Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5211bbfa-c26c-44f8-96b2-a9282cfd61a1.roa
File:                     5211bbfa-c26c-44f8-96b2-a9282cfd61a1.roa (raw, json)
Hash identifier:          wtgtmuch4y22DEaoZCuZD3Cg3qgF3NOG2H0+XVU7Cus=
Subject key identifier:   9C:F6:26:A1:5C:F1:95:9D:02:40:41:E0:DA:41:86:F1:2C:DA:C4:EC
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       44ECFF34A7DB32A40ABE6F89FDFD9B0453F593BA
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5211bbfa-c26c-44f8-96b2-a9282cfd61a1.roa
Signing time:             Tue 20 May 2025 18:11:31 +0000
ROA not before:           Tue 20 May 2025 18:11:31 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 16 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:ec:ff:34:a7:db:32:a4:0a:be:6f:89:fd:fd:9b:04:53:f5:93:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:11:31 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=416c36c1d40f8e3648f1d1d5882b383b5b3a27e4c5d4bd87769c9344a25d5dd5, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8c:b5:f0:a3:09:b4:1e:31:48:40:f4:47:0e:
                    9c:f5:e8:ae:dc:b0:0b:d3:ee:34:df:78:00:d6:84:
                    d6:05:30:08:53:b3:07:52:61:52:f1:c6:d5:08:5a:
                    de:8c:e9:7f:c9:8d:fe:01:0f:ad:36:64:b8:39:32:
                    7a:84:0a:c3:98:7e:59:ba:51:61:e8:98:02:f4:58:
                    3f:87:bc:58:e1:81:ea:bd:43:fb:fe:56:62:77:f6:
                    4f:9b:27:cb:be:17:33:a9:ea:c0:c9:d4:3a:4c:93:
                    a0:51:9a:20:6f:64:dc:ff:37:43:7b:cb:a4:bf:1f:
                    c7:30:dc:e2:0a:81:8a:c7:c7:b5:93:1e:c8:ec:88:
                    76:61:17:b1:c8:03:20:58:e5:f3:c9:c1:89:79:ee:
                    81:f7:bb:a9:0d:b9:e6:38:25:17:fc:42:4a:c4:b0:
                    c4:02:64:bb:66:e9:56:58:0d:82:d3:dd:9c:a7:ec:
                    9f:eb:fd:43:cf:b7:4a:ed:92:a9:35:b0:7c:f0:77:
                    e7:0d:a1:50:81:b3:ad:ca:b9:0f:50:7a:7e:d6:8c:
                    9f:90:17:c8:62:0d:ca:83:73:30:c8:cb:4e:be:52:
                    b7:19:a8:00:3f:44:8c:f5:5d:4e:ba:66:2f:cf:13:
                    e9:09:8a:0f:f9:33:6e:63:b3:7b:af:6d:bf:9e:61:
                    cd:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:F6:26:A1:5C:F1:95:9D:02:40:41:E0:DA:41:86:F1:2C:DA:C4:EC
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5211bbfa-c26c-44f8-96b2-a9282cfd61a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e100::/40

    Signature Algorithm: sha256WithRSAEncryption
         70:2d:c5:02:6e:d7:28:27:80:a0:58:27:d2:6b:b0:52:d7:5b:
         ac:3d:ab:4b:ae:0c:2b:9b:f4:53:9c:d8:67:93:91:5a:46:ff:
         35:58:b7:d1:ee:b8:2e:b8:09:85:25:b7:a2:96:f2:34:d8:de:
         ec:c2:72:20:e1:21:b2:e3:56:8b:70:87:0e:98:6c:b9:de:a6:
         a6:f3:f2:cd:e5:0f:63:ab:21:ac:77:d9:75:4c:b3:94:9a:70:
         f4:34:40:5c:6d:e1:61:d9:ac:08:21:4a:d0:d3:14:3f:83:2f:
         b3:d6:02:a2:56:1f:42:b4:a8:1b:82:91:e1:7f:38:2e:8e:b2:
         10:9d:1d:23:8c:23:71:94:ad:7a:2c:9b:22:03:60:8f:f8:9d:
         97:03:3f:5c:07:da:25:a4:8f:1d:c5:78:4e:68:02:12:99:2e:
         f0:b3:74:14:8a:03:20:46:5f:5f:f9:3c:d2:f2:0d:0e:64:10:
         6c:28:63:5e:e6:00:62:df:73:df:ae:62:68:12:19:7b:bb:4c:
         a9:b6:f4:92:8d:c9:2d:cb:0a:20:d9:0b:fb:8e:1f:42:9a:bd:
         16:3f:46:ef:30:b9:11:9a:60:b3:d9:46:56:a3:61:c6:5f:69:
         87:d7:fc:60:db:68:21:ff:aa:9c:17:12:96:2f:95:46:d4:ff:
         ea:f4:0c:05
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUROz/NKfbMqQKvm+J/f2bBFP1k7owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgxMTMxWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTZjMzZjMWQ0MGY4ZTM2NDhmMWQxZDU4ODJiMzgzYjVi
M2EyN2U0YzVkNGJkODc3NjljOTM0NGEyNWQ1ZGQ1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkjLXwowm0HjFIQPRHDpz16K7csAvT7jTfeADWhNYFMAhT
swdSYVLxxtUIWt6M6X/Jjf4BD602ZLg5MnqECsOYflm6UWHomAL0WD+HvFjhgeq9
Q/v+VmJ39k+bJ8u+FzOp6sDJ1DpMk6BRmiBvZNz/N0N7y6S/H8cw3OIKgYrHx7WT
HsjsiHZhF7HIAyBY5fPJwYl57oH3u6kNueY4JRf8QkrEsMQCZLtm6VZYDYLT3Zyn
7J/r/UPPt0rtkqk1sHzwd+cNoVCBs63KuQ9Qen7WjJ+QF8hiDcqDczDIy06+UrcZ
qAA/RIz1XU66Zi/PE+kJig/5M25js3uvbb+eYc0FAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUnPYmoVzxlZ0CQEHg2kGG8SzaxOwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzUyMTFiYmZhLWMyNmMtNDRmOC05NmIyLWE5MjgyY2ZkNjFhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD74TANBgkqhkiG9w0BAQsFAAOCAQEAcC3FAm7XKCeAoFgn0muwUtdb
rD2rS64MK5v0U5zYZ5ORWkb/NVi30e64LrgJhSW3opbyNNje7MJyIOEhsuNWi3CH
Dphsud6mpvPyzeUPY6shrHfZdUyzlJpw9DRAXG3hYdmsCCFK0NMUP4Mvs9YColYf
QrSoG4KR4X84Lo6yEJ0dI4wjcZSteiybIgNgj/idlwM/XAfaJaSPHcV4TmgCEpku
8LN0FIoDIEZfX/k80vINDmQQbChjXuYAYt9z365iaBIZe7tMqbb0ko3JLcsKINkL
+44fQpq9Fj9G7zC5EZpgs9lGVqNhxl9ph9f8YNtoIf+qnBcSli+VRtT/6vQMBQ==
-----END CERTIFICATE-----