Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0492de3-6dec-4437-b63c-91630e1f4dbe.roa
File:                     c0492de3-6dec-4437-b63c-91630e1f4dbe.roa (raw, json)
Hash identifier:          my+/CprbbcyWE6SFaDM2iKrMR+uh3KuqDAyRYauLQGg=
Subject key identifier:   E0:51:91:D3:87:ED:17:DA:14:EC:AF:38:7A:CF:59:EA:50:F1:B9:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D39FBC612474F27EFCE42A204C97A15E9A1F95B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0492de3-6dec-4437-b63c-91630e1f4dbe.roa
Signing time:             Tue 22 Apr 2025 17:11:50 +0000
ROA not before:           Tue 22 Apr 2025 17:11:50 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f21:4000::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:39:fb:c6:12:47:4f:27:ef:ce:42:a2:04:c9:7a:15:e9:a1:f9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 17:11:50 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=a992d0eb4117c5c0202f8b49967669b0ef66fe3cb371da860ab4e1bd0fdb5bf9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ed:7c:f4:38:de:7e:cb:9f:a8:ff:64:5f:53:
                    43:7b:2f:68:0d:91:c8:87:55:42:6f:02:24:f7:a6:
                    28:18:26:11:d0:c0:a3:bf:50:d1:42:e7:a0:ba:94:
                    8e:3a:34:55:56:5a:bb:42:38:77:18:aa:e4:40:b0:
                    46:79:bb:51:07:88:5f:e7:93:48:da:b3:88:77:34:
                    69:36:c3:6e:ab:de:3b:ba:80:df:8d:e3:ad:ef:eb:
                    88:dd:a8:78:49:75:b3:43:71:1c:22:82:0c:17:f4:
                    37:b7:1b:bc:5b:e2:e2:64:8f:a3:74:32:66:49:e6:
                    39:90:e0:49:e2:1a:d0:48:f4:5f:da:ab:3e:cf:61:
                    9d:52:33:d4:68:7c:ba:dd:3b:14:60:b5:dc:70:20:
                    89:e9:92:85:66:e9:bb:98:63:a1:eb:1e:12:e1:86:
                    ab:e4:3a:98:d5:32:5b:f5:08:68:f2:e5:42:c8:1e:
                    26:b5:6f:3e:8e:65:7b:9e:4e:9e:47:f6:cb:18:06:
                    c3:f3:9f:e2:c0:ff:d4:ec:c8:d4:64:b7:be:d1:ed:
                    18:5c:77:c6:fc:c9:a8:64:1d:86:2e:1a:8d:fc:22:
                    99:12:b7:4b:18:ea:36:5f:d1:f7:64:20:28:d5:8a:
                    5c:f2:9c:58:f0:93:7f:ac:65:38:38:1b:f5:8d:49:
                    89:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:51:91:D3:87:ED:17:DA:14:EC:AF:38:7A:CF:59:EA:50:F1:B9:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0492de3-6dec-4437-b63c-91630e1f4dbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f21:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         20:d0:f3:ed:d2:83:87:04:74:0e:f6:fd:1e:a9:cb:0c:10:8d:
         90:4d:f1:15:3c:52:41:a1:9a:56:87:0c:9d:d2:d1:c0:34:8c:
         80:b7:ee:67:bd:37:2f:24:55:c1:fb:ad:d3:5a:d5:90:6f:b1:
         f0:f0:11:00:03:81:bf:ab:58:3c:8b:2d:6f:2e:2e:81:a9:ea:
         62:10:f7:6a:9e:8d:e9:45:59:0c:95:d6:6c:96:ee:01:a0:8b:
         c4:1c:70:08:41:d8:06:92:00:b3:a0:56:95:e0:62:49:0d:2a:
         aa:62:56:61:10:ba:57:87:f7:1b:31:40:dc:13:77:61:10:e4:
         ea:22:0b:8c:e3:d3:69:de:26:68:f4:a2:2d:cb:eb:72:a7:a0:
         dc:44:2c:38:63:15:ae:1b:79:7f:dd:18:7b:d9:db:ce:4a:0c:
         cb:97:50:b7:71:5d:c3:f5:46:9c:b2:d6:32:fc:67:ea:c6:c0:
         ce:a8:a7:48:cf:ee:49:3b:6d:4e:6f:ab:b9:e4:fd:0f:3a:f0:
         d2:2f:75:b9:d0:72:ab:f2:4f:53:36:10:7b:af:22:bd:c0:90:
         2d:03:b6:29:d7:64:70:63:bf:4a:a3:62:82:ed:5b:eb:3e:8d:
         6e:f1:55:16:36:50:17:0f:07:64:ce:f4:c5:1a:f0:59:85:be:
         c4:f7:9d:89
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTTn7xhJHTyfvzkKiBMl6Femh+VswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTcxMTUwWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTkyZDBlYjQxMTdjNWMwMjAyZjhiNDk5Njc2NjliMGVm
NjZmZTNjYjM3MWRhODYwYWI0ZTFiZDBmZGI1YmY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC07Xz0ON5+y5+o/2RfU0N7L2gNkciHVUJvAiT3pigYJhHQ
wKO/UNFC56C6lI46NFVWWrtCOHcYquRAsEZ5u1EHiF/nk0jas4h3NGk2w26r3ju6
gN+N463v64jdqHhJdbNDcRwiggwX9De3G7xb4uJkj6N0MmZJ5jmQ4EniGtBI9F/a
qz7PYZ1SM9RofLrdOxRgtdxwIInpkoVm6buYY6HrHhLhhqvkOpjVMlv1CGjy5ULI
Hia1bz6OZXueTp5H9ssYBsPzn+LA/9TsyNRkt77R7Rhcd8b8yahkHYYuGo38IpkS
t0sY6jZf0fdkICjVilzynFjwk3+sZTg4G/WNSYlRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU4FGR04ftF9oU7K84es9Z6lDxuTAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwNDkyZGUzLTZkZWMtNDQzNy1iNjNjLTkxNjMwZTFmNGRiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8hQDANBgkqhkiG9w0BAQsFAAOCAQEAINDz7dKDhwR0Dvb9HqnLDBCN
kE3xFTxSQaGaVocMndLRwDSMgLfuZ703LyRVwfut01rVkG+x8PARAAOBv6tYPIst
by4uganqYhD3ap6N6UVZDJXWbJbuAaCLxBxwCEHYBpIAs6BWleBiSQ0qqmJWYRC6
V4f3GzFA3BN3YRDk6iILjOPTad4maPSiLcvrcqeg3EQsOGMVrht5f90Ye9nbzkoM
y5dQt3Fdw/VGnLLWMvxn6sbAzqinSM/uSTttTm+rueT9Dzrw0i91udByq/JPUzYQ
e68ivcCQLQO2KddkcGO/SqNigu1b6z6NbvFVFjZQFw8HZM70xRrwWYW+xPediQ==
-----END CERTIFICATE-----