Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0ba95f7-f662-491c-8d5f-68532e494cdd.roa
File:                     c0ba95f7-f662-491c-8d5f-68532e494cdd.roa (raw, json)
Hash identifier:          Z7TqMz2LD6rV1feZxPjq9od7BwPQ9YZvjAd3uejk/iE=
Subject key identifier:   DD:45:C8:11:BA:9D:9E:E0:45:87:E0:8E:26:7A:3E:CD:BC:24:0D:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       640B0A0CE19952E1998778A08637472372DEA57E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0ba95f7-f662-491c-8d5f-68532e494cdd.roa
Signing time:             Tue 22 Apr 2025 16:52:01 +0000
ROA not before:           Tue 22 Apr 2025 16:52:01 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f17:4000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:0b:0a:0c:e1:99:52:e1:99:87:78:a0:86:37:47:23:72:de:a5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 16:52:01 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=84292157f63fc85959f35fa6fa224e773cfbb9f402785e884e4723686671ee51, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:49:e3:84:87:a2:04:c1:70:b8:56:ef:8d:d1:
                    0b:ff:d8:ef:b4:5f:f0:49:eb:75:52:85:14:38:91:
                    fb:f6:d5:c8:8f:be:b8:7e:94:dd:77:82:e9:34:50:
                    bc:ff:a1:51:cb:a1:07:79:84:ad:81:ae:25:8f:6c:
                    a7:52:47:d6:a3:24:ef:b3:cd:48:17:dc:6e:fe:01:
                    c0:5d:a4:77:f9:c7:9a:31:0f:fd:65:f6:72:10:59:
                    f3:0c:02:b0:20:60:12:d6:1a:0e:ed:3f:a4:25:fb:
                    10:9b:7b:b9:60:99:86:63:98:8b:cb:ce:31:8e:3e:
                    78:e0:1d:9b:10:0e:ac:18:35:bb:c9:e8:d4:a5:65:
                    e6:bb:a4:1c:88:97:1d:1c:b7:13:c0:f5:09:d0:eb:
                    6b:99:db:0c:3a:f4:e5:18:b2:99:1b:46:63:d5:5e:
                    d0:85:85:75:b7:39:be:9a:49:49:aa:35:28:fc:1a:
                    a5:30:84:38:bf:a9:82:0a:c4:be:f6:48:87:4c:fa:
                    0a:03:4c:17:e0:2e:6d:20:78:4d:8f:85:71:d9:70:
                    cc:1c:cd:ca:39:57:1a:28:3e:50:8c:f2:36:e1:e8:
                    50:bc:d4:41:e1:96:c7:d9:ea:29:65:f6:56:34:dd:
                    5b:61:52:d0:36:bc:76:b6:73:af:9f:63:d5:1f:8c:
                    7e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:45:C8:11:BA:9D:9E:E0:45:87:E0:8E:26:7A:3E:CD:BC:24:0D:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0ba95f7-f662-491c-8d5f-68532e494cdd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f17:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         8a:e4:a1:6f:30:e0:2b:6e:46:42:43:4f:8a:ae:8c:1a:72:10:
         82:a6:ae:71:26:97:5c:2b:af:d4:bf:d2:db:54:65:f6:58:6c:
         93:c3:b1:0d:77:04:42:e5:4d:20:14:72:42:87:0d:67:73:9f:
         18:69:03:2f:c2:f7:7b:88:6c:9d:0f:bf:b8:5b:f4:b7:88:19:
         69:52:87:49:72:2c:ba:05:de:3f:1d:0e:88:88:68:80:bb:e4:
         af:21:1d:00:fe:8f:98:f7:54:0e:c4:f2:50:0d:18:05:3f:5f:
         b4:5e:e9:a6:88:d9:4d:9d:8d:5f:a8:1c:e0:2d:ca:b9:f7:df:
         06:20:ea:42:a5:80:b9:02:14:e5:ed:6f:49:4e:e7:17:d0:7d:
         1a:68:df:e5:9d:3f:6b:45:e1:6d:ad:e6:60:ac:5b:b7:61:46:
         bd:05:fc:ea:5d:af:55:76:7f:df:1d:7e:cd:f5:b7:37:b1:89:
         d7:24:aa:0b:44:b2:c6:fd:39:bf:06:75:38:83:a1:96:d3:5c:
         31:c6:67:98:03:f7:5b:76:b6:11:b9:a9:7a:8f:f6:45:13:d0:
         f1:94:15:ab:d0:c5:9a:1e:f4:d4:9b:37:fd:cb:80:be:e9:e6:
         cb:4e:7a:91:c4:05:ff:c6:00:4d:bb:5a:83:c3:b3:c1:37:70:
         6c:af:8e:fc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZAsKDOGZUuGZh3ighjdHI3LepX4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTY1MjAxWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NDI5MjE1N2Y2M2ZjODU5NTlmMzVmYTZmYTIyNGU3NzNj
ZmJiOWY0MDI3ODVlODg0ZTQ3MjM2ODY2NzFlZTUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmSeOEh6IEwXC4Vu+N0Qv/2O+0X/BJ63VShRQ4kfv21ciP
vrh+lN13guk0ULz/oVHLoQd5hK2BriWPbKdSR9ajJO+zzUgX3G7+AcBdpHf5x5ox
D/1l9nIQWfMMArAgYBLWGg7tP6Ql+xCbe7lgmYZjmIvLzjGOPnjgHZsQDqwYNbvJ
6NSlZea7pByIlx0ctxPA9QnQ62uZ2ww69OUYspkbRmPVXtCFhXW3Ob6aSUmqNSj8
GqUwhDi/qYIKxL72SIdM+goDTBfgLm0geE2PhXHZcMwczco5VxooPlCM8jbh6FC8
1EHhlsfZ6ill9lY03VthUtA2vHa2c6+fY9UfjH59AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU3UXIEbqdnuBFh+COJno+zbwkDf4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwYmE5NWY3LWY2NjItNDkxYy04ZDVmLTY4NTMyZTQ5NGNkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8XQDANBgkqhkiG9w0BAQsFAAOCAQEAiuShbzDgK25GQkNPiq6MGnIQ
gqaucSaXXCuv1L/S21Rl9lhsk8OxDXcEQuVNIBRyQocNZ3OfGGkDL8L3e4hsnQ+/
uFv0t4gZaVKHSXIsugXePx0OiIhogLvkryEdAP6PmPdUDsTyUA0YBT9ftF7ppojZ
TZ2NX6gc4C3KufffBiDqQqWAuQIU5e1vSU7nF9B9Gmjf5Z0/a0Xhba3mYKxbt2FG
vQX86l2vVXZ/3x1+zfW3N7GJ1ySqC0Syxv05vwZ1OIOhltNcMcZnmAP3W3a2Ebmp
eo/2RRPQ8ZQVq9DFmh701Js3/cuAvunmy056kcQF/8YATbtag8OzwTdwbK+O/A==
-----END CERTIFICATE-----