Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa89ceec-7353-4213-a5c6-b7359deda91c.roa
File:                     fa89ceec-7353-4213-a5c6-b7359deda91c.roa (raw, json)
Hash identifier:          8m+Lo5CY4m3+SWsE/TBwQv7EOjufSctWdZwgWjAddmk=
Subject key identifier:   6A:D8:5A:7A:F9:4D:77:64:E1:2B:5F:83:DD:F3:1F:A2:E1:B2:32:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4E5AF9EE8F387A70E33B9B93A6D29F93D5235C58
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa89ceec-7353-4213-a5c6-b7359deda91c.roa
Signing time:             Tue 22 Apr 2025 00:51:45 +0000
ROA not before:           Tue 22 Apr 2025 00:51:45 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:8190::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:5a:f9:ee:8f:38:7a:70:e3:3b:9b:93:a6:d2:9f:93:d5:23:5c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 00:51:45 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=67f1ed08709a2661e4f0a2f934f9372c6b1b06d1a46939c4a3bb34d074a72342, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:72:9f:24:0f:a9:c5:7a:e6:e8:32:53:0a:a7:
                    6c:bb:2a:f9:c4:c9:ff:e3:cb:5c:51:4b:da:bf:51:
                    a2:30:ac:3b:f9:64:63:9a:7b:10:8c:5f:c9:1f:50:
                    93:ed:38:f3:21:54:44:ae:e5:d2:05:98:c1:fe:47:
                    0f:fc:86:55:ac:23:bf:c5:f9:9c:63:c1:c0:c5:79:
                    1e:d6:a1:bf:5c:7a:80:e0:f7:6a:e5:32:11:36:14:
                    d2:5c:b8:e4:03:92:81:67:b1:6d:9a:ce:a9:fd:ed:
                    82:57:f6:25:14:69:5b:15:71:ee:78:1d:2c:43:a0:
                    9a:64:51:7d:f3:31:6c:56:4e:87:c9:2e:a5:e9:81:
                    77:9b:a2:8e:ab:ef:9a:46:a0:48:4b:8e:d2:f6:f4:
                    c3:ff:4a:33:a4:a8:61:dc:5b:a9:8a:fb:97:56:12:
                    9d:6e:08:05:d2:db:e9:14:62:85:6d:84:4f:74:a4:
                    a1:1a:51:88:8a:91:dd:51:e5:5e:70:26:52:61:4f:
                    84:a4:eb:97:80:52:13:01:8e:13:4c:bb:99:12:fc:
                    c3:3a:88:6f:18:1b:ca:8b:89:b9:f0:72:3a:45:b6:
                    eb:79:9a:9d:48:85:6f:68:37:7a:89:49:b5:46:65:
                    74:0a:63:5f:bd:71:68:1f:aa:e4:60:e1:97:85:92:
                    49:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D8:5A:7A:F9:4D:77:64:E1:2B:5F:83:DD:F3:1F:A2:E1:B2:32:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa89ceec-7353-4213-a5c6-b7359deda91c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:8190::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:3c:e4:dc:2e:88:61:09:90:31:20:6b:28:0d:2a:2a:fb:d7:
         34:0b:9a:28:a4:f8:16:c0:8c:73:80:41:97:ae:72:d6:0c:08:
         46:37:cc:11:ad:0c:df:ac:e3:ff:48:ac:f4:6f:08:91:f5:1b:
         4d:81:30:27:f0:c4:41:1a:c1:4c:ce:35:00:c8:b4:49:49:7a:
         73:55:0f:59:97:06:25:18:89:2b:e4:72:97:e1:97:42:91:00:
         e9:fb:48:31:36:14:af:62:0c:d7:c5:82:1c:84:15:bd:72:eb:
         44:41:bb:a0:ec:74:db:9f:01:c8:db:7f:15:76:1e:9b:d8:59:
         2d:df:cb:06:d4:9a:57:45:48:d8:ad:b9:5e:6d:97:93:38:d8:
         8e:9d:61:e5:67:e6:c8:72:a8:5e:47:47:92:ab:7f:e4:b5:43:
         98:fa:3b:b3:95:13:56:c0:33:d1:da:96:80:b8:6d:30:46:45:
         d8:1d:10:e7:00:c8:ce:dd:2c:1e:f8:d7:95:ee:86:b9:0a:fb:
         3d:a9:fd:0d:e8:09:ed:78:47:c7:6f:61:d9:91:39:00:47:7e:
         ab:2e:6e:fd:c0:d3:fe:ca:76:7d:91:94:c6:2c:bc:f7:63:a7:
         a8:ee:68:6b:95:ff:aa:3c:13:b6:05:8b:be:89:a6:b8:0c:04:
         9a:02:c0:74
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTlr57o84enDjO5uTptKfk9UjXFgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMDA1MTQ1WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2N2YxZWQwODcwOWEyNjYxZTRmMGEyZjkzNGY5MzcyYzZi
MWIwNmQxYTQ2OTM5YzRhM2JiMzRkMDc0YTcyMzQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5cp8kD6nFeuboMlMKp2y7KvnEyf/jy1xRS9q/UaIwrDv5
ZGOaexCMX8kfUJPtOPMhVESu5dIFmMH+Rw/8hlWsI7/F+ZxjwcDFeR7Wob9ceoDg
92rlMhE2FNJcuOQDkoFnsW2azqn97YJX9iUUaVsVce54HSxDoJpkUX3zMWxWTofJ
LqXpgXeboo6r75pGoEhLjtL29MP/SjOkqGHcW6mK+5dWEp1uCAXS2+kUYoVthE90
pKEaUYiKkd1R5V5wJlJhT4Sk65eAUhMBjhNMu5kS/MM6iG8YG8qLibnwcjpFtut5
mp1IhW9oN3qJSbVGZXQKY1+9cWgfquRg4ZeFkkmvAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUathaevlNd2ThK1+D3fMfouGyMuIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZhODljZWVjLTczNTMtNDIxMy1hNWM2LWI3MzU5ZGVkYTkxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//gZAwDQYJKoZIhvcNAQELBQADggEBAGo85NwuiGEJkDEgaygNKir7
1zQLmiik+BbAjHOAQZeuctYMCEY3zBGtDN+s4/9IrPRvCJH1G02BMCfwxEEawUzO
NQDItElJenNVD1mXBiUYiSvkcpfhl0KRAOn7SDE2FK9iDNfFghyEFb1y60RBu6Ds
dNufAcjbfxV2HpvYWS3fywbUmldFSNituV5tl5M42I6dYeVn5shyqF5HR5Krf+S1
Q5j6O7OVE1bAM9HaloC4bTBGRdgdEOcAyM7dLB7415XuhrkK+z2p/Q3oCe14R8dv
YdmROQBHfqsubv3A0/7Kdn2RlMYsvPdjp6juaGuV/6o8E7YFi76JprgMBJoCwHQ=
-----END CERTIFICATE-----