Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa
File:                     4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa (raw, json)
Hash identifier:          EMsJuV47uK44evNkEALNMd8wfBbHKyN5V2FSgBACGdk=
Subject key identifier:   3F:1C:B3:31:7D:EA:EC:2D:53:7B:1A:09:40:86:6F:2B:8D:86:14:3F
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       271E210C00DD6AD0F705E46EBC217CC0B8FB2D8B
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa
Signing time:             Fri 25 Apr 2025 18:01:23 +0000
ROA not before:           Fri 25 Apr 2025 18:01:23 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e500::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:1e:21:0c:00:dd:6a:d0:f7:05:e4:6e:bc:21:7c:c0:b8:fb:2d:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 25 18:01:23 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=828ec534575cb8144dcb0ff0d9f652e58ca8303e0a3637f3fd8a0a22e16cb37d, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:71:84:b7:42:a6:44:e2:28:b3:02:a5:90:61:
                    34:73:54:3e:15:c1:69:a1:56:67:68:55:3c:12:24:
                    45:ed:db:67:98:21:da:5d:23:62:78:66:a8:8f:6c:
                    b6:fb:9e:c0:af:d3:49:29:7b:f7:c2:4a:c9:78:5c:
                    6d:e5:f8:65:57:4e:a3:56:88:c3:a2:6b:c7:3f:38:
                    03:40:d8:76:f2:50:cf:10:54:d3:96:47:bb:00:fe:
                    c4:f5:f8:95:ee:52:f0:aa:92:11:9a:42:f9:05:44:
                    08:b8:7b:95:48:2e:51:cb:c6:0b:b5:32:8c:d2:3f:
                    1d:f1:a1:09:82:3a:0f:06:2f:dc:d2:7f:7a:d3:fc:
                    7c:3c:b4:6c:63:9f:f4:a8:bb:89:72:9b:97:bc:a2:
                    ee:75:d4:1d:47:14:73:d2:10:de:f4:f4:22:ab:7f:
                    6c:77:f9:2f:af:09:61:f9:50:5c:ce:b5:32:05:22:
                    a9:3d:98:3e:2b:2a:00:4f:31:91:68:aa:19:72:61:
                    b3:00:9f:48:69:05:b4:1c:0f:cb:1e:c0:37:87:d0:
                    37:40:83:45:91:00:e0:d1:e9:cc:db:9f:35:b6:3c:
                    17:aa:04:b5:19:11:38:09:44:c8:27:62:82:14:dd:
                    51:6f:e9:a6:f3:96:91:e1:dd:91:32:a1:9f:ed:e8:
                    05:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:1C:B3:31:7D:EA:EC:2D:53:7B:1A:09:40:86:6F:2B:8D:86:14:3F
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e500::/42

    Signature Algorithm: sha256WithRSAEncryption
         99:66:12:a1:b6:a5:db:2a:0e:7e:fe:ae:f7:f8:bd:45:4c:fd:
         cd:65:a5:ce:3b:be:15:e4:a1:40:d9:b4:1f:3e:6d:42:e7:45:
         fc:2c:bd:28:5e:da:f2:17:41:09:5a:d8:02:e2:c4:67:31:81:
         3d:5b:8b:5c:94:75:bb:93:76:38:cb:ad:c6:9b:d1:c0:ef:a6:
         1a:cd:f9:e6:db:8a:db:67:61:a9:57:10:ed:a7:83:0d:da:db:
         e4:7d:08:d9:02:60:75:86:16:3f:80:8b:5b:74:0e:18:83:2d:
         51:fd:5d:58:e1:1d:bf:1c:aa:d0:86:9d:f1:21:9d:1d:4c:02:
         c6:26:84:b5:cd:e3:a8:9e:82:0c:e7:98:40:4b:16:dc:fb:70:
         54:5c:0a:dc:0c:f9:8a:28:73:c8:d7:d5:0c:a4:71:34:5c:43:
         8c:08:a6:9c:ed:47:7f:84:9d:c9:f9:99:3c:d7:f4:e6:73:18:
         1d:ad:c5:e1:6b:a1:51:0b:1e:90:2b:df:a9:b2:ea:ff:f8:a5:
         25:49:75:6b:4b:e1:29:fc:e7:e6:63:af:a3:55:7f:da:95:f7:
         f5:41:3f:d9:cb:cf:a7:b9:80:bb:e1:db:13:3f:d4:8e:6c:34:
         37:7e:5e:ee:3c:76:b7:56:26:5f:14:b3:74:28:96:8a:a0:0a:
         2d:a0:df:12
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJx4hDADdatD3BeRuvCF8wLj7LYswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNDI1MTgwMTIzWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjhlYzUzNDU3NWNiODE0NGRjYjBmZjBkOWY2NTJlNThj
YTgzMDNlMGEzNjM3ZjNmZDhhMGEyMmUxNmNiMzdkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1cYS3QqZE4iizAqWQYTRzVD4VwWmhVmdoVTwSJEXt22eY
IdpdI2J4ZqiPbLb7nsCv00kpe/fCSsl4XG3l+GVXTqNWiMOia8c/OANA2HbyUM8Q
VNOWR7sA/sT1+JXuUvCqkhGaQvkFRAi4e5VILlHLxgu1MozSPx3xoQmCOg8GL9zS
f3rT/Hw8tGxjn/Sou4lym5e8ou511B1HFHPSEN709CKrf2x3+S+vCWH5UFzOtTIF
Iqk9mD4rKgBPMZFoqhlyYbMAn0hpBbQcD8sewDeH0DdAg0WRAODR6czbnzW2PBeq
BLUZETgJRMgnYoIU3VFv6abzlpHh3ZEyoZ/t6AXzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUPxyzMX3q7C1TexoJQIZvK42GFD8wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRjN2MyNmQwLTBlNjItNGNjOC1hZDNjLTNjMTVmZmUzMTRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD75QAwDQYJKoZIhvcNAQELBQADggEBAJlmEqG2pdsqDn7+rvf4vUVM
/c1lpc47vhXkoUDZtB8+bULnRfwsvShe2vIXQQla2ALixGcxgT1bi1yUdbuTdjjL
rcab0cDvphrN+ebbittnYalXEO2ngw3a2+R9CNkCYHWGFj+Ai1t0DhiDLVH9XVjh
Hb8cqtCGnfEhnR1MAsYmhLXN46ieggznmEBLFtz7cFRcCtwM+Yooc8jX1QykcTRc
Q4wIppztR3+Encn5mTzX9OZzGB2txeFroVELHpAr36my6v/4pSVJdWtL4Sn85+Zj
r6NVf9qV9/VBP9nLz6e5gLvh2xM/1I5sNDd+Xu48drdWJl8Us3QoloqgCi2g3xI=
-----END CERTIFICATE-----