Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ae8e0646-a3de-4f6f-9f98-8689213b0505.roa
File:                     ae8e0646-a3de-4f6f-9f98-8689213b0505.roa (raw, json)
Hash identifier:          aIZNU7RsFDs9tupS9408XUOKB214ZTIg1TWSH2/dHeE=
Subject key identifier:   5C:66:B4:B2:0F:8F:96:23:D5:61:86:F3:AC:52:78:09:54:84:9E:CC
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       32B93BDF5F6727A45F121CB25E2050DF464D22B5
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ae8e0646-a3de-4f6f-9f98-8689213b0505.roa
Signing time:             Fri 25 Apr 2025 18:01:35 +0000
ROA not before:           Fri 25 Apr 2025 18:01:35 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:ea00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:b9:3b:df:5f:67:27:a4:5f:12:1c:b2:5e:20:50:df:46:4d:22:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 25 18:01:35 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=ec231590f518b59be367abe4279aa6e2834de3bc813fd36d0dd7c176f341d29e, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8d:a6:78:53:c9:96:ea:a3:f2:e0:ed:f7:18:
                    b2:e2:56:e6:c3:77:17:4b:0b:29:11:73:98:cb:e0:
                    85:4b:a5:30:de:22:53:50:1d:17:be:a1:26:53:9b:
                    ae:c2:2f:1d:e0:d9:d1:b3:f4:bd:e6:0a:f5:f9:88:
                    dd:4d:7b:ee:00:b3:59:74:78:b6:9d:7e:bf:bc:23:
                    a7:15:f7:72:50:39:00:09:52:b4:4c:71:82:1c:11:
                    8a:c4:cc:34:6d:9d:db:38:b5:0d:41:2b:9b:d9:6b:
                    ce:d1:52:8c:81:c6:a6:1c:85:f4:94:cd:66:5b:c3:
                    04:6e:1b:5b:97:0c:41:06:3e:23:af:02:50:74:4c:
                    f6:36:16:23:79:c0:49:25:f4:68:1d:81:69:80:0c:
                    4f:df:eb:5a:dd:d9:f6:50:be:7c:48:e5:f1:0c:07:
                    a2:92:7c:7d:62:06:b3:32:db:b8:b1:8c:9a:69:97:
                    61:2a:fb:7c:ab:72:12:fe:43:43:05:2d:86:8a:c5:
                    7c:02:d0:52:9c:2e:c3:a2:8b:bc:d2:bc:6a:f8:15:
                    19:04:be:98:cf:6d:42:1e:9b:dd:f3:18:a6:da:cc:
                    73:9b:e9:79:da:5e:ee:9c:6b:56:a3:7f:85:76:53:
                    10:f1:2a:ea:0f:08:cc:9e:12:e7:db:85:97:6c:d2:
                    88:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:66:B4:B2:0F:8F:96:23:D5:61:86:F3:AC:52:78:09:54:84:9E:CC
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ae8e0646-a3de-4f6f-9f98-8689213b0505.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ea00::/40

    Signature Algorithm: sha256WithRSAEncryption
         91:65:df:12:f3:3c:cb:3b:ce:33:ac:4b:16:45:2c:5f:25:80:
         4e:ec:56:3d:db:2e:fc:65:e4:c4:5f:1f:f8:86:ba:3c:79:25:
         a9:ec:55:34:dc:b1:77:ae:6c:33:a1:cc:7b:b5:00:02:f8:c4:
         40:64:66:44:84:d5:4d:7c:e3:38:34:93:16:b3:34:da:0b:42:
         2f:04:16:28:5c:74:38:3a:88:fb:62:25:e1:4d:73:c7:5b:1a:
         af:e2:fa:35:d3:4c:f5:52:53:a3:72:89:0f:d6:fe:a0:4b:f5:
         79:8a:26:9d:cf:09:c7:8b:db:f3:c6:fa:ff:5e:2b:37:d2:47:
         6f:04:82:84:63:bf:54:07:81:86:8a:7b:17:5e:fc:93:c2:89:
         9f:6d:d2:9d:f2:5b:da:22:0a:cb:6d:0b:b5:c4:6d:6c:49:0f:
         41:22:2f:54:b1:28:a0:d2:94:fb:57:de:9f:e6:2f:d4:ee:81:
         5d:72:52:8a:bd:80:46:7d:4c:11:9e:5c:b5:e6:75:56:07:49:
         d2:cd:50:c9:92:db:67:6a:34:7d:95:e9:9c:2a:6d:39:26:3d:
         69:3b:96:2c:f4:77:99:1a:24:2e:6a:d5:b4:f5:3b:54:36:ba:
         cc:b6:ae:74:38:7f:2d:a2:09:d3:13:62:e6:50:00:c1:c4:9d:
         9d:90:44:b4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMrk7319nJ6RfEhyyXiBQ30ZNIrUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNDI1MTgwMTM1WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzIzMTU5MGY1MThiNTliZTM2N2FiZTQyNzlhYTZlMjgz
NGRlM2JjODEzZmQzNmQwZGQ3YzE3NmYzNDFkMjllMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqjaZ4U8mW6qPy4O33GLLiVubDdxdLCykRc5jL4IVLpTDe
IlNQHRe+oSZTm67CLx3g2dGz9L3mCvX5iN1Ne+4As1l0eLadfr+8I6cV93JQOQAJ
UrRMcYIcEYrEzDRtnds4tQ1BK5vZa87RUoyBxqYchfSUzWZbwwRuG1uXDEEGPiOv
AlB0TPY2FiN5wEkl9GgdgWmADE/f61rd2fZQvnxI5fEMB6KSfH1iBrMy27ixjJpp
l2Eq+3yrchL+Q0MFLYaKxXwC0FKcLsOii7zSvGr4FRkEvpjPbUIem93zGKbazHOb
6XnaXu6ca1ajf4V2UxDxKuoPCMyeEufbhZds0oihAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUXGa0sg+PliPVYYbzrFJ4CVSEnswwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2FlOGUwNjQ2LWEzZGUtNGY2Zi05Zjk4LTg2ODkyMTNiMDUwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76jANBgkqhkiG9w0BAQsFAAOCAQEAkWXfEvM8yzvOM6xLFkUsXyWA
TuxWPdsu/GXkxF8f+Ia6PHklqexVNNyxd65sM6HMe7UAAvjEQGRmRITVTXzjODST
FrM02gtCLwQWKFx0ODqI+2Il4U1zx1sar+L6NdNM9VJTo3KJD9b+oEv1eYomnc8J
x4vb88b6/14rN9JHbwSChGO/VAeBhop7F178k8KJn23SnfJb2iIKy20LtcRtbEkP
QSIvVLEooNKU+1fen+Yv1O6BXXJSir2ARn1MEZ5cteZ1VgdJ0s1QyZLbZ2o0fZXp
nCptOSY9aTuWLPR3mRokLmrVtPU7VDa6zLaudDh/LaIJ0xNi5lAAwcSdnZBEtA==
-----END CERTIFICATE-----