Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf5355c6-97b6-474a-b0c9-01e3e2980cc1.roa
File:                     bf5355c6-97b6-474a-b0c9-01e3e2980cc1.roa (raw, json)
Hash identifier:          H0W5jhRwLYgR1Wr0U3paCH2er2kJ7gA7FYtt58vFyD4=
Subject key identifier:   A8:92:E2:22:9D:8D:43:63:B2:C2:51:88:04:48:C0:8A:AB:51:84:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       51D55A78164BF65F70711B1CF1D99A8863627D12
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf5355c6-97b6-474a-b0c9-01e3e2980cc1.roa
Signing time:             Tue 22 Apr 2025 17:01:46 +0000
ROA not before:           Tue 22 Apr 2025 17:01:46 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f2c:c000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:d5:5a:78:16:4b:f6:5f:70:71:1b:1c:f1:d9:9a:88:63:62:7d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 17:01:46 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=a9dcf5c586b6ac40cfb67fd337cfb5616763a712fd5ffbb992229cf1c7ceea4e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:4d:e0:a2:37:cd:84:8c:5c:de:bf:d8:90:b0:
                    ed:e7:5e:89:0e:dc:53:60:53:3d:5c:c4:13:c8:b9:
                    26:4e:91:ef:91:7c:7a:fa:67:16:57:35:0f:83:63:
                    40:5f:d4:9b:26:f0:bf:96:e0:7f:69:9f:8c:04:2c:
                    2e:ce:a3:65:13:50:36:f6:c4:1d:37:c7:66:83:14:
                    d2:2b:33:66:fc:56:c5:61:09:4a:db:f9:1c:29:d2:
                    87:33:fc:f7:71:b9:05:2c:b3:ff:01:95:ee:cc:ec:
                    8f:ab:f3:f4:67:78:69:10:7c:68:68:f0:26:fd:87:
                    81:a2:f3:32:b7:db:ab:45:b9:25:48:4b:06:61:40:
                    ec:e3:77:af:7f:0a:ef:bb:41:b9:64:22:85:c9:32:
                    03:dd:9b:03:96:8e:0f:09:ca:10:58:13:1b:d7:26:
                    ee:b3:88:3d:93:d3:e9:fc:3a:bb:95:fa:c9:b3:3c:
                    d6:b9:ec:83:cc:4f:a8:c3:9b:62:a1:f5:38:7c:b4:
                    97:79:e3:5d:7b:b6:cf:7f:3a:b1:e0:2b:5a:ee:5f:
                    68:84:d0:28:7a:e8:43:9a:64:4d:0e:9d:15:5c:f6:
                    6c:6f:87:66:ad:81:ea:24:99:15:dc:a9:7e:db:d9:
                    eb:33:99:9e:b9:96:0e:c3:57:80:92:ac:84:dc:b6:
                    c3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:92:E2:22:9D:8D:43:63:B2:C2:51:88:04:48:C0:8A:AB:51:84:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf5355c6-97b6-474a-b0c9-01e3e2980cc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f2c:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         cc:7b:53:05:ac:38:08:0e:ee:e3:cb:29:a6:01:58:e3:e9:18:
         bc:c0:5d:8c:12:35:ca:f7:7b:e2:cf:8c:5c:16:e6:b6:16:76:
         91:f1:3e:91:4c:0b:74:f1:da:f9:5d:a2:ee:3f:2e:e4:ab:ec:
         c7:7c:a9:1c:2c:37:dc:52:28:4a:73:33:01:e3:1f:63:9d:8e:
         ba:5a:e2:3c:39:45:ba:b9:09:89:0a:44:c8:70:2e:d7:51:73:
         da:b6:ee:53:14:2e:0b:fd:7f:f8:9b:fd:5e:8a:89:a6:c0:d4:
         a2:3c:72:02:67:7e:bb:54:49:4d:42:93:3a:f6:bb:de:44:7f:
         4c:a6:f4:f6:9c:c0:b0:82:f2:d8:2b:17:bf:73:a1:29:9f:32:
         3b:fa:c9:31:d9:17:89:3a:96:86:85:67:40:53:15:08:2f:1c:
         87:3c:a2:9a:50:a8:a2:9a:fe:0e:67:63:96:8b:53:e2:4a:a7:
         9d:47:96:4d:8b:40:84:4c:73:5e:cc:ed:eb:49:64:ff:7a:be:
         f8:73:16:f1:7a:17:1e:c2:67:b9:b3:ea:32:04:bc:b6:db:63:
         c3:b5:e7:8e:02:7e:fa:ac:15:ef:cb:5f:ed:6e:a4:78:47:fe:
         93:03:09:cc:bb:5e:43:20:e8:9e:cf:f1:98:01:1d:e8:84:60:
         47:4c:b4:03
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUUdVaeBZL9l9wcRsc8dmaiGNifRIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTcwMTQ2WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWRjZjVjNTg2YjZhYzQwY2ZiNjdmZDMzN2NmYjU2MTY3
NjNhNzEyZmQ1ZmZiYjk5MjIyOWNmMWM3Y2VlYTRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmTeCiN82EjFzev9iQsO3nXokO3FNgUz1cxBPIuSZOke+R
fHr6ZxZXNQ+DY0Bf1Jsm8L+W4H9pn4wELC7Oo2UTUDb2xB03x2aDFNIrM2b8VsVh
CUrb+Rwp0ocz/PdxuQUss/8Ble7M7I+r8/RneGkQfGho8Cb9h4Gi8zK326tFuSVI
SwZhQOzjd69/Cu+7QblkIoXJMgPdmwOWjg8JyhBYExvXJu6ziD2T0+n8OruV+smz
PNa57IPMT6jDm2Kh9Th8tJd54117ts9/OrHgK1ruX2iE0Ch66EOaZE0OnRVc9mxv
h2atgeokmRXcqX7b2eszmZ65lg7DV4CSrITctsNBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqJLiIp2NQ2OywlGIBEjAiqtRhCkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNTM1NWM2LTk3YjYtNDc0YS1iMGM5LTAxZTNlMjk4MGNjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8swDANBgkqhkiG9w0BAQsFAAOCAQEAzHtTBaw4CA7u48sppgFY4+kY
vMBdjBI1yvd74s+MXBbmthZ2kfE+kUwLdPHa+V2i7j8u5Kvsx3ypHCw33FIoSnMz
AeMfY52OulriPDlFurkJiQpEyHAu11Fz2rbuUxQuC/1/+Jv9XoqJpsDUojxyAmd+
u1RJTUKTOva73kR/TKb09pzAsILy2CsXv3OhKZ8yO/rJMdkXiTqWhoVnQFMVCC8c
hzyimlCoopr+DmdjlotT4kqnnUeWTYtAhExzXszt60lk/3q++HMW8XoXHsJnubPq
MgS8tttjw7XnjgJ++qwV78tf7W6keEf+kwMJzLteQyDons/xmAEd6IRgR0y0Aw==
-----END CERTIFICATE-----