Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2910bcfa-4bcb-4125-a56f-4bb9596f5adf.roa
File:                     2910bcfa-4bcb-4125-a56f-4bb9596f5adf.roa (raw, json)
Hash identifier:          wDDKrZEkMm40joV+ORimzerYb+hO0yZADLvL/2Sciko=
Subject key identifier:   D8:59:54:0F:DF:DD:D9:D3:3D:A3:F9:EE:24:29:0A:34:FD:54:DC:4D
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4191C1CE34F2D51FBF0B55E0AC05FF9C831298F1
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2910bcfa-4bcb-4125-a56f-4bb9596f5adf.roa
Signing time:             Fri 25 Apr 2025 17:51:11 +0000
ROA not before:           Fri 25 Apr 2025 17:51:11 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:91:c1:ce:34:f2:d5:1f:bf:0b:55:e0:ac:05:ff:9c:83:12:98:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 25 17:51:11 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=498b6789184aacda273129c4f5e1fd55491d19fe5d6b0362f5acb181c84279d1, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:91:95:80:e8:09:c7:d1:b6:63:a6:3b:d1:83:
                    52:5a:10:27:9e:98:0b:87:1b:ac:89:0a:c1:89:6a:
                    63:c6:f9:59:51:89:82:29:9d:4f:1d:28:51:ac:44:
                    90:13:89:25:dd:45:20:78:15:ca:99:a0:0a:cd:90:
                    52:d3:59:bc:79:54:af:b7:42:0b:61:ca:5c:94:67:
                    a8:e0:72:ae:4d:47:27:f4:dd:13:0e:3f:22:a9:2c:
                    53:6f:66:15:11:6a:36:30:40:ed:2d:fe:12:83:e1:
                    8c:9c:40:3e:bc:07:f4:bf:11:2f:df:d0:d2:60:a9:
                    40:dc:81:5f:15:48:64:c9:6e:1c:8d:70:2b:de:aa:
                    d7:c6:f5:f7:86:76:30:bb:05:0c:83:a3:41:a2:bc:
                    b2:59:2c:c9:6d:28:29:58:06:45:3c:11:f0:b9:9a:
                    0f:e9:6a:ab:dd:8c:ec:c9:1b:00:7f:27:8e:b0:cb:
                    7d:45:d3:0b:03:37:ae:ec:a4:96:43:a1:3a:f9:a1:
                    c4:df:d7:8e:dd:87:ab:8e:27:95:e2:cc:bd:7e:5b:
                    7f:18:32:2c:b3:b9:86:c2:ec:a6:d6:fd:68:98:4a:
                    f2:ec:11:cf:d2:b1:58:df:84:62:a8:b7:cf:84:b1:
                    3e:6e:21:26:4b:b8:af:63:f9:ac:80:f2:b0:70:2a:
                    5c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:59:54:0F:DF:DD:D9:D3:3D:A3:F9:EE:24:29:0A:34:FD:54:DC:4D
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2910bcfa-4bcb-4125-a56f-4bb9596f5adf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:ed:ed:44:e6:88:9d:bb:dd:84:3b:4b:11:cb:45:d2:ab:9b:
         4d:97:8d:d3:b5:b5:72:2a:cb:fb:fc:a3:13:11:96:43:62:d4:
         c2:86:8b:e0:64:06:8c:55:ef:a0:ca:1b:c9:6f:c5:6e:97:c4:
         8e:e3:10:68:d6:4c:4b:a4:e5:3c:21:48:1d:14:e9:d1:c4:83:
         7d:35:d8:e1:80:02:80:f4:71:5c:f5:eb:31:7d:a2:6c:38:94:
         a7:c8:b5:64:a7:fe:f2:1a:ef:eb:ee:fe:34:f9:e9:2b:ce:80:
         0f:e3:e0:82:92:27:88:55:3e:47:03:0d:aa:58:66:fc:21:c8:
         89:14:ea:a6:63:19:e5:5b:ea:54:23:14:dd:3c:b8:b8:bb:01:
         fe:80:44:8e:bb:e8:0b:bc:0e:af:a2:7b:ed:ec:99:8e:c3:67:
         26:22:7a:d2:69:e2:83:38:10:1f:d1:ca:c5:15:06:a8:fe:2c:
         99:87:a9:66:45:b4:50:52:c1:3d:40:90:42:2d:07:2b:ae:9d:
         ad:ca:2c:2d:c1:4c:ce:4a:37:1e:42:41:87:ff:1d:d9:81:36:
         3c:50:f7:34:ef:da:5e:81:4a:aa:74:72:6a:98:7a:90:4c:d7:
         c1:64:59:56:e8:35:53:d7:f2:bd:98:70:73:1d:0a:b1:9d:a1:
         9d:05:92:85
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQZHBzjTy1R+/C1XgrAX/nIMSmPEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNDI1MTc1MTExWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0OThiNjc4OTE4NGFhY2RhMjczMTI5YzRmNWUxZmQ1NTQ5
MWQxOWZlNWQ2YjAzNjJmNWFjYjE4MWM4NDI3OWQxMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFkZWA6AnH0bZjpjvRg1JaECeemAuHG6yJCsGJamPG+VlR
iYIpnU8dKFGsRJATiSXdRSB4FcqZoArNkFLTWbx5VK+3QgthylyUZ6jgcq5NRyf0
3RMOPyKpLFNvZhURajYwQO0t/hKD4YycQD68B/S/ES/f0NJgqUDcgV8VSGTJbhyN
cCveqtfG9feGdjC7BQyDo0GivLJZLMltKClYBkU8EfC5mg/paqvdjOzJGwB/J46w
y31F0wsDN67spJZDoTr5ocTf147dh6uOJ5XizL1+W38YMiyzuYbC7KbW/WiYSvLs
Ec/SsVjfhGKot8+EsT5uISZLuK9j+ayA8rBwKlwvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2FlUD9/d2dM9o/nuJCkKNP1U3E0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzI5MTBiY2ZhLTRiY2ItNDEyNS1hNTZmLTRiYjk1OTZmNWFkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwBTANBgkqhkiG9w0BAQsFAAOCAQEAEe3tROaInbvdhDtLEctF0qub
TZeN07W1cirL+/yjExGWQ2LUwoaL4GQGjFXvoMobyW/FbpfEjuMQaNZMS6TlPCFI
HRTp0cSDfTXY4YACgPRxXPXrMX2ibDiUp8i1ZKf+8hrv6+7+NPnpK86AD+PggpIn
iFU+RwMNqlhm/CHIiRTqpmMZ5VvqVCMU3Ty4uLsB/oBEjrvoC7wOr6J77eyZjsNn
JiJ60mnigzgQH9HKxRUGqP4smYepZkW0UFLBPUCQQi0HK66drcosLcFMzko3HkJB
h/8d2YE2PFD3NO/aXoFKqnRyaph6kEzXwWRZVug1U9fyvZhwcx0KsZ2hnQWShQ==
-----END CERTIFICATE-----