Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d27bbac6-d621-4795-814e-7e30e51a759b.roa
File:                     d27bbac6-d621-4795-814e-7e30e51a759b.roa (raw, json)
Hash identifier:          vruq0E6RT9BNmc2YkGkeghvPHMc67VJ3mYkdD6QEviI=
Subject key identifier:   B1:61:75:86:C4:16:E1:64:F7:C4:A2:74:08:0F:C3:C4:DC:1F:B5:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       749744CA99514BEB60E6C38EE69CCC4C3EBD16DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d27bbac6-d621-4795-814e-7e30e51a759b.roa
Signing time:             Tue 22 Apr 2025 15:11:25 +0000
ROA not before:           Tue 22 Apr 2025 15:11:25 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:4140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 29 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:97:44:ca:99:51:4b:eb:60:e6:c3:8e:e6:9c:cc:4c:3e:bd:16:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 15:11:25 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=cb4cba9288fd61e408e8ce9611cea6628e80fc24708d829e90203c1a992eb865, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:af:35:42:05:12:82:11:58:69:8b:30:be:cd:
                    31:ce:6e:cb:e5:c8:63:a0:3b:7a:f1:9a:49:45:d8:
                    99:7e:5f:57:5c:69:21:61:dd:99:4d:5c:58:f9:5e:
                    d0:7c:d2:2f:77:a6:34:a9:bf:80:bb:18:f4:11:03:
                    fd:eb:95:70:41:6d:fe:25:0e:27:78:7d:4c:fb:0f:
                    32:83:dc:28:a0:d6:a0:e8:6c:4e:26:2e:e6:3d:cb:
                    09:8d:a3:65:57:bf:8d:e7:c2:ce:75:e6:cb:c1:06:
                    bd:ec:1c:9b:48:1a:34:e6:67:16:de:a8:ca:80:cb:
                    b0:f5:df:98:f5:14:d4:f3:ca:e3:2f:35:ff:b8:ec:
                    f3:e4:a3:92:12:cf:fe:1a:b5:fd:03:4f:8e:6b:a6:
                    6f:b8:55:bb:ba:23:25:b5:86:3e:71:b6:00:fe:69:
                    4d:6f:49:2e:dc:56:c9:b0:aa:7e:29:0c:d1:90:a8:
                    2c:da:7e:46:a6:a2:8a:11:64:16:08:70:96:fc:6e:
                    a1:4d:eb:f0:23:76:e8:f8:53:fb:34:65:6c:e7:e7:
                    03:7e:41:c7:26:3c:ef:95:0f:b6:a5:fc:81:97:df:
                    1a:a7:8a:15:b8:13:58:50:f8:b5:d3:53:ed:09:88:
                    e5:31:a9:b0:de:f8:72:b7:f8:4c:2f:7a:5c:94:6c:
                    0a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:61:75:86:C4:16:E1:64:F7:C4:A2:74:08:0F:C3:C4:DC:1F:B5:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d27bbac6-d621-4795-814e-7e30e51a759b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:4140::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:3a:5f:24:14:8b:8b:1f:42:e8:1c:ae:05:e9:ea:6a:fc:0b:
         f5:ab:d8:65:ac:ff:c4:75:a1:13:16:e2:25:68:31:b3:68:68:
         7d:e2:05:30:44:32:e5:39:4b:96:a5:16:75:de:fa:2e:ec:50:
         db:9f:7b:16:ee:4d:25:46:96:de:f1:43:f3:fa:8b:04:87:29:
         53:80:42:83:cd:20:f5:7b:ea:1a:9d:08:37:32:b4:93:47:16:
         8a:15:b0:41:4b:33:e7:e3:0b:2b:de:c7:73:b9:4f:17:22:c5:
         2a:1a:d8:8c:80:d5:48:8d:40:95:d6:d7:d3:4b:54:4b:ac:f6:
         a3:4a:f2:e4:a4:6d:62:56:b0:08:69:9c:e0:53:ae:64:da:c6:
         52:e2:26:09:27:52:a2:73:80:ea:0e:36:f5:e9:3b:09:16:f7:
         65:db:71:2c:63:af:9e:63:25:4b:46:31:3f:76:3a:f7:18:07:
         f4:ff:c0:e9:6a:32:65:ae:9f:a6:60:33:48:d4:12:a2:84:26:
         70:3a:80:78:73:a2:d7:57:47:af:3b:9a:0e:4c:67:5e:16:31:
         ed:7b:91:92:54:3e:99:91:f7:c8:33:a7:cc:3e:97:1f:e8:08:
         12:cd:aa:e3:44:8e:cc:c1:79:98:c6:cc:c1:fe:0d:ff:6d:7f:
         0e:e6:58:ca
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUdJdEyplRS+tg5sOO5pzMTD69Ft0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTUxMTI1WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjRjYmE5Mjg4ZmQ2MWU0MDhlOGNlOTYxMWNlYTY2Mjhl
ODBmYzI0NzA4ZDgyOWU5MDIwM2MxYTk5MmViODY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzrzVCBRKCEVhpizC+zTHObsvlyGOgO3rxmklF2Jl+X1dc
aSFh3ZlNXFj5XtB80i93pjSpv4C7GPQRA/3rlXBBbf4lDid4fUz7DzKD3Cig1qDo
bE4mLuY9ywmNo2VXv43nws515svBBr3sHJtIGjTmZxbeqMqAy7D135j1FNTzyuMv
Nf+47PPko5ISz/4atf0DT45rpm+4Vbu6IyW1hj5xtgD+aU1vSS7cVsmwqn4pDNGQ
qCzafkamoooRZBYIcJb8bqFN6/Ajduj4U/s0ZWzn5wN+QccmPO+VD7al/IGX3xqn
ihW4E1hQ+LXTU+0JiOUxqbDe+HK3+EwvelyUbAoVAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUsWF1hsQW4WT3xKJ0CA/DxNwftb4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyN2JiYWM2LWQ2MjEtNDc5NS04MTRlLTdlMzBlNTFhNzU5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AQUAwDQYJKoZIhvcNAQELBQADggEBAG06XyQUi4sfQugcrgXp6mr8
C/Wr2GWs/8R1oRMW4iVoMbNoaH3iBTBEMuU5S5alFnXe+i7sUNufexbuTSVGlt7x
Q/P6iwSHKVOAQoPNIPV76hqdCDcytJNHFooVsEFLM+fjCyvex3O5TxcixSoa2IyA
1UiNQJXW19NLVEus9qNK8uSkbWJWsAhpnOBTrmTaxlLiJgknUqJzgOoONvXpOwkW
92XbcSxjr55jJUtGMT92OvcYB/T/wOlqMmWun6ZgM0jUEqKEJnA6gHhzotdXR687
mg5MZ14WMe17kZJUPpmR98gzp8w+lx/oCBLNquNEjszBeZjGzMH+Df9tfw7mWMo=
-----END CERTIFICATE-----