Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/37e5da86-98ab-4d9c-889e-6ab6e277d866.roa
File:                     37e5da86-98ab-4d9c-889e-6ab6e277d866.roa (raw, json)
Hash identifier:          Z2oQtgJPhWs1lfatsFce5XGqIniT5FeCwxjPZmsqHKM=
Subject key identifier:   FD:DC:61:9F:7C:61:8B:5A:92:E9:9A:81:75:A9:E3:EA:88:92:5A:D4
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1E74D615AC896C7092A39D435504D5550045623F
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/37e5da86-98ab-4d9c-889e-6ab6e277d866.roa
Signing time:             Fri 25 Apr 2025 17:50:04 +0000
ROA not before:           Fri 25 Apr 2025 17:50:04 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:74:d6:15:ac:89:6c:70:92:a3:9d:43:55:04:d5:55:00:45:62:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 25 17:50:04 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=c65d4d8afe5c3a125befdf178c97f13a1f2f2a4d8e4b7cc1a9b1de5977080e57, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:61:2c:30:45:a9:91:e3:6e:68:bb:72:11:0a:
                    5b:86:74:c2:28:19:f9:57:c5:5b:11:3c:a9:ce:96:
                    b8:f1:9c:8d:8a:73:20:da:3d:25:3e:06:df:4c:1f:
                    66:7f:4e:fa:c6:d4:3b:03:3c:25:78:e1:fb:05:07:
                    29:45:58:3d:f6:3f:25:12:e2:18:2e:c3:e7:1e:2c:
                    c7:b3:69:d1:eb:0f:93:01:90:a3:38:04:31:d6:2f:
                    1e:b9:0e:0d:55:79:27:59:c6:eb:fe:b1:23:df:c4:
                    ee:e8:0a:2c:ca:77:3a:e6:6a:af:82:91:2e:73:20:
                    f0:f1:ad:fc:1e:31:99:23:07:4d:3a:e4:7b:2e:cc:
                    59:f3:0f:46:97:3a:b0:f8:32:6f:f9:d2:f1:9a:b3:
                    e1:b9:fc:7a:be:6f:5c:0a:4a:fb:5f:bb:52:96:25:
                    e2:35:50:59:ed:68:99:84:16:02:24:8f:6d:a6:6f:
                    a4:d2:8e:b9:12:1e:81:bb:b5:a8:b0:dd:94:5f:d9:
                    47:d6:67:9d:18:76:90:87:58:c3:36:2f:80:81:14:
                    33:c1:d4:9e:e2:d3:7d:8c:09:75:10:df:94:8a:85:
                    55:6c:8d:13:8d:14:c6:b5:20:d3:ca:8b:5b:10:be:
                    13:d1:a3:8d:d1:75:aa:d0:17:0b:9e:a0:07:fd:8a:
                    46:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:DC:61:9F:7C:61:8B:5A:92:E9:9A:81:75:A9:E3:EA:88:92:5A:D4
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/37e5da86-98ab-4d9c-889e-6ab6e277d866.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:0f:ed:8a:9e:a9:10:e0:2c:cc:4c:ac:ee:07:2c:82:8b:ea:
         e8:ca:37:4e:4f:70:54:fa:93:09:94:37:28:43:d0:08:39:87:
         e2:16:d5:de:09:fe:cf:92:72:45:b7:b9:15:2a:bd:b9:5d:cb:
         59:ec:30:bb:6a:96:b5:ca:b4:15:d0:dd:95:e4:ab:41:4a:ac:
         a5:6f:e1:dd:05:2e:6e:fc:e7:5a:4f:62:e8:1e:30:1d:f1:1b:
         43:39:c9:f7:cf:da:2e:5b:58:ae:74:9a:91:97:03:de:c1:af:
         5b:8f:a2:89:0f:f4:05:7c:91:2a:49:d2:4b:44:f2:6e:31:30:
         d4:6f:ed:1e:b8:ba:77:1d:09:00:ea:47:8b:a8:75:27:51:ee:
         d1:f0:44:e8:92:dd:54:dd:fb:34:d9:cc:6e:e3:09:9e:fc:43:
         d4:5c:6e:b1:9e:9f:32:61:79:9d:21:78:78:90:00:7f:94:7f:
         9e:da:b5:d7:49:95:0e:75:f2:dd:9d:d7:ae:5a:ab:25:51:fe:
         89:57:ba:f7:bb:1c:94:c0:9c:95:da:f4:df:33:c9:42:8b:fa:
         07:09:67:78:33:fb:d7:86:c9:13:d2:62:0f:03:67:14:b9:15:
         35:f0:40:2b:df:1b:9d:6c:1d:ff:67:f2:1b:e2:02:a8:90:00:
         95:df:39:96
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUHnTWFayJbHCSo51DVQTVVQBFYj8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNDI1MTc1MDA0WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjVkNGQ4YWZlNWMzYTEyNWJlZmRmMTc4Yzk3ZjEzYTFm
MmYyYTRkOGU0YjdjYzFhOWIxZGU1OTc3MDgwZTU3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0YSwwRamR425ou3IRCluGdMIoGflXxVsRPKnOlrjxnI2K
cyDaPSU+Bt9MH2Z/TvrG1DsDPCV44fsFBylFWD32PyUS4hguw+ceLMezadHrD5MB
kKM4BDHWLx65Dg1VeSdZxuv+sSPfxO7oCizKdzrmaq+CkS5zIPDxrfweMZkjB006
5HsuzFnzD0aXOrD4Mm/50vGas+G5/Hq+b1wKSvtfu1KWJeI1UFntaJmEFgIkj22m
b6TSjrkSHoG7taiw3ZRf2UfWZ50YdpCHWMM2L4CBFDPB1J7i032MCXUQ35SKhVVs
jRONFMa1INPKi1sQvhPRo43RdarQFwueoAf9ikYtAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU/dxhn3xhi1qS6ZqBdanj6oiSWtQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzM3ZTVkYTg2LTk4YWItNGQ5Yy04ODllLTZhYjZlMjc3ZDg2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAAEwDQYJKoZIhvcNAQELBQADggEBAIcP7YqeqRDgLMxMrO4HLIKL
6ujKN05PcFT6kwmUNyhD0Ag5h+IW1d4J/s+SckW3uRUqvbldy1nsMLtqlrXKtBXQ
3ZXkq0FKrKVv4d0FLm7851pPYugeMB3xG0M5yffP2i5bWK50mpGXA97Br1uPookP
9AV8kSpJ0ktE8m4xMNRv7R64uncdCQDqR4uodSdR7tHwROiS3VTd+zTZzG7jCZ78
Q9RcbrGenzJheZ0heHiQAH+Uf57atddJlQ518t2d165aqyVR/olXuve7HJTAnJXa
9N8zyUKL+gcJZ3gz+9eGyRPSYg8DZxS5FTXwQCvfG51sHf9n8hviAqiQAJXfOZY=
-----END CERTIFICATE-----