Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/828860c7-04d3-410e-a0e6-5d8782c6c573.roa
File:                     828860c7-04d3-410e-a0e6-5d8782c6c573.roa (raw, json)
Hash identifier:          EpDY9DxmKWcdMlGg71AV9tXTLMax2E6HBg2jyO/zEIQ=
Subject key identifier:   7C:9D:9C:02:C4:1F:85:E8:DA:61:7F:2D:9E:92:87:3A:98:35:0C:74
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       10306C0D2FBB11DD25DAFB5D63CE42336E005751
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/828860c7-04d3-410e-a0e6-5d8782c6c573.roa
Signing time:             Sat 31 May 2025 01:06:56 +0000
ROA not before:           Sat 31 May 2025 01:06:56 +0000
ROA not after:            Sat 05 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:10a::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:30:6c:0d:2f:bb:11:dd:25:da:fb:5d:63:ce:42:33:6e:00:57:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 31 01:06:56 2025 GMT
            Not After : Jul  5 23:59:59 2025 GMT
        Subject: serialNumber=fd08567a8fb37c6ee4d945786ec6ee2f9462d7c549d8dcd398b45064918a07b9, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:af:5a:b1:e2:59:97:e7:a9:b9:bc:7a:fe:32:
                    ea:e5:af:91:f9:20:85:ac:b3:23:3d:66:f0:12:56:
                    18:f3:3e:84:ed:38:85:ae:8f:c0:48:6b:e3:93:71:
                    94:27:53:9c:bd:62:80:cc:8b:ed:59:dd:aa:17:df:
                    4e:48:3b:e0:6b:36:31:b5:cd:a6:70:79:a9:f5:4c:
                    4b:16:92:78:c3:70:d2:9d:26:19:c6:83:06:5f:7d:
                    4b:cc:db:96:8c:9d:c2:68:68:fc:e6:99:a5:1e:1c:
                    a1:11:2e:e8:78:11:f7:6d:9c:ce:15:89:b7:38:4b:
                    be:82:f5:05:40:83:d8:50:c8:d3:1a:8d:87:0b:b4:
                    cf:68:71:74:00:4c:19:97:df:7c:67:f9:d2:df:58:
                    2c:1a:5b:c4:36:c8:44:1a:f7:bb:51:87:3f:ca:dd:
                    07:87:7d:17:2a:f4:7c:90:04:6e:4f:c1:ae:dd:3c:
                    8b:78:ae:18:a3:40:6b:5c:9b:f7:35:aa:66:7f:65:
                    55:e9:55:d7:ec:ca:5b:c6:b2:c4:8a:ea:4f:0b:6e:
                    4f:25:59:13:56:ed:48:d3:0c:44:3d:77:8f:51:dc:
                    f0:ea:dd:67:6b:11:38:71:fe:3e:8b:2b:48:c8:15:
                    1d:9a:83:88:0d:62:a4:ad:eb:d7:65:ea:6d:8b:bf:
                    69:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9D:9C:02:C4:1F:85:E8:DA:61:7F:2D:9E:92:87:3A:98:35:0C:74
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/828860c7-04d3-410e-a0e6-5d8782c6c573.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:10a::/47

    Signature Algorithm: sha256WithRSAEncryption
         32:40:63:7a:77:df:22:25:f3:79:82:de:2f:c9:4a:01:1c:1a:
         ca:c5:dc:44:60:8b:31:52:b0:12:ef:84:eb:d3:89:f8:bc:f8:
         d7:b4:ed:d0:0c:f0:99:6d:7f:e7:48:0e:7a:ab:ad:6c:79:e6:
         9b:21:67:cf:79:c0:87:e3:07:1c:b9:64:9b:4a:fb:29:5e:76:
         63:7e:b5:99:ab:2d:3a:8c:27:1d:aa:67:40:53:b9:cb:6f:c1:
         87:93:04:1a:41:6f:61:83:f4:2d:7e:fb:19:5b:cf:f7:f2:5d:
         80:98:66:b3:db:63:f4:37:5b:d7:b3:90:09:c6:d5:d9:bf:cf:
         26:49:fa:d3:63:30:0d:52:f5:63:b0:b8:43:b6:14:29:43:7f:
         ec:a5:53:66:75:83:c2:a3:a6:21:81:1f:30:2b:cb:06:0e:63:
         d2:0a:00:da:95:d7:da:d5:c5:5c:70:cd:da:e4:1e:1e:0f:4f:
         cd:e4:7d:e6:6c:68:7f:5b:f1:17:7a:f3:70:49:f3:e3:97:f5:
         1f:85:4c:3e:4b:4d:3d:91:b3:0a:62:0c:85:cb:08:3c:cb:d0:
         d0:88:cb:03:fa:b0:bb:6c:65:f5:6e:2e:9d:f2:7e:12:9e:7f:
         ce:da:ec:a9:a5:f6:63:1c:a5:48:8c:25:77:be:f7:9d:49:b8:
         3a:a6:d5:2a
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUEDBsDS+7Ed0l2vtdY85CM24AV1EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTMxMDEwNjU2WhcNMjUwNzA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDA4NTY3YThmYjM3YzZlZTRkOTQ1Nzg2ZWM2ZWUyZjk0
NjJkN2M1NDlkOGRjZDM5OGI0NTA2NDkxOGEwN2I5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDur1qx4lmX56m5vHr+Murlr5H5IIWssyM9ZvASVhjzPoTt
OIWuj8BIa+OTcZQnU5y9YoDMi+1Z3aoX305IO+BrNjG1zaZwean1TEsWknjDcNKd
JhnGgwZffUvM25aMncJoaPzmmaUeHKERLuh4EfdtnM4Vibc4S76C9QVAg9hQyNMa
jYcLtM9ocXQATBmX33xn+dLfWCwaW8Q2yEQa97tRhz/K3QeHfRcq9HyQBG5Pwa7d
PIt4rhijQGtcm/c1qmZ/ZVXpVdfsylvGssSK6k8Lbk8lWRNW7UjTDEQ9d49R3PDq
3WdrEThx/j6LK0jIFR2ag4gNYqSt69dl6m2Lv2lnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUfJ2cAsQfhejaYX8tnpKHOpg1DHQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzgyODg2MGM3LTA0ZDMtNDEwZS1hMGU2LTVkODc4MmM2YzU3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAPDwAQowDQYJKoZIhvcNAQELBQADggEBADJAY3p33yIl83mC3i/JSgEc
GsrF3ERgizFSsBLvhOvTifi8+Ne07dAM8Jltf+dIDnqrrWx55pshZ895wIfjBxy5
ZJtK+yledmN+tZmrLTqMJx2qZ0BTuctvwYeTBBpBb2GD9C1++xlbz/fyXYCYZrPb
Y/Q3W9ezkAnG1dm/zyZJ+tNjMA1S9WOwuEO2FClDf+ylU2Z1g8KjpiGBHzArywYO
Y9IKANqV19rVxVxwzdrkHh4PT83kfeZsaH9b8Rd683BJ8+OX9R+FTD5LTT2Rswpi
DIXLCDzL0NCIywP6sLtsZfVuLp3yfhKef87a7Kml9mMcpUiMJXe+951JuDqm1So=
-----END CERTIFICATE-----