Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dac6d91f-0131-4f38-be3d-421eba8e0816.roa
File:                     dac6d91f-0131-4f38-be3d-421eba8e0816.roa (raw, json)
Hash identifier:          cWerLhwJA1CpQV0AsLP8X5tRpkHuWzdlsIsrM2a/FrM=
Subject key identifier:   19:65:3B:10:D5:48:EE:70:77:D4:38:AB:66:CA:F7:5A:AE:C0:52:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       416BBF12CA1BC9A574F7A943294A85D1CB863C7C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dac6d91f-0131-4f38-be3d-421eba8e0816.roa
Signing time:             Tue 22 Apr 2025 16:20:17 +0000
ROA not before:           Tue 22 Apr 2025 16:20:17 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f69:c040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:6b:bf:12:ca:1b:c9:a5:74:f7:a9:43:29:4a:85:d1:cb:86:3c:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 16:20:17 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=19192b39baa2eb2fafcbb612515fbfa6cb541f3d88979dfd271d3ee5e8301ec4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f9:56:00:88:5a:d8:89:bf:4f:e8:bb:63:6f:
                    64:a6:80:08:b7:ba:8b:36:d9:6f:9d:74:3b:bc:8d:
                    19:03:be:45:04:27:b3:ab:f0:0e:09:5a:e5:d4:f9:
                    65:3b:5a:d0:e1:80:e7:ff:c7:34:ff:24:74:ec:0e:
                    54:0d:0a:9c:43:5f:0a:d3:4a:f9:93:a1:72:dc:bd:
                    ab:3f:76:ff:f0:77:e3:ff:f7:23:82:c4:ba:db:47:
                    6a:ff:34:bb:80:0b:79:ba:0c:89:3b:95:33:a3:59:
                    67:15:72:36:1c:ad:8b:46:fe:e5:44:ed:3f:2c:e9:
                    ec:77:0f:64:e6:5e:3d:d5:3c:cb:b9:97:91:36:54:
                    88:b1:0e:d6:bf:ab:35:87:0d:c9:c2:6c:34:76:91:
                    05:09:78:1a:b7:b0:09:4e:3c:88:d2:e8:df:e1:a5:
                    8b:0a:a3:17:08:7b:b5:05:08:70:80:cc:8f:b2:47:
                    7e:e7:c4:29:1c:18:42:c8:1a:5c:05:2b:a9:cf:33:
                    1f:ec:31:4a:7a:b0:5b:4a:d0:b8:75:3d:9e:ce:b2:
                    84:7e:ac:d9:a4:24:bc:e4:c9:ac:ed:1b:bf:06:7b:
                    b8:61:9c:0f:bf:17:42:42:63:1b:ad:56:a6:eb:59:
                    ba:2e:ad:26:b2:f5:db:32:9a:62:db:25:a7:b0:ed:
                    36:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:65:3B:10:D5:48:EE:70:77:D4:38:AB:66:CA:F7:5A:AE:C0:52:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dac6d91f-0131-4f38-be3d-421eba8e0816.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:c040::/46

    Signature Algorithm: sha256WithRSAEncryption
         1f:b0:a4:53:24:16:c5:f3:fe:df:c2:93:6d:25:a6:a6:b5:de:
         05:aa:cf:01:6d:8d:62:18:41:ef:1f:20:89:a6:10:db:52:ed:
         34:65:47:69:c4:ce:ed:20:e0:8a:12:a2:f7:8a:9a:54:ea:32:
         cf:19:72:b9:49:87:04:cf:b9:4b:ea:c8:71:73:8f:c9:16:75:
         8e:a4:a5:22:0e:66:ce:d2:3e:2a:42:5c:dd:9f:42:7c:4b:d2:
         2c:a1:74:4a:75:8e:ec:e3:90:65:84:42:c0:75:7b:ff:36:09:
         cc:bb:1c:69:4b:ba:39:d6:de:52:b2:a5:d6:98:22:d5:2f:a9:
         6f:a5:60:03:b6:dd:b5:51:89:3e:f7:e2:45:b3:0e:dc:2b:78:
         4f:84:02:c8:bd:a1:87:36:b3:03:6d:88:0d:0f:06:d1:ec:46:
         dc:56:e0:b4:3f:2e:b5:e8:f4:d9:75:15:c5:bf:36:9a:ae:43:
         f7:38:c6:27:4c:90:55:d7:05:2b:28:57:ba:9e:1c:80:2a:f5:
         77:27:92:8e:a5:53:e6:ec:71:42:16:74:c3:e4:14:a4:2e:92:
         0f:b8:78:26:21:23:18:fe:a4:06:ca:1c:ad:a4:db:c0:cf:12:
         74:94:54:33:26:14:33:d0:a2:81:00:cf:a5:52:47:af:6a:c3:
         fe:d1:9d:07
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQWu/EsobyaV096lDKUqF0cuGPHwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTYyMDE3WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOTE5MmIzOWJhYTJlYjJmYWZjYmI2MTI1MTVmYmZhNmNi
NTQxZjNkODg5NzlkZmQyNzFkM2VlNWU4MzAxZWM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx+VYAiFrYib9P6Ltjb2SmgAi3uos22W+ddDu8jRkDvkUE
J7Or8A4JWuXU+WU7WtDhgOf/xzT/JHTsDlQNCpxDXwrTSvmToXLcvas/dv/wd+P/
9yOCxLrbR2r/NLuAC3m6DIk7lTOjWWcVcjYcrYtG/uVE7T8s6ex3D2TmXj3VPMu5
l5E2VIixDta/qzWHDcnCbDR2kQUJeBq3sAlOPIjS6N/hpYsKoxcIe7UFCHCAzI+y
R37nxCkcGELIGlwFK6nPMx/sMUp6sFtK0Lh1PZ7OsoR+rNmkJLzkyaztG78Ge7hh
nA+/F0JCYxutVqbrWbourSay9dsymmLbJaew7TYXAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUGWU7ENVI7nB31DirZsr3Wq7AUjgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhYzZkOTFmLTAxMzEtNGYzOC1iZTNkLTQyMWViYThlMDgxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB9pwEAwDQYJKoZIhvcNAQELBQADggEBAB+wpFMkFsXz/t/Ck20lpqa1
3gWqzwFtjWIYQe8fIImmENtS7TRlR2nEzu0g4IoSoveKmlTqMs8ZcrlJhwTPuUvq
yHFzj8kWdY6kpSIOZs7SPipCXN2fQnxL0iyhdEp1juzjkGWEQsB1e/82Ccy7HGlL
ujnW3lKypdaYItUvqW+lYAO23bVRiT734kWzDtwreE+EAsi9oYc2swNtiA0PBtHs
RtxW4LQ/LrXo9Nl1FcW/NpquQ/c4xidMkFXXBSsoV7qeHIAq9Xcnko6lU+bscUIW
dMPkFKQukg+4eCYhIxj+pAbKHK2k28DPEnSUVDMmFDPQooEAz6VSR69qw/7RnQc=
-----END CERTIFICATE-----