Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea48da40-e606-40ca-a47e-49973c2920b0.roa
File:                     ea48da40-e606-40ca-a47e-49973c2920b0.roa (raw, json)
Hash identifier:          JIb/uPoh+RngiMezOW1bMnclQjrMFoI30gSBDAvF1AU=
Subject key identifier:   28:FA:05:5C:C4:8F:92:BC:A8:9F:81:B7:89:E8:8F:97:DD:F7:EA:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       316FCF2B2CDF85317C13918F4BFDC510F6C567C7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea48da40-e606-40ca-a47e-49973c2920b0.roa
Signing time:             Mon 04 Aug 2025 16:11:09 +0000
ROA not before:           Mon 04 Aug 2025 16:11:09 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fb8:8000::/39 maxlen: 39
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 09 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:6f:cf:2b:2c:df:85:31:7c:13:91:8f:4b:fd:c5:10:f6:c5:67:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 16:11:09 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=e21f649f2973c1bb5fe4675613515c19dcdb4fc9a65e9c1e1cbd3b957fd44119, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4f:ab:ac:0a:bf:cb:1d:9e:e4:fe:72:d0:a6:
                    28:fb:74:14:87:a6:21:fe:4b:a8:21:65:ff:35:4b:
                    79:66:ad:92:8c:46:73:a0:51:c9:10:a8:e0:b8:89:
                    a4:c8:c5:21:3e:92:cf:ef:e3:97:e8:5e:f3:97:dd:
                    42:48:bd:7d:82:28:ff:a9:9b:18:73:25:e2:cd:e9:
                    7c:41:6a:67:60:99:1d:f6:83:3f:a1:98:df:c5:8e:
                    53:bf:75:4e:de:d9:09:c3:6f:aa:a4:35:fa:04:46:
                    c9:e6:30:3d:12:0c:17:e7:a8:65:c6:fe:8d:3c:65:
                    97:9e:35:e3:ce:2b:79:d2:7b:a8:41:df:81:9c:a7:
                    85:b6:57:e3:5f:fd:5c:3b:62:0e:06:71:70:ce:f9:
                    c4:6b:18:51:91:bf:ac:16:67:c7:8d:03:e3:24:44:
                    94:2c:52:d4:dd:d0:d2:71:64:c8:8c:b4:42:5f:1e:
                    d3:de:99:d8:cc:ad:29:ed:97:58:d7:3a:09:82:17:
                    5a:0e:09:20:cb:f1:c2:a5:6e:24:13:bf:22:82:0e:
                    6b:32:0b:f1:40:ff:dc:76:e2:64:03:41:d8:6e:55:
                    fc:2d:af:4e:ab:ef:2a:97:27:20:d3:4c:a8:c5:e3:
                    9e:98:cc:35:41:18:c9:69:ab:6e:c5:78:fe:2d:ab:
                    f2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:FA:05:5C:C4:8F:92:BC:A8:9F:81:B7:89:E8:8F:97:DD:F7:EA:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea48da40-e606-40ca-a47e-49973c2920b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb8:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         70:34:6d:7f:e9:99:36:3b:56:35:49:86:24:cb:f6:98:51:78:
         f5:3e:05:f4:92:34:85:55:f1:5b:85:84:99:59:5e:7c:54:df:
         0f:90:21:b6:6c:3c:d5:3a:b2:6f:e3:25:bc:45:0f:67:73:39:
         d2:0b:a6:8a:fd:67:2c:0c:11:5a:88:1a:24:de:f4:be:f6:7c:
         f7:2e:11:05:00:ae:22:68:f6:0d:fb:a2:de:01:bb:89:51:09:
         fe:00:7e:c5:f6:a5:a9:7c:10:51:0c:9f:ab:b3:99:55:b8:18:
         f1:33:8f:26:d9:3d:c8:d5:ff:e2:59:d7:cd:8a:0b:c1:af:eb:
         5f:c7:07:aa:7b:a6:78:f7:29:c6:c2:2e:4b:c2:51:06:4b:1b:
         f2:5e:4a:76:5f:94:1f:ff:5e:0a:d5:57:cf:c7:03:46:41:f3:
         36:6f:70:3e:66:7f:e8:75:0f:a9:ae:60:c6:1c:82:2c:f5:68:
         db:3d:21:a8:4f:04:ee:70:77:cf:e5:6b:a1:b4:38:ff:c9:35:
         4f:0a:0a:b7:c7:26:81:85:05:ac:8a:4a:99:d1:0f:d8:65:e3:
         29:10:df:2f:84:53:7a:0c:7e:b2:83:e0:90:ff:31:59:7c:24:
         8b:73:4d:2c:6a:df:d5:84:1a:b5:97:84:30:4b:4c:65:ca:2e:
         ce:f2:c2:05
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMW/PKyzfhTF8E5GPS/3FEPbFZ8cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTYxMTA5WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjFmNjQ5ZjI5NzNjMWJiNWZlNDY3NTYxMzUxNWMxOWRj
ZGI0ZmM5YTY1ZTljMWUxY2JkM2I5NTdmZDQ0MTE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnT6usCr/LHZ7k/nLQpij7dBSHpiH+S6ghZf81S3lmrZKM
RnOgUckQqOC4iaTIxSE+ks/v45foXvOX3UJIvX2CKP+pmxhzJeLN6XxBamdgmR32
gz+hmN/FjlO/dU7e2QnDb6qkNfoERsnmMD0SDBfnqGXG/o08ZZeeNePOK3nSe6hB
34Gcp4W2V+Nf/Vw7Yg4GcXDO+cRrGFGRv6wWZ8eNA+MkRJQsUtTd0NJxZMiMtEJf
HtPemdjMrSntl1jXOgmCF1oOCSDL8cKlbiQTvyKCDmsyC/FA/9x24mQDQdhuVfwt
r06r7yqXJyDTTKjF456YzDVBGMlpq27FeP4tq/KjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUKPoFXMSPkryon4G3ieiPl9336ikwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhNDhkYTQwLWU2MDYtNDBjYS1hNDdlLTQ5OTczYzI5MjBiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB+4gDANBgkqhkiG9w0BAQsFAAOCAQEAcDRtf+mZNjtWNUmGJMv2mFF4
9T4F9JI0hVXxW4WEmVlefFTfD5Ahtmw81Tqyb+MlvEUPZ3M50gumiv1nLAwRWoga
JN70vvZ89y4RBQCuImj2Dfui3gG7iVEJ/gB+xfalqXwQUQyfq7OZVbgY8TOPJtk9
yNX/4lnXzYoLwa/rX8cHqnumePcpxsIuS8JRBksb8l5Kdl+UH/9eCtVXz8cDRkHz
Nm9wPmZ/6HUPqa5gxhyCLPVo2z0hqE8E7nB3z+VrobQ4/8k1TwoKt8cmgYUFrIpK
mdEP2GXjKRDfL4RTegx+soPgkP8xWXwki3NNLGrf1YQatZeEMEtMZcouzvLCBQ==
-----END CERTIFICATE-----