Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa
File:                     ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa (raw, json)
Hash identifier:          xCltgi6zZkkXj6TGRWQwKqFhlREWOGDKilkLFbRQOK4=
Subject key identifier:   F2:FB:BD:86:BB:17:AC:92:3A:1D:1E:DC:44:D9:44:9A:B5:AB:B6:76
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53F643E607FF617D42218FA201731FC1F51B7E30
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa
Signing time:             Sat 19 Jul 2025 00:11:44 +0000
ROA not before:           Sat 19 Jul 2025 00:11:44 +0000
ROA not after:            Sat 23 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffa:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:f6:43:e6:07:ff:61:7d:42:21:8f:a2:01:73:1f:c1:f5:1b:7e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 19 00:11:44 2025 GMT
            Not After : Aug 23 23:59:59 2025 GMT
        Subject: serialNumber=fa2867d733e35c5990630538ca7566b97f8c340e68fcb6949e7751063b858a7f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e7:e2:e8:fb:6b:49:2e:e2:cd:3e:c9:d0:93:
                    d2:d3:ff:e1:a5:4d:ca:7c:d4:68:0f:21:c7:62:28:
                    fc:97:de:fd:e7:3d:20:f9:d7:f5:a4:c0:3f:2b:25:
                    d2:25:88:dd:df:40:00:ba:57:fc:9b:34:27:66:11:
                    b8:26:05:73:ff:57:06:14:a9:c2:88:f7:22:05:3d:
                    37:28:b9:98:47:3e:5b:73:9a:d5:08:a0:db:0e:2b:
                    4b:7f:e1:68:44:e4:44:78:37:e9:41:53:f9:7f:3a:
                    51:cf:76:fb:11:99:d2:89:6e:f7:6a:9b:f9:37:53:
                    e7:06:28:20:1b:da:8d:22:23:d5:58:b6:6b:12:6c:
                    0f:26:50:3c:f2:1b:ee:0c:f5:cc:bd:00:88:a6:a1:
                    8b:31:0d:11:71:9a:a4:0c:44:9b:34:78:83:30:5f:
                    db:c7:34:7f:bb:e1:cc:e3:d9:59:e9:c5:b0:d5:b0:
                    e8:90:f6:0e:72:59:21:d7:c8:bb:ee:b7:0b:3e:5a:
                    9b:ce:14:03:8f:9a:4a:72:3c:29:ee:3d:5c:9c:54:
                    fc:d6:2b:dc:7b:9f:fb:11:9e:ec:84:3d:62:c5:86:
                    a9:9a:ce:5d:36:22:df:52:76:29:80:22:44:e8:85:
                    fb:ba:62:ec:77:05:d2:c6:20:06:78:5c:83:3b:2c:
                    49:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:FB:BD:86:BB:17:AC:92:3A:1D:1E:DC:44:D9:44:9A:B5:AB:B6:76
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffa:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:e0:e6:c3:a3:6e:b9:00:fe:05:21:f3:59:8e:76:ae:46:a1:
         92:9e:88:e3:87:24:e9:ab:cd:71:53:aa:48:9c:34:dc:7f:7d:
         1e:96:e2:4d:40:1b:36:d6:6c:3f:9c:41:c4:e8:f0:6b:96:c3:
         29:36:80:71:44:d5:85:aa:ab:45:74:b4:71:69:30:d5:1a:72:
         07:ae:79:47:00:e9:9e:c8:bb:35:9c:3d:ab:3b:cf:0b:99:45:
         61:23:71:19:5d:46:73:58:c8:04:4d:b8:a7:b0:b1:98:e8:b1:
         8d:e8:1f:7a:26:6a:66:f2:f7:c1:37:4b:5d:00:3b:39:54:06:
         1e:2c:7e:26:c3:b2:6e:0b:e7:29:2e:d0:80:70:6b:5a:fb:41:
         6f:c6:49:c6:f0:60:f9:c6:6f:51:71:81:30:ef:0c:c9:c0:4d:
         e1:07:dc:e4:ce:b0:ce:48:b1:90:8e:83:6c:c4:ec:99:27:e3:
         e3:af:45:26:1a:68:63:93:7c:eb:26:7b:d4:c8:0b:5d:9c:06:
         c6:68:69:83:3b:f2:6d:1f:ad:09:5c:7d:84:ed:64:dc:af:c8:
         26:16:2a:c7:3b:5f:a8:35:48:c1:33:5e:8b:61:24:f5:5a:15:
         64:7e:11:e9:73:71:04:8b:cb:82:ee:6c:c8:c9:18:54:19:12:
         a8:29:8a:31
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUU/ZD5gf/YX1CIY+iAXMfwfUbfjAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE5MDAxMTQ0WhcNMjUwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTI4NjdkNzMzZTM1YzU5OTA2MzA1MzhjYTc1NjZiOTdm
OGMzNDBlNjhmY2I2OTQ5ZTc3NTEwNjNiODU4YTdmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC5+Lo+2tJLuLNPsnQk9LT/+GlTcp81GgPIcdiKPyX3v3n
PSD51/WkwD8rJdIliN3fQAC6V/ybNCdmEbgmBXP/VwYUqcKI9yIFPTcouZhHPltz
mtUIoNsOK0t/4WhE5ER4N+lBU/l/OlHPdvsRmdKJbvdqm/k3U+cGKCAb2o0iI9VY
tmsSbA8mUDzyG+4M9cy9AIimoYsxDRFxmqQMRJs0eIMwX9vHNH+74czj2VnpxbDV
sOiQ9g5yWSHXyLvutws+WpvOFAOPmkpyPCnuPVycVPzWK9x7n/sRnuyEPWLFhqma
zl02It9SdimAIkTohfu6Yux3BdLGIAZ4XIM7LEkRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8vu9hrsXrJI6HR7cRNlEmrWrtnYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlOWNiYWMyLTQ3NDktNDM4NS1iOTUyLTViNGQ5Yjk0ODRkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/6QDANBgkqhkiG9w0BAQsFAAOCAQEAjODmw6NuuQD+BSHzWY52rkah
kp6I44ck6avNcVOqSJw03H99HpbiTUAbNtZsP5xBxOjwa5bDKTaAcUTVhaqrRXS0
cWkw1RpyB655RwDpnsi7NZw9qzvPC5lFYSNxGV1Gc1jIBE24p7CxmOixjegfeiZq
ZvL3wTdLXQA7OVQGHix+JsOybgvnKS7QgHBrWvtBb8ZJxvBg+cZvUXGBMO8MycBN
4Qfc5M6wzkixkI6DbMTsmSfj469FJhpoY5N86yZ71MgLXZwGxmhpgzvybR+tCVx9
hO1k3K/IJhYqxztfqDVIwTNei2Ek9VoVZH4R6XNxBIvLgu5syMkYVBkSqCmKMQ==
-----END CERTIFICATE-----