Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02705a78-c949-405b-9b73-0ec922410e1e.roa
File:                     02705a78-c949-405b-9b73-0ec922410e1e.roa (raw, json)
Hash identifier:          Ns2B8eIch8mo9PKffwAdDKCmxuk8ERyzYftpPo5xkE4=
Subject key identifier:   31:AB:F7:D5:F3:BD:AC:ED:AD:BD:E4:0F:8F:03:A4:A2:EA:15:7F:50
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       023ADCEC045F8DBC7D2995CFCCC7BB16A53DB4E8
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02705a78-c949-405b-9b73-0ec922410e1e.roa
Signing time:             Fri 13 Jun 2025 18:30:07 +0000
ROA not before:           Fri 13 Jun 2025 18:30:07 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f3:f100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 18 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:3a:dc:ec:04:5f:8d:bc:7d:29:95:cf:cc:c7:bb:16:a5:3d:b4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 13 18:30:07 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=f857959b89953dc5c1b09eb8392c78c629238b024e807eb72c1ef265ef58851f, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:65:3d:d6:00:c9:f4:28:fe:38:69:20:7c:35:
                    f9:82:e9:7d:df:48:43:05:d1:40:2b:7c:28:33:07:
                    92:f6:e0:4a:54:5a:13:43:aa:1d:77:43:ee:73:e8:
                    5b:1f:f1:d4:84:17:11:3f:17:fa:63:58:85:ab:27:
                    31:57:80:39:85:fb:0d:18:d1:80:6a:cb:23:d7:ed:
                    24:e1:53:e9:8f:93:d6:e4:e9:f6:85:7b:2a:c6:0f:
                    6b:38:21:5f:e9:60:09:6a:13:01:e3:22:59:9d:0e:
                    ce:f3:19:11:f0:e5:5c:69:19:df:83:91:51:f8:61:
                    71:08:1e:1b:4f:99:11:2d:a1:01:45:54:95:c2:3d:
                    55:e8:69:9f:f3:90:11:b3:57:8a:f2:cb:12:65:e9:
                    1f:08:04:53:79:e0:d9:ef:c8:3e:da:ef:cf:da:ec:
                    ec:ce:d4:57:93:1b:1d:6d:14:91:bf:d7:28:76:c7:
                    a6:13:67:18:d2:e4:bd:99:f3:6a:e1:bc:b1:11:8b:
                    61:95:75:4a:ce:1c:c8:af:1d:71:bb:4a:3e:3e:0d:
                    37:b3:0e:8b:09:7e:68:05:23:da:a6:3a:9c:db:4f:
                    6f:93:c4:73:f8:09:7f:fb:ce:96:33:d1:f6:86:56:
                    76:3c:55:62:65:ae:3d:4f:3e:25:91:a1:c9:fe:36:
                    01:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:AB:F7:D5:F3:BD:AC:ED:AD:BD:E4:0F:8F:03:A4:A2:EA:15:7F:50
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02705a78-c949-405b-9b73-0ec922410e1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f3:f100::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:7d:98:ad:02:36:88:03:de:18:00:f9:25:f4:22:ce:c9:ed:
         19:8a:15:6c:14:33:8f:0c:d2:b0:c9:68:52:48:65:39:63:e5:
         a4:12:e6:a5:c1:01:2b:eb:42:ed:fe:11:4b:7e:15:e6:89:cb:
         f6:e5:e2:43:34:bf:24:42:8b:1d:99:81:c2:ae:dc:47:21:4e:
         99:80:2a:ae:32:44:76:14:31:e4:c8:a3:73:f0:d3:ba:64:5e:
         08:1a:9f:66:3b:57:68:a1:8a:6b:30:77:e3:10:6e:18:7f:1f:
         8b:64:71:e8:2a:ae:76:84:4c:91:36:2c:5f:7e:a7:bc:b9:55:
         f6:b2:4f:14:37:10:2a:6e:9a:7b:ea:b3:1f:73:ac:3b:97:6e:
         9a:d8:ab:c8:a3:08:99:cb:d5:f4:ab:fa:5f:7d:78:b2:7d:96:
         13:b0:db:37:f1:0a:0c:10:50:9a:94:7e:16:87:e7:d4:bf:f0:
         ea:af:e1:31:e1:8e:b5:9e:5e:3a:52:a7:c1:79:6c:6b:f0:48:
         4a:b9:14:24:82:71:90:c2:25:6b:0a:df:7a:d1:98:ba:06:84:
         69:e6:32:94:3e:0b:95:0a:46:29:f5:76:00:bb:15:e7:88:57:
         4c:e3:ec:61:4f:c7:be:b1:32:9d:b7:30:e4:f7:b7:44:10:77:
         3e:56:73:10
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUAjrc7ARfjbx9KZXPzMe7FqU9tOgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjEzMTgzMDA3WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmODU3OTU5Yjg5OTUzZGM1YzFiMDllYjgzOTJjNzhjNjI5
MjM4YjAyNGU4MDdlYjcyYzFlZjI2NWVmNTg4NTFmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUZT3WAMn0KP44aSB8NfmC6X3fSEMF0UArfCgzB5L24EpU
WhNDqh13Q+5z6Fsf8dSEFxE/F/pjWIWrJzFXgDmF+w0Y0YBqyyPX7SThU+mPk9bk
6faFeyrGD2s4IV/pYAlqEwHjIlmdDs7zGRHw5VxpGd+DkVH4YXEIHhtPmREtoQFF
VJXCPVXoaZ/zkBGzV4ryyxJl6R8IBFN54NnvyD7a78/a7OzO1FeTGx1tFJG/1yh2
x6YTZxjS5L2Z82rhvLERi2GVdUrOHMivHXG7Sj4+DTezDosJfmgFI9qmOpzbT2+T
xHP4CX/7zpYz0faGVnY8VWJlrj1PPiWRocn+NgEtAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUMav31fO9rO2tveQPjwOkouoVf1AwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzAyNzA1YTc4LWM5NDktNDA1Yi05YjczLTBlYzkyMjQxMGUxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDz8TANBgkqhkiG9w0BAQsFAAOCAQEAFX2YrQI2iAPeGAD5JfQizsnt
GYoVbBQzjwzSsMloUkhlOWPlpBLmpcEBK+tC7f4RS34V5onL9uXiQzS/JEKLHZmB
wq7cRyFOmYAqrjJEdhQx5Mijc/DTumReCBqfZjtXaKGKazB34xBuGH8fi2Rx6Cqu
doRMkTYsX36nvLlV9rJPFDcQKm6ae+qzH3OsO5dumtiryKMImcvV9Kv6X314sn2W
E7DbN/EKDBBQmpR+Fofn1L/w6q/hMeGOtZ5eOlKnwXlsa/BISrkUJIJxkMIlawrf
etGYugaEaeYylD4LlQpGKfV2ALsV54hXTOPsYU/HvrEynbcw5Pe3RBB3PlZzEA==
-----END CERTIFICATE-----