Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbdd7149-1b63-485c-91e0-217a5a311a88.roa
File:                     dbdd7149-1b63-485c-91e0-217a5a311a88.roa (raw, json)
Hash identifier:          7bki7txxUb3YJojIDad3bcQeMUCpv+S9D0tDSfWkZ/o=
Subject key identifier:   F3:75:24:C5:A6:6D:72:C2:32:4E:40:EB:D7:A9:84:B2:D3:86:55:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F28AB53BD9C4804924E8A6FC8FADE269EAB63EC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbdd7149-1b63-485c-91e0-217a5a311a88.roa
Signing time:             Tue 22 Apr 2025 00:32:12 +0000
ROA not before:           Tue 22 Apr 2025 00:32:12 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f00:80f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:28:ab:53:bd:9c:48:04:92:4e:8a:6f:c8:fa:de:26:9e:ab:63:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 00:32:12 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=74c069feab1150c6e18133e7964d1fb995ae649773b5f8d4d260d00c728bb116, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:97:26:63:d5:5e:40:ca:e9:f1:44:1d:89:19:
                    89:e8:d4:fb:b4:2f:ce:f8:de:59:70:cf:d0:58:22:
                    e2:bd:5e:b5:83:1b:33:22:a9:82:88:0a:d4:36:80:
                    7f:21:63:20:29:8b:9d:ec:97:53:02:f0:a2:0f:5a:
                    60:62:46:3a:e1:b0:73:7b:6c:84:6b:80:3b:98:f3:
                    c7:dc:13:6c:76:5a:09:d3:a8:02:76:b1:d7:2b:f9:
                    4e:1c:6f:eb:92:49:ae:c0:5a:da:22:d6:56:4d:fa:
                    09:ac:08:9c:76:2a:3f:a4:49:36:10:3a:e4:5b:6b:
                    98:d9:ab:eb:71:9d:89:1d:fc:88:b7:9b:be:3b:8c:
                    06:1c:9e:b9:54:1d:ce:97:98:07:f2:ee:b9:a2:a3:
                    7f:0e:d5:5e:38:60:b3:33:10:af:48:c7:36:7c:83:
                    b5:4b:22:6b:1c:ae:e0:4a:f1:84:59:56:e5:70:b3:
                    df:01:f1:e8:77:f9:52:13:7b:18:0b:e4:f5:ee:b4:
                    86:dc:43:46:10:c7:69:60:76:a5:aa:db:9f:4e:66:
                    fb:fa:37:29:34:a9:8e:a7:2e:0e:76:a6:fb:0d:1e:
                    94:e4:88:2d:52:37:b9:21:e7:20:bc:1b:99:70:58:
                    75:3a:09:72:3b:1c:3b:0d:69:ea:c1:3e:d3:0b:50:
                    09:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:75:24:C5:A6:6D:72:C2:32:4E:40:EB:D7:A9:84:B2:D3:86:55:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbdd7149-1b63-485c-91e0-217a5a311a88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:80f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:f2:a8:47:20:69:16:6d:d4:ed:0a:37:25:82:0d:23:f9:4b:
         a3:8a:46:d7:93:38:ef:51:b0:02:79:1d:e9:f6:ff:31:ce:c2:
         07:72:a1:e4:e4:c7:db:41:db:94:57:f1:77:1d:e2:4c:4f:78:
         b5:04:35:98:23:e3:f0:12:e1:66:a2:40:75:5a:26:c9:35:a6:
         db:6b:df:c1:8a:f9:d5:80:a1:c0:ec:ac:77:4c:31:b4:65:ae:
         b3:e5:a5:1d:a1:b9:9a:9e:93:70:90:62:25:ca:67:f1:36:67:
         1d:74:32:e1:10:26:ae:da:f2:6d:10:7d:a3:9a:a6:88:93:87:
         21:0b:1c:80:1b:a8:ae:9e:f7:d1:f9:34:69:69:17:8e:eb:b1:
         61:ad:1d:38:44:bb:20:86:e1:62:97:0b:0a:82:33:38:b8:bb:
         93:9e:a1:35:61:7b:60:b8:b2:64:33:4f:44:6f:c8:df:67:40:
         6f:71:1c:67:18:be:9b:70:75:80:8e:41:f3:a4:d9:25:0f:9d:
         4c:a4:51:29:2a:3b:88:8c:70:cd:bf:71:37:5e:06:af:e9:7f:
         ea:06:97:d8:e7:d3:b4:6b:da:65:ab:9f:af:43:d9:3c:ed:ed:
         e3:1a:63:1d:c1:47:e4:46:4b:36:34:c7:65:10:02:60:e9:98:
         10:20:7d:39
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTyirU72cSASSTopvyPreJp6rY+wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMDAzMjEyWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NGMwNjlmZWFiMTE1MGM2ZTE4MTMzZTc5NjRkMWZiOTk1
YWU2NDk3NzNiNWY4ZDRkMjYwZDAwYzcyOGJiMTE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZlyZj1V5AyunxRB2JGYno1Pu0L8743llwz9BYIuK9XrWD
GzMiqYKICtQ2gH8hYyApi53sl1MC8KIPWmBiRjrhsHN7bIRrgDuY88fcE2x2WgnT
qAJ2sdcr+U4cb+uSSa7AWtoi1lZN+gmsCJx2Kj+kSTYQOuRba5jZq+txnYkd/Ii3
m747jAYcnrlUHc6XmAfy7rmio38O1V44YLMzEK9IxzZ8g7VLImscruBK8YRZVuVw
s98B8eh3+VITexgL5PXutIbcQ0YQx2lgdqWq259OZvv6Nyk0qY6nLg52pvsNHpTk
iC1SN7kh5yC8G5lwWHU6CXI7HDsNaerBPtMLUAmjAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU83UkxaZtcsIyTkDr16mEstOGVQUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiZGQ3MTQ5LTFiNjMtNDg1Yy05MWUwLTIxN2E1YTMxMWE4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AgPAwDQYJKoZIhvcNAQELBQADggEBABPyqEcgaRZt1O0KNyWCDSP5
S6OKRteTOO9RsAJ5Hen2/zHOwgdyoeTkx9tB25RX8Xcd4kxPeLUENZgj4/AS4Wai
QHVaJsk1pttr38GK+dWAocDsrHdMMbRlrrPlpR2huZqek3CQYiXKZ/E2Zx10MuEQ
Jq7a8m0QfaOapoiThyELHIAbqK6e99H5NGlpF47rsWGtHThEuyCG4WKXCwqCMzi4
u5OeoTVhe2C4smQzT0RvyN9nQG9xHGcYvptwdYCOQfOk2SUPnUykUSkqO4iMcM2/
cTdeBq/pf+oGl9jn07Rr2mWrn69D2Tzt7eMaYx3BR+RGSzY0x2UQAmDpmBAgfTk=
-----END CERTIFICATE-----