Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d33bfeb9-0b50-443e-8a06-3a81baa27766.roa
File:                     d33bfeb9-0b50-443e-8a06-3a81baa27766.roa (raw, json)
Hash identifier:          QrWfJIZgWTflmcmwHOYT9OC0r/XWsa2eS8JGagFW5eM=
Subject key identifier:   77:E8:87:48:FD:79:37:94:0E:31:89:BF:36:70:3C:89:1C:DC:56:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10F0B33EE79449BD4ECCBBBE0551745CECB89823
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d33bfeb9-0b50-443e-8a06-3a81baa27766.roa
Signing time:             Fri 06 Jun 2025 00:10:29 +0000
ROA not before:           Fri 06 Jun 2025 00:10:29 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 16 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:f0:b3:3e:e7:94:49:bd:4e:cc:bb:be:05:51:74:5c:ec:b8:98:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun  6 00:10:29 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=847aa9074352e6a6ffa5597b40ad4d01c03633d8fa9d072c73b6cfafc26ec2a7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:57:12:52:7c:06:d4:41:79:37:27:fd:d6:43:
                    4e:59:57:cb:a3:99:65:aa:97:19:b0:8d:ba:e7:8e:
                    3e:bd:ab:f2:59:f5:43:da:84:0b:60:63:ff:a1:77:
                    c9:c4:6f:77:61:c7:e3:76:eb:8e:32:0e:5b:7c:f2:
                    67:c8:63:b7:19:de:33:9f:1d:89:3a:b2:77:a1:da:
                    4a:46:72:ba:0c:78:de:ac:f4:8d:91:de:a8:b3:12:
                    c7:06:9b:28:9d:30:71:eb:11:3e:d7:a6:20:7d:94:
                    68:f8:ef:76:b0:b0:ba:12:70:8b:b8:65:ae:94:d3:
                    78:e3:76:96:ef:56:c4:88:37:23:c7:7c:68:dc:3a:
                    13:a7:50:c4:3b:48:25:5f:b9:5a:ef:2e:43:98:37:
                    67:3a:66:2e:0e:08:ab:ad:19:bb:01:e7:dd:f6:49:
                    40:1b:13:50:7b:a6:f2:bb:94:88:48:33:0c:c0:bd:
                    e7:53:02:5d:2b:a3:f6:d7:7c:cf:4d:e8:da:bc:d6:
                    8e:f4:cf:31:cc:dc:db:da:57:41:c8:40:f4:a6:06:
                    89:f9:8c:aa:92:a1:b0:db:49:91:ef:ab:b6:f6:84:
                    56:e3:5f:cf:3c:7d:ba:3b:e5:0a:35:fe:ba:1d:32:
                    ff:59:70:cd:14:00:c3:39:22:77:f9:58:17:89:61:
                    9d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E8:87:48:FD:79:37:94:0E:31:89:BF:36:70:3C:89:1C:DC:56:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d33bfeb9-0b50-443e-8a06-3a81baa27766.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         46:c9:07:85:63:06:d2:cd:3f:37:65:f0:25:89:c6:71:62:9c:
         85:01:b2:6b:78:cf:b6:83:3f:18:cd:0c:73:b6:1f:63:e9:74:
         ec:df:8e:a3:57:9f:46:7a:aa:1e:a0:a8:f6:aa:82:1b:28:4d:
         58:39:be:d9:fd:f3:f0:2b:1c:fb:3c:84:d1:ac:11:67:84:7a:
         b0:c8:fe:d5:07:c5:03:51:02:79:99:b1:c1:e3:40:f4:30:58:
         be:49:8f:49:9e:ee:1c:27:f2:07:75:9a:52:4e:71:ea:d5:92:
         c1:86:c3:cd:37:28:c7:c5:a6:3e:69:4c:dd:ea:a1:03:78:0d:
         8e:ed:94:c7:8c:04:b8:e0:b9:d3:89:ac:38:38:79:5d:51:49:
         6d:5a:3b:e0:12:b8:a5:16:74:f1:90:3c:ec:1c:e4:3b:4d:0e:
         f8:b3:07:92:80:72:2c:04:fd:d2:68:af:e9:05:33:1e:c0:36:
         d7:f3:e7:1e:9c:95:dd:0d:9a:2d:fd:fa:c9:2b:f3:87:ed:c8:
         af:e3:f5:fd:4e:36:18:5e:84:85:7f:a9:14:36:b6:a4:9c:06:
         c5:fa:6f:e2:8c:8e:08:df:8a:d9:0c:9b:e2:21:4e:3b:cc:12:
         9c:40:b6:e9:fd:65:61:fc:47:74:dc:59:99:58:bb:e7:56:7d:
         5c:99:9f:3e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUEPCzPueUSb1OzLu+BVF0XOy4mCMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjA2MDAxMDI5WhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NDdhYTkwNzQzNTJlNmE2ZmZhNTU5N2I0MGFkNGQwMWMw
MzYzM2Q4ZmE5ZDA3MmM3M2I2Y2ZhZmMyNmVjMmE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJVxJSfAbUQXk3J/3WQ05ZV8ujmWWqlxmwjbrnjj69q/JZ
9UPahAtgY/+hd8nEb3dhx+N2644yDlt88mfIY7cZ3jOfHYk6sneh2kpGcroMeN6s
9I2R3qizEscGmyidMHHrET7XpiB9lGj473awsLoScIu4Za6U03jjdpbvVsSINyPH
fGjcOhOnUMQ7SCVfuVrvLkOYN2c6Zi4OCKutGbsB5932SUAbE1B7pvK7lIhIMwzA
vedTAl0ro/bXfM9N6Nq81o70zzHM3NvaV0HIQPSmBon5jKqSobDbSZHvq7b2hFbj
X888fbo75Qo1/rodMv9ZcM0UAMM5Inf5WBeJYZ1lAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUd+iHSP15N5QOMYm/NnA8iRzcVmkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzM2JmZWI5LTBiNTAtNDQzZS04YTA2LTNhODFiYWEyNzc2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/0wDANBgkqhkiG9w0BAQsFAAOCAQEARskHhWMG0s0/N2XwJYnGcWKc
hQGya3jPtoM/GM0Mc7YfY+l07N+Oo1efRnqqHqCo9qqCGyhNWDm+2f3z8Csc+zyE
0awRZ4R6sMj+1QfFA1ECeZmxweNA9DBYvkmPSZ7uHCfyB3WaUk5x6tWSwYbDzTco
x8WmPmlM3eqhA3gNju2Ux4wEuOC504msODh5XVFJbVo74BK4pRZ08ZA87BzkO00O
+LMHkoByLAT90miv6QUzHsA21/PnHpyV3Q2aLf36ySvzh+3Ir+P1/U42GF6EhX+p
FDa2pJwGxfpv4oyOCN+K2Qyb4iFOO8wSnEC26f1lYfxHdNxZmVi751Z9XJmfPg==
-----END CERTIFICATE-----