Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa
File:                     9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa (raw, json)
Hash identifier:          MzPCjv8ISKE0zx7loXDEzHENHTfDEFbqBLQGyWQjYnA=
Subject key identifier:   28:4B:D7:AD:FD:89:F8:6E:3D:C6:97:36:D4:58:D9:02:D9:DB:53:BE
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       0F9595ABEF4124370C57935FF95323F320E36F0A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa
Signing time:             Sat 31 May 2025 00:50:08 +0000
ROA not before:           Sat 31 May 2025 00:50:08 +0000
ROA not after:            Sat 05 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5503::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:95:95:ab:ef:41:24:37:0c:57:93:5f:f9:53:23:f3:20:e3:6f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 31 00:50:08 2025 GMT
            Not After : Jul  5 23:59:59 2025 GMT
        Subject: serialNumber=b5627bec237759c08e782326f6423cc252a5495bf0a4765b486ee4a209f8c445, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:63:28:99:e5:dc:1c:8c:d6:43:c8:1c:5f:a0:
                    ea:58:29:e1:8b:c2:a2:08:e0:eb:4d:f9:ac:56:5f:
                    a0:14:3c:e7:78:a1:5f:41:58:fc:6d:5b:25:01:cc:
                    e7:b1:56:71:00:94:a5:ff:c3:64:76:0f:68:8b:18:
                    e7:49:06:50:6a:e9:5d:40:d9:e7:f1:7b:5a:b6:bb:
                    73:22:83:27:25:6f:53:d9:46:ed:0d:db:82:3d:a2:
                    0d:a2:1a:6f:f3:ba:22:bd:88:1b:1d:c5:76:70:88:
                    93:6a:78:48:35:84:a1:c5:86:33:02:e6:09:de:35:
                    98:2b:84:46:3d:37:4e:e3:d3:07:f6:e4:0a:9c:4a:
                    ff:8c:f9:18:a5:25:50:2a:e2:94:c2:4a:39:86:26:
                    8b:17:d7:00:81:33:28:95:60:5f:35:09:6a:f7:e5:
                    fa:b6:09:9e:17:5d:a2:5c:1f:c2:bb:df:4a:29:ac:
                    88:30:94:3c:52:9a:4c:6d:bf:ba:91:e7:a2:da:dc:
                    29:d0:69:29:1a:02:b6:1f:6d:b0:3e:ed:cb:b4:72:
                    6f:5e:3a:68:47:bf:a0:ef:34:c8:6a:0c:39:92:19:
                    95:98:0e:f7:34:ab:12:0e:8a:87:85:e8:c4:2d:75:
                    83:50:98:09:39:ad:1c:d7:54:b6:5f:64:22:68:85:
                    1c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4B:D7:AD:FD:89:F8:6E:3D:C6:97:36:D4:58:D9:02:D9:DB:53:BE
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5503::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:32:01:79:e9:cd:c1:42:e9:a7:c6:b3:21:fe:13:01:12:76:
         26:d2:5d:fc:80:b0:18:60:85:da:fd:fc:d0:f8:5b:32:f8:9c:
         fb:c4:bb:cc:78:f9:1b:b6:a7:7d:01:1c:0d:98:4f:76:50:bb:
         c7:ce:a2:90:74:70:e6:40:0f:03:09:af:a2:76:6c:cf:5a:3c:
         4e:ff:bd:42:4f:e5:40:89:86:18:88:f0:d6:73:28:c4:44:e2:
         c0:6f:01:95:f6:a2:62:41:02:b2:a2:f1:ac:79:10:6d:3d:c9:
         90:8e:30:8a:09:4e:42:7c:47:8a:44:3a:7c:b3:81:ca:d6:ae:
         e9:10:a3:ec:a2:8b:55:d6:c1:b8:a3:64:c6:17:37:73:8a:a6:
         1d:69:47:e3:80:58:f4:47:f1:9b:fd:33:bc:a7:29:6a:e4:03:
         48:de:e7:15:f5:d3:c1:2f:29:90:e3:ce:bf:14:c8:69:38:4d:
         dd:17:92:12:ce:d5:2d:be:cb:53:a3:62:c6:12:13:0e:12:ea:
         aa:5f:71:bc:b8:2b:d3:3d:9b:fe:3c:03:50:4b:d9:22:ea:bc:
         57:c6:27:a7:31:aa:2e:28:bb:9b:21:0e:6a:cf:15:d6:f4:44:
         ce:32:86:83:41:b4:41:73:c6:13:5b:1a:bb:2a:db:68:a8:9b:
         10:f1:3b:3d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUD5WVq+9BJDcMV5Nf+VMj8yDjbwowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTMxMDA1MDA4WhcNMjUwNzA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTYyN2JlYzIzNzc1OWMwOGU3ODIzMjZmNjQyM2NjMjUy
YTU0OTViZjBhNDc2NWI0ODZlZTRhMjA5ZjhjNDQ1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8YyiZ5dwcjNZDyBxfoOpYKeGLwqII4OtN+axWX6AUPOd4
oV9BWPxtWyUBzOexVnEAlKX/w2R2D2iLGOdJBlBq6V1A2efxe1q2u3Migyclb1PZ
Ru0N24I9og2iGm/zuiK9iBsdxXZwiJNqeEg1hKHFhjMC5gneNZgrhEY9N07j0wf2
5AqcSv+M+RilJVAq4pTCSjmGJosX1wCBMyiVYF81CWr35fq2CZ4XXaJcH8K730op
rIgwlDxSmkxtv7qR56La3CnQaSkaArYfbbA+7cu0cm9eOmhHv6DvNMhqDDmSGZWY
Dvc0qxIOioeF6MQtdYNQmAk5rRzXVLZfZCJohRzzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUKEvXrf2J+G49xpc21FjZAtnbU74wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2Lzk3MzhiYjBkLTFhODQtNDYwMS1iYzZiLTI1YmE3ZjQ5YzcyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVQMwDQYJKoZIhvcNAQELBQADggEBAEcyAXnpzcFC6afGsyH+EwES
dibSXfyAsBhghdr9/ND4WzL4nPvEu8x4+Ru2p30BHA2YT3ZQu8fOopB0cOZADwMJ
r6J2bM9aPE7/vUJP5UCJhhiI8NZzKMRE4sBvAZX2omJBArKi8ax5EG09yZCOMIoJ
TkJ8R4pEOnyzgcrWrukQo+yii1XWwbijZMYXN3OKph1pR+OAWPRH8Zv9M7ynKWrk
A0je5xX108EvKZDjzr8UyGk4Td0XkhLO1S2+y1OjYsYSEw4S6qpfcby4K9M9m/48
A1BL2SLqvFfGJ6cxqi4ou5shDmrPFdb0RM4yhoNBtEFzxhNbGrsq22iomxDxOz0=
-----END CERTIFICATE-----