Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/56527727-111d-4d4a-9da3-1e8d68e15a4c.roa
File:                     56527727-111d-4d4a-9da3-1e8d68e15a4c.roa (raw, json)
Hash identifier:          2c8Sd3N39hCembtdLutRbdQ2SuqJF/tpxnU8hp2nD8k=
Subject key identifier:   86:F8:DA:00:6C:4A:68:10:6D:08:3F:C2:73:DB:88:04:91:05:B6:7B
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       110D349C3BB59D32188EF867667AC8ECD8ABF38F
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/56527727-111d-4d4a-9da3-1e8d68e15a4c.roa
Signing time:             Tue 20 May 2025 18:00:13 +0000
ROA not before:           Tue 20 May 2025 18:00:13 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:0d:34:9c:3b:b5:9d:32:18:8e:f8:67:66:7a:c8:ec:d8:ab:f3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:00:13 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=924ac82509f032af47ca7c6a251c703d4ea72a0a1dafcb92dfef73b9e25bdbf2, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:65:11:3d:57:43:be:79:50:21:e8:4d:e1:fa:
                    28:65:8e:2b:d5:b0:d4:96:77:ac:48:7c:98:c6:ab:
                    9b:98:db:04:18:f1:c5:51:3e:33:86:f3:bd:b3:0e:
                    74:bd:96:76:4f:89:04:d5:a8:7c:bb:34:2a:ea:1d:
                    d5:94:b6:aa:70:28:cb:31:bf:55:df:16:d7:c9:d8:
                    74:35:f2:9f:a5:7f:1a:28:c9:68:66:9e:3d:91:b9:
                    66:17:14:4b:ca:da:bc:f2:f2:8d:17:c8:59:88:cc:
                    0c:dd:bd:20:fa:41:5c:be:8c:9b:b7:23:36:13:8f:
                    c7:e9:e6:10:26:4e:b9:ca:9c:5e:10:a0:3f:a0:17:
                    45:63:93:72:06:7a:a5:a7:57:52:ee:9a:40:71:f6:
                    2d:33:88:18:49:68:f5:5e:61:b4:05:b8:c6:6b:66:
                    99:dd:b1:5f:27:5b:5c:cd:07:86:3c:58:89:c2:ed:
                    2a:7e:9d:d7:7b:99:6d:32:8c:36:27:11:52:95:e8:
                    5a:b4:d4:d6:47:cc:a4:ca:ab:82:82:0c:b4:aa:e8:
                    d2:47:1f:58:8c:46:d3:60:1b:43:71:b0:a3:1d:d1:
                    64:87:ac:f7:22:7b:c6:53:30:05:0e:1a:dd:f2:bf:
                    1a:5d:98:bf:96:dc:ce:6f:51:8e:48:24:2c:6d:0d:
                    e5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F8:DA:00:6C:4A:68:10:6D:08:3F:C2:73:DB:88:04:91:05:B6:7B
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/56527727-111d-4d4a-9da3-1e8d68e15a4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:80::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:05:57:e8:39:e8:49:4f:3b:a2:8b:ff:01:66:ad:27:f0:78:
         15:4f:db:f1:77:c4:aa:65:54:de:6c:b0:85:ba:da:f7:8e:a8:
         f5:48:d7:e4:3c:fb:c3:9a:8f:92:43:d9:fe:d7:35:25:cb:f9:
         dd:1c:13:bb:cf:4d:fa:bc:f8:30:26:e6:87:84:ea:e2:d2:8a:
         6e:4f:dd:16:e6:4e:4c:eb:ee:73:26:64:e3:23:c4:ae:6c:5c:
         04:02:df:a0:2e:77:b0:48:78:3a:51:39:30:8f:93:1a:ce:bc:
         5f:75:b0:9e:06:34:1a:fd:4d:cc:d3:1f:eb:3a:af:eb:fc:ae:
         f1:ca:80:6c:68:77:9b:e5:b8:9c:fd:6b:b1:57:26:e0:b4:e6:
         00:db:0c:e2:6f:d6:15:e0:c6:c9:ee:72:12:3c:ed:5d:9e:d5:
         72:2a:65:e3:24:b3:9e:26:16:42:14:85:a3:df:a6:7d:fc:ec:
         4e:ff:7b:62:da:65:bc:8e:45:89:49:0f:e5:86:86:63:75:d0:
         1a:65:2f:2e:6b:05:dd:d8:4e:17:bd:eb:e1:bf:57:64:48:1e:
         ac:ce:7a:e9:ae:f4:48:18:9d:1e:6f:ac:cf:95:84:88:6d:9b:
         93:97:fb:a9:fc:8a:36:a9:52:d3:63:48:0c:78:9a:ce:3e:a8:
         9b:5a:f5:94
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUEQ00nDu1nTIYjvhnZnrI7Nir848wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgwMDEzWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjRhYzgyNTA5ZjAzMmFmNDdjYTdjNmEyNTFjNzAzZDRl
YTcyYTBhMWRhZmNiOTJkZmVmNzNiOWUyNWJkYmYyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhZRE9V0O+eVAh6E3h+ihljivVsNSWd6xIfJjGq5uY2wQY
8cVRPjOG872zDnS9lnZPiQTVqHy7NCrqHdWUtqpwKMsxv1XfFtfJ2HQ18p+lfxoo
yWhmnj2RuWYXFEvK2rzy8o0XyFmIzAzdvSD6QVy+jJu3IzYTj8fp5hAmTrnKnF4Q
oD+gF0Vjk3IGeqWnV1LumkBx9i0ziBhJaPVeYbQFuMZrZpndsV8nW1zNB4Y8WInC
7Sp+ndd7mW0yjDYnEVKV6Fq01NZHzKTKq4KCDLSq6NJHH1iMRtNgG0NxsKMd0WSH
rPcie8ZTMAUOGt3yvxpdmL+W3M5vUY5IJCxtDeUDAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhvjaAGxKaBBtCD/Cc9uIBJEFtnswHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzU2NTI3NzI3LTExMWQtNGQ0YS05ZGEzLTFlOGQ2OGUxNWE0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDwAIAwDQYJKoZIhvcNAQELBQADggEBAIsFV+g56ElPO6KL/wFmrSfw
eBVP2/F3xKplVN5ssIW62veOqPVI1+Q8+8Oaj5JD2f7XNSXL+d0cE7vPTfq8+DAm
5oeE6uLSim5P3RbmTkzr7nMmZOMjxK5sXAQC36Aud7BIeDpROTCPkxrOvF91sJ4G
NBr9TczTH+s6r+v8rvHKgGxod5vluJz9a7FXJuC05gDbDOJv1hXgxsnuchI87V2e
1XIqZeMks54mFkIUhaPfpn387E7/e2LaZbyORYlJD+WGhmN10BplLy5rBd3YThe9
6+G/V2RIHqzOeumu9EgYnR5vrM+VhIhtm5OX+6n8ijapUtNjSAx4ms4+qJta9ZQ=
-----END CERTIFICATE-----