Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce0329a9-02dd-448b-a905-d6758cbd183b.roa
File:                     ce0329a9-02dd-448b-a905-d6758cbd183b.roa (raw, json)
Hash identifier:          5Zy1PS6xzNeNKfJN2wAu2lytON3kTCEarUweiZNb1u8=
Subject key identifier:   26:6A:9D:02:48:0D:43:4F:02:64:ED:14:89:D1:17:51:3E:60:76:14
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33A2AEF004652B4DA409601C03B031EB74EC86C0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce0329a9-02dd-448b-a905-d6758cbd183b.roa
Signing time:             Tue 03 Jun 2025 20:22:12 +0000
ROA not before:           Tue 03 Jun 2025 20:22:12 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fee::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:a2:ae:f0:04:65:2b:4d:a4:09:60:1c:03:b0:31:eb:74:ec:86:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun  3 20:22:12 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=e9ac6f63cdd84c6a984c8be6e91818175695e5e8b7c1381be9b1e044f960efd3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:36:02:7a:fb:6c:93:cb:b2:f4:75:01:a0:c2:
                    ef:3f:27:9c:72:bc:4c:ec:a7:bf:2b:f0:95:91:37:
                    47:d9:bd:1c:da:79:38:76:e0:cf:2d:02:65:dd:34:
                    40:26:40:1c:86:11:bf:e2:df:2f:37:cd:ef:1f:88:
                    bf:63:35:c1:e7:ef:67:b2:ed:cc:a6:38:dc:47:d8:
                    85:0b:fe:3e:29:63:31:cd:6e:84:c1:e5:c8:d0:8c:
                    6f:dc:ca:50:86:4d:45:58:37:a8:68:6d:3d:64:14:
                    15:b3:ef:7c:99:bc:37:76:94:6b:eb:4e:ad:76:ea:
                    56:7a:ff:cf:01:77:70:12:e9:b9:97:1a:a2:0f:f1:
                    4c:7a:9d:50:08:9b:95:b0:38:09:29:b8:c5:f3:d0:
                    81:83:5e:6a:e1:45:e7:df:f9:22:3f:27:0e:89:83:
                    34:1c:25:47:8b:ce:ac:8b:71:07:de:fa:85:23:89:
                    0a:46:58:6e:8f:7f:09:8f:d2:14:cf:de:20:61:34:
                    8a:8e:52:16:ab:17:18:94:6d:44:c6:81:46:e6:a2:
                    f7:c4:1c:61:d6:85:db:ea:09:7c:ad:c2:d7:08:a5:
                    c6:32:ab:dc:9a:b2:7c:4a:73:b2:06:48:a3:6b:2b:
                    3f:c7:5d:e5:84:eb:b7:f8:47:c7:c4:2e:6c:53:9c:
                    fb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:6A:9D:02:48:0D:43:4F:02:64:ED:14:89:D1:17:51:3E:60:76:14
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce0329a9-02dd-448b-a905-d6758cbd183b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fee::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:3b:9c:02:11:a1:be:dd:01:53:d0:c5:b4:3f:17:6c:2a:a3:
         46:75:9d:09:0f:d6:84:68:3d:b8:05:bf:f3:38:19:37:55:77:
         a1:13:7c:f4:26:eb:4e:eb:69:42:f5:df:d5:93:c5:ac:3e:aa:
         a6:cd:53:30:25:95:3d:52:65:47:e0:2b:e5:87:0c:e7:b2:fa:
         86:56:80:2d:f2:58:1c:e2:ed:47:a8:b5:4d:aa:d4:83:ec:f6:
         9c:3c:b2:34:a7:08:75:97:61:0e:c1:56:d4:79:f7:57:9a:be:
         85:f6:bc:60:59:3d:0f:23:bf:fe:e1:a5:d2:dd:7d:8d:11:fe:
         51:83:cb:1e:63:e1:46:5d:bb:6f:3e:dd:1b:92:aa:11:65:d8:
         b1:8f:c5:c4:99:ff:61:cc:87:73:48:9a:15:ec:7d:c8:0e:36:
         08:d2:f8:4b:f8:2d:7f:23:2b:ff:70:a7:73:6d:7d:7b:e1:32:
         e1:5b:d8:16:8d:31:6b:78:4c:6e:fb:34:9f:45:19:97:c4:7b:
         64:fb:11:ae:de:93:e7:c7:e4:e4:b8:af:a1:00:3f:a0:9e:64:
         60:50:5c:9d:76:9b:33:03:bc:e3:8e:7f:10:62:90:fa:a2:75:
         64:af:fb:a4:c3:2b:89:73:92:1c:d9:11:12:f9:eb:05:40:8a:
         be:f6:71:11
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUM6Ku8ARlK02kCWAcA7Ax63TshsAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjAzMjAyMjEyWhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOWFjNmY2M2NkZDg0YzZhOTg0YzhiZTZlOTE4MTgxNzU2
OTVlNWU4YjdjMTM4MWJlOWIxZTA0NGY5NjBlZmQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzNgJ6+2yTy7L0dQGgwu8/J5xyvEzsp78r8JWRN0fZvRza
eTh24M8tAmXdNEAmQByGEb/i3y83ze8fiL9jNcHn72ey7cymONxH2IUL/j4pYzHN
boTB5cjQjG/cylCGTUVYN6hobT1kFBWz73yZvDd2lGvrTq126lZ6/88Bd3AS6bmX
GqIP8Ux6nVAIm5WwOAkpuMXz0IGDXmrhReff+SI/Jw6JgzQcJUeLzqyLcQfe+oUj
iQpGWG6PfwmP0hTP3iBhNIqOUharFxiUbUTGgUbmovfEHGHWhdvqCXytwtcIpcYy
q9yasnxKc7IGSKNrKz/HXeWE67f4R8fELmxTnPtRAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUJmqdAkgNQ08CZO0UidEXUT5gdhQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlMDMyOWE5LTAyZGQtNDQ4Yi1hOTA1LWQ2NzU4Y2JkMTgzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB/uMA0GCSqGSIb3DQEBCwUAA4IBAQCGO5wCEaG+3QFT0MW0PxdsKqNG
dZ0JD9aEaD24Bb/zOBk3VXehE3z0JutO62lC9d/Vk8WsPqqmzVMwJZU9UmVH4Cvl
hwznsvqGVoAt8lgc4u1HqLVNqtSD7PacPLI0pwh1l2EOwVbUefdXmr6F9rxgWT0P
I7/+4aXS3X2NEf5Rg8seY+FGXbtvPt0bkqoRZdixj8XEmf9hzIdzSJoV7H3IDjYI
0vhL+C1/Iyv/cKdzbX174TLhW9gWjTFreExu+zSfRRmXxHtk+xGu3pPnx+TkuK+h
AD+gnmRgUFyddpszA7zjjn8QYpD6onVkr/ukwyuJc5Ic2RES+esFQIq+9nER
-----END CERTIFICATE-----