Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e537a589-ee97-47c6-a07d-5a3510d3feec.roa
File:                     e537a589-ee97-47c6-a07d-5a3510d3feec.roa (raw, json)
Hash identifier:          i8NhFQAHpM6NJaeAK8H8h8pUx6s6fY2WZvPjgN5Nwa4=
Subject key identifier:   C1:57:F5:A7:5B:71:EA:59:CF:8E:7F:80:E5:43:47:04:BB:C8:2C:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28F178BA112D5101EFBC2D071DAC45F246C156AE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e537a589-ee97-47c6-a07d-5a3510d3feec.roa
Signing time:             Tue 22 Apr 2025 15:01:30 +0000
ROA not before:           Tue 22 Apr 2025 15:01:30 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ff7:5080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:f1:78:ba:11:2d:51:01:ef:bc:2d:07:1d:ac:45:f2:46:c1:56:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 15:01:30 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=a11933dd364d9ef3fbe6621ec42fde7b858faf014496f75bc68e0f38b0c171e0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:90:4d:02:ea:5c:ca:ea:9b:6a:72:0d:23:1a:
                    fa:5c:99:19:1f:a0:e8:31:00:81:21:34:4f:cb:9b:
                    bd:59:5f:53:3b:89:72:63:9c:5f:1f:ca:cd:0a:93:
                    db:90:47:84:61:ce:a1:48:1b:35:42:9f:08:62:9c:
                    0a:78:42:3e:92:28:31:2f:2a:dd:e0:b7:3f:e4:21:
                    60:90:30:fd:72:5d:dc:19:73:ca:ec:28:72:85:48:
                    15:6b:fb:b3:93:41:25:f1:1f:52:27:58:ac:30:99:
                    3f:0a:81:15:aa:de:2b:1b:77:b9:ec:65:5c:32:c0:
                    c2:0a:81:4c:52:b9:63:fd:de:4b:4a:e0:ef:9b:8c:
                    ba:8e:0c:1e:74:93:24:ac:f6:7e:3c:ce:f2:e8:61:
                    61:66:ee:04:0a:90:ae:13:09:ff:c8:18:df:53:cb:
                    6a:4a:d3:5b:bd:68:b3:e5:d5:16:3a:95:17:80:a3:
                    f5:10:e5:12:af:e4:09:1d:50:cb:89:62:ad:8f:9a:
                    5d:d2:33:af:41:2f:35:08:7f:ef:03:67:c2:95:ca:
                    06:59:b1:19:6e:78:be:cd:09:6a:37:7f:19:a4:f4:
                    99:81:3a:e7:d6:09:ad:9f:dd:81:dc:4f:95:72:a1:
                    51:ab:ab:da:be:10:27:aa:c7:f4:03:64:2a:2b:73:
                    8e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:57:F5:A7:5B:71:EA:59:CF:8E:7F:80:E5:43:47:04:BB:C8:2C:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e537a589-ee97-47c6-a07d-5a3510d3feec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:5080::/46

    Signature Algorithm: sha256WithRSAEncryption
         18:c3:a0:0d:dd:c0:03:02:b6:49:6b:74:2d:5f:8a:ba:f4:2e:
         ca:a9:28:79:78:9f:5c:8f:d4:b8:6b:75:ef:e5:64:ca:75:98:
         45:3e:85:b3:d2:9d:d2:86:23:77:49:c7:c9:59:14:2e:d6:a6:
         e7:45:fc:2e:7d:26:f9:51:ee:a2:12:ab:fe:aa:e5:fc:12:59:
         06:76:68:86:59:ac:25:00:72:40:a0:e7:e4:52:ca:34:d4:c1:
         03:92:90:cd:b0:4e:c5:82:53:5b:c2:cc:63:d6:95:1c:94:50:
         95:c6:3b:8a:50:e2:d0:31:02:27:97:d6:bc:d3:dc:98:25:23:
         e9:a5:3d:72:70:1a:26:d2:b0:97:d0:b2:98:58:9e:e6:28:8d:
         d1:bd:84:0e:97:89:a3:0f:f7:92:fa:90:34:a1:69:0e:33:a5:
         99:31:57:f4:23:dd:d5:88:39:5e:24:0d:e8:17:e1:8a:2e:21:
         be:96:0e:27:74:73:00:23:05:a7:fb:81:70:e1:18:bb:bc:ac:
         ff:18:87:e4:92:37:86:73:23:eb:e8:fc:95:e4:09:24:2c:76:
         d9:8b:07:69:4c:7f:20:37:1c:db:a7:94:c4:d1:bf:77:b1:f7:
         3e:11:9c:22:05:49:ae:54:be:a9:53:0f:99:94:dd:ef:c9:3c:
         a8:e4:90:2b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKPF4uhEtUQHvvC0HHaxF8kbBVq4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTUwMTMwWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTE5MzNkZDM2NGQ5ZWYzZmJlNjYyMWVjNDJmZGU3Yjg1
OGZhZjAxNDQ5NmY3NWJjNjhlMGYzOGIwYzE3MWUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdkE0C6lzK6ptqcg0jGvpcmRkfoOgxAIEhNE/Lm71ZX1M7
iXJjnF8fys0Kk9uQR4RhzqFIGzVCnwhinAp4Qj6SKDEvKt3gtz/kIWCQMP1yXdwZ
c8rsKHKFSBVr+7OTQSXxH1InWKwwmT8KgRWq3isbd7nsZVwywMIKgUxSuWP93ktK
4O+bjLqODB50kySs9n48zvLoYWFm7gQKkK4TCf/IGN9Ty2pK01u9aLPl1RY6lReA
o/UQ5RKv5AkdUMuJYq2Pml3SM69BLzUIf+8DZ8KVygZZsRlueL7NCWo3fxmk9JmB
OufWCa2f3YHcT5VyoVGrq9q+ECeqx/QDZCorc45lAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUwVf1p1tx6lnPjn+A5UNHBLvILNMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1MzdhNTg5LWVlOTctNDdjNi1hMDdkLTVhMzUxMGQzZmVlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/3UIAwDQYJKoZIhvcNAQELBQADggEBABjDoA3dwAMCtklrdC1firr0
LsqpKHl4n1yP1Lhrde/lZMp1mEU+hbPSndKGI3dJx8lZFC7WpudF/C59JvlR7qIS
q/6q5fwSWQZ2aIZZrCUAckCg5+RSyjTUwQOSkM2wTsWCU1vCzGPWlRyUUJXGO4pQ
4tAxAieX1rzT3JglI+mlPXJwGibSsJfQsphYnuYojdG9hA6XiaMP95L6kDShaQ4z
pZkxV/Qj3dWIOV4kDegX4YouIb6WDid0cwAjBaf7gXDhGLu8rP8Yh+SSN4ZzI+vo
/JXkCSQsdtmLB2lMfyA3HNunlMTRv3ex9z4RnCIFSa5UvqlTD5mU3e/JPKjkkCs=
-----END CERTIFICATE-----