Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02e80c9d-369f-46ba-87b8-e7748e7c9c90.roa
File:                     02e80c9d-369f-46ba-87b8-e7748e7c9c90.roa (raw, json)
Hash identifier:          kvJ1Fn2ZIS+x4n3r5v3aMJyAxp7X152itn85lXmKvjQ=
Subject key identifier:   D9:C1:B3:AF:F9:76:B2:CA:FF:E5:F8:B6:95:56:0A:F6:16:46:E4:87
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       5B7DA65519C9DB0FCC3CB43805F20D670F50FA41
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02e80c9d-369f-46ba-87b8-e7748e7c9c90.roa
Signing time:             Fri 25 Apr 2025 18:01:10 +0000
ROA not before:           Fri 25 Apr 2025 18:01:10 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e700::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:7d:a6:55:19:c9:db:0f:cc:3c:b4:38:05:f2:0d:67:0f:50:fa:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 25 18:01:10 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=dce31a6ad812b46f63c0bdf5f1052dc93919bb93853aa1e4fac19eb3d6c655f8, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:ea:8b:6b:ad:f0:ec:0e:8e:76:e9:ad:b6:17:
                    fe:cf:b0:7a:ab:63:ac:64:2f:82:ae:f2:dc:7d:7c:
                    b6:58:e8:44:e3:84:30:8e:46:4d:a2:14:af:db:ac:
                    36:54:e8:5e:37:fb:53:c6:21:a3:44:69:6b:6e:02:
                    9b:b6:1b:ad:b6:a4:dc:40:bb:be:53:d3:85:08:95:
                    27:9f:c4:56:cc:4e:67:e1:d3:79:04:ce:3e:28:5b:
                    b7:6d:8f:1d:27:6a:97:39:7e:31:5b:06:54:10:60:
                    1c:da:fb:29:98:01:bf:5e:1c:72:9d:78:71:da:0c:
                    d1:5c:2c:e0:46:0e:ea:78:1d:21:88:f0:2c:47:5f:
                    3a:ba:35:bb:69:90:d1:4d:72:45:44:ad:4f:60:9a:
                    89:7f:38:c5:35:67:e0:f3:12:df:19:ee:3f:7f:97:
                    9a:78:d9:a0:b1:ee:b5:86:dd:46:d3:4a:67:ce:52:
                    f0:aa:96:a1:89:c5:ff:ed:f9:3c:b9:d9:e5:f3:55:
                    2d:1f:b9:78:48:49:34:1c:ba:3a:6d:ee:ce:57:46:
                    67:72:2c:1d:b4:7e:f0:e9:d1:e0:a5:5b:54:9e:cf:
                    72:16:75:1d:18:29:da:95:61:e4:92:af:03:65:63:
                    50:c3:29:53:2b:b9:2d:f9:da:e4:82:da:34:d9:f5:
                    49:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:C1:B3:AF:F9:76:B2:CA:FF:E5:F8:B6:95:56:0A:F6:16:46:E4:87
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02e80c9d-369f-46ba-87b8-e7748e7c9c90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e700::/40

    Signature Algorithm: sha256WithRSAEncryption
         45:95:4f:47:63:cc:5f:e8:84:9b:74:e1:cf:a5:f4:20:eb:9f:
         ce:4d:c7:83:ae:48:e5:dd:4f:93:32:7e:bb:d1:c1:ac:8f:f1:
         30:2a:ac:fc:c5:1c:eb:ce:04:77:72:5d:60:ee:e2:93:f7:12:
         51:6d:59:bd:33:a4:9e:a5:88:9f:59:09:2a:63:33:9f:ec:93:
         8f:62:cf:58:f7:b6:7f:76:20:c9:21:22:a2:9d:a2:b3:92:24:
         21:f3:ef:35:a4:e9:a5:79:2f:df:b3:4d:be:95:66:5f:18:a9:
         39:19:1b:4f:e3:d5:ea:a2:ca:df:fe:43:47:b7:5e:13:3c:dd:
         87:2e:11:64:a3:fd:f6:4e:a4:96:00:91:fe:49:68:51:87:61:
         7c:b0:38:79:01:0b:d8:d3:c9:85:b7:a4:d2:d1:a6:b1:9b:51:
         1a:87:1e:e6:e6:a4:b7:d2:46:8a:1a:97:4d:ef:c2:33:6b:f2:
         27:ba:c5:43:e1:90:4a:7a:21:6c:b6:67:c2:52:d6:b1:08:7a:
         79:d3:29:e5:0c:03:c0:dc:5c:46:82:4d:20:f2:cd:ec:f4:c0:
         46:04:fc:d3:67:55:fe:1a:c3:b0:01:c9:52:34:66:97:c1:66:
         11:e2:9e:58:ba:74:f0:ce:1d:78:bc:85:e4:ce:db:17:4b:4a:
         41:96:9d:9f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUW32mVRnJ2w/MPLQ4BfINZw9Q+kEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNDI1MTgwMTEwWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkY2UzMWE2YWQ4MTJiNDZmNjNjMGJkZjVmMTA1MmRjOTM5
MTliYjkzODUzYWExZTRmYWMxOWViM2Q2YzY1NWY4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDw6otrrfDsDo526a22F/7PsHqrY6xkL4Ku8tx9fLZY6ETj
hDCORk2iFK/brDZU6F43+1PGIaNEaWtuApu2G622pNxAu75T04UIlSefxFbMTmfh
03kEzj4oW7dtjx0napc5fjFbBlQQYBza+ymYAb9eHHKdeHHaDNFcLOBGDup4HSGI
8CxHXzq6NbtpkNFNckVErU9gmol/OMU1Z+DzEt8Z7j9/l5p42aCx7rWG3UbTSmfO
UvCqlqGJxf/t+Ty52eXzVS0fuXhISTQcujpt7s5XRmdyLB20fvDp0eClW1Sez3IW
dR0YKdqVYeSSrwNlY1DDKVMruS352uSC2jTZ9Ul9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2cGzr/l2ssr/5fi2lVYK9hZG5IcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzAyZTgwYzlkLTM2OWYtNDZiYS04N2I4LWU3NzQ4ZTdjOWM5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD75zANBgkqhkiG9w0BAQsFAAOCAQEARZVPR2PMX+iEm3Thz6X0IOuf
zk3Hg65I5d1PkzJ+u9HBrI/xMCqs/MUc684Ed3JdYO7ik/cSUW1ZvTOknqWIn1kJ
KmMzn+yTj2LPWPe2f3YgySEiop2is5IkIfPvNaTppXkv37NNvpVmXxipORkbT+PV
6qLK3/5DR7deEzzdhy4RZKP99k6klgCR/kloUYdhfLA4eQEL2NPJhbek0tGmsZtR
Goce5uakt9JGihqXTe/CM2vyJ7rFQ+GQSnohbLZnwlLWsQh6edMp5QwDwNxcRoJN
IPLN7PTARgT802dV/hrDsAHJUjRml8FmEeKeWLp08M4deLyF5M7bF0tKQZadnw==
-----END CERTIFICATE-----