Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce4e21b0-d401-42ee-a867-231a78f7cba0.roa
File:                     ce4e21b0-d401-42ee-a867-231a78f7cba0.roa (raw, json)
Hash identifier:          q2QwryIIRnVxy5Spup1h1FBQW9jQ16mBwysx6O1lAlk=
Subject key identifier:   B3:AA:98:F5:53:A6:6A:AC:25:F1:EE:CB:91:7D:73:A3:B5:44:C5:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       376A04AE277223855709C62DD0F469EF68CD946E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce4e21b0-d401-42ee-a867-231a78f7cba0.roa
Signing time:             Tue 10 Jun 2025 16:31:18 +0000
ROA not before:           Tue 10 Jun 2025 16:31:18 +0000
ROA not after:            Tue 15 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:8020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:6a:04:ae:27:72:23:85:57:09:c6:2d:d0:f4:69:ef:68:cd:94:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 10 16:31:18 2025 GMT
            Not After : Jul 15 23:59:59 2025 GMT
        Subject: serialNumber=7c095e8649cfbc5588d5c5f633af33226666735e4a8c5517fa75b76132fd5d7c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:00:98:fd:ba:8b:cd:13:91:fb:8f:32:55:a2:
                    ca:7d:ce:ac:04:2b:88:4f:75:9f:b9:44:ac:65:f7:
                    47:6f:38:eb:3a:96:3e:87:33:37:29:71:54:df:60:
                    1c:49:2e:90:1f:06:cb:c0:e6:f1:32:bb:60:5b:27:
                    21:eb:5f:91:e1:ba:54:7c:93:37:99:0a:2e:4a:a8:
                    ea:91:6d:ee:7d:e2:9f:21:81:c5:2c:ef:c3:ed:5a:
                    9d:00:8d:e4:e2:55:99:39:1c:dc:d9:6c:6f:00:cd:
                    63:2f:0b:74:4c:f4:e7:3c:4a:a5:f5:ee:ed:1c:f3:
                    92:71:d4:19:13:df:36:0d:59:1d:fd:a5:a0:9b:08:
                    ea:11:d1:c6:6a:41:46:d4:e4:c1:41:e8:7f:e2:95:
                    83:75:92:9a:69:43:75:de:f1:8b:10:ef:cb:04:3f:
                    a0:99:e1:a4:63:87:3e:6b:3e:70:fe:9d:33:72:13:
                    29:49:55:aa:ab:56:84:16:51:b7:86:c9:07:75:1a:
                    c8:6f:d9:7e:d5:5e:6c:41:5a:46:80:a3:d1:ef:1a:
                    74:a2:82:e4:bc:4d:7b:1f:6c:3c:22:c5:0d:bd:31:
                    59:50:0f:40:9e:6f:70:d0:78:23:14:4c:ae:2f:eb:
                    a5:98:78:af:9c:52:14:ab:f4:8e:c1:92:5d:cd:89:
                    79:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:AA:98:F5:53:A6:6A:AC:25:F1:EE:CB:91:7D:73:A3:B5:44:C5:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce4e21b0-d401-42ee-a867-231a78f7cba0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:ff:7f:59:e7:97:bb:38:b7:9a:9e:81:44:0b:9c:bb:f0:96:
         81:4f:e1:12:10:3d:30:a7:2c:7d:85:c9:d8:5d:de:db:33:5f:
         0a:35:6b:91:c8:45:ea:e1:09:49:76:dd:54:02:c9:17:19:f2:
         43:85:fb:9b:5b:f5:1c:e7:68:80:40:09:a5:39:fd:9d:6d:f2:
         47:65:fd:ae:38:a8:6e:8c:2d:0e:60:99:16:1a:e5:5c:d0:d9:
         c6:75:1a:f4:09:54:bd:0f:d4:80:52:0b:2e:7a:67:f0:df:61:
         41:e4:6e:2a:67:a9:f9:9f:63:e4:9c:d2:af:6d:8c:4a:2a:8b:
         d8:cd:0a:71:ed:75:a7:fe:7b:45:b7:9d:78:92:97:1e:5d:ce:
         ad:f5:a9:7c:e8:5d:6d:be:f8:ea:b8:97:11:54:ca:f0:5d:a2:
         24:8c:1e:7e:6a:be:30:95:8b:e8:c5:ae:9b:51:b1:1e:44:be:
         79:8e:94:bf:9c:aa:c5:57:bb:0a:ec:dc:4a:72:e9:ac:b9:4c:
         4c:a6:11:06:d9:9f:6a:5e:2c:8a:ae:9d:ef:01:22:55:eb:2c:
         7f:ca:0f:ec:f4:a1:76:d0:17:5e:49:b8:f8:98:2b:ba:1c:78:
         6e:4f:aa:af:1f:c0:ae:0d:99:5a:27:f0:c3:ed:03:05:96:4f:
         6e:96:8a:06
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUN2oEridyI4VXCcYt0PRp72jNlG4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEwMTYzMTE4WhcNMjUwNzE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzA5NWU4NjQ5Y2ZiYzU1ODhkNWM1ZjYzM2FmMzMyMjY2
NjY3MzVlNGE4YzU1MTdmYTc1Yjc2MTMyZmQ1ZDdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxAJj9uovNE5H7jzJVosp9zqwEK4hPdZ+5RKxl90dvOOs6
lj6HMzcpcVTfYBxJLpAfBsvA5vEyu2BbJyHrX5HhulR8kzeZCi5KqOqRbe594p8h
gcUs78PtWp0AjeTiVZk5HNzZbG8AzWMvC3RM9Oc8SqX17u0c85Jx1BkT3zYNWR39
paCbCOoR0cZqQUbU5MFB6H/ilYN1kpppQ3Xe8YsQ78sEP6CZ4aRjhz5rPnD+nTNy
EylJVaqrVoQWUbeGyQd1Gshv2X7VXmxBWkaAo9HvGnSiguS8TXsfbDwixQ29MVlQ
D0Ceb3DQeCMUTK4v66WYeK+cUhSr9I7Bkl3NiXmvAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUs6qY9VOmaqwl8e7LkX1zo7VExb4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlNGUyMWIwLWQ0MDEtNDJlZS1hODY3LTIzMWE3OGY3Y2JhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hgCAwDQYJKoZIhvcNAQELBQADggEBABf/f1nnl7s4t5qegUQLnLvw
loFP4RIQPTCnLH2Fydhd3tszXwo1a5HIRerhCUl23VQCyRcZ8kOF+5tb9RznaIBA
CaU5/Z1t8kdl/a44qG6MLQ5gmRYa5VzQ2cZ1GvQJVL0P1IBSCy56Z/DfYUHkbipn
qfmfY+Sc0q9tjEoqi9jNCnHtdaf+e0W3nXiSlx5dzq31qXzoXW2++Oq4lxFUyvBd
oiSMHn5qvjCVi+jFrptRsR5EvnmOlL+cqsVXuwrs3Epy6ay5TEymEQbZn2peLIqu
ne8BIlXrLH/KD+z0oXbQF15JuPiYK7oceG5Pqq8fwK4NmVon8MPtAwWWT26WigY=
-----END CERTIFICATE-----