62r5rGu9m5Y82RE2C71nKM7/8hp+hmAZCc
yl6fQYRLzXomBOtdqR/EkP0g4n4wIgnq0g/c6xvkXWEseJ06Uj4EHoSmPoxfZK3i
s7xOaCaxDp8DDxn5MeMFXL9u3wr9UZJWDP19sFhXUV0cF4He3CqVidnPX1RgJQM3
BIOBBR4NNsjxgTdAeN7VCHw1M1U3aE20BjddM9P3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUheo0eRVG6Uvv8mbo7/xgBjLGQn8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JlNThhNDk1LTNiNDYtNDgwMi1iMjBlLTBiNzY3YzQ2YmY5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/64DANBgkqhkiG9w0BAQsFAAOCAQEAqDvOmG+HhE8BAFWTSoGQqSWo
d+ZSe3MXY1T5aLiRzavYQcL3R+rf1n4UbsxHMDYrbchZByfqV92pgObZQmJVGbwf
qr6mspbbl4BOo5zKH2bD+RY9LGb2s8wEX+47LpRGEBpz2NzNBZjN5TXzwazANliI
8hujeSZ0/XisQx627s3tedx132DFFtYTATH4RmPrbbyzCt9f5g8+FbA4Q1rZG5l4
UOI9jcBKfQX5xtWomeVi/wyq0ArzjiM4iJbCqrzxdCxDP/oL2ytqYBn91FbBUaWj
kFQjU6IJP3Kz7zOY5H78SEm7az/IBWKcI6I9JY3bc4ut5CY3cwOKetAKR+nvlw==
-----END CERTIFICATE-----