Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/af93e150-9469-47eb-8185-3ff03d87db06.roa
File:                     af93e150-9469-47eb-8185-3ff03d87db06.roa (raw, json)
Hash identifier:          PZffy7fYB2u/Abo+Qa6c/mxBU6hQvdtWYZol86NhpZc=
Subject key identifier:   65:62:85:66:BB:43:D6:C3:9D:BB:73:7B:5C:58:B5:FC:56:09:59:F8
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6175BEBE41604E68E9A0487D7B441BD50F9C46E9
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/af93e150-9469-47eb-8185-3ff03d87db06.roa
Signing time:             Mon 26 May 2025 15:10:38 +0000
ROA not before:           Mon 26 May 2025 15:10:38 +0000
ROA not after:            Mon 30 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:f000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:75:be:be:41:60:4e:68:e9:a0:48:7d:7b:44:1b:d5:0f:9c:46:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 26 15:10:38 2025 GMT
            Not After : Jun 30 23:59:59 2025 GMT
        Subject: serialNumber=9810f450bee22a077b7f1364fc97d616bdc2775cdd768032f8820426059d9992, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3d:ca:e6:92:b4:9f:da:e1:2c:52:a1:12:06:
                    53:8c:6c:e6:31:71:77:8e:1d:8d:c5:8b:20:fe:c9:
                    0a:97:fb:48:f1:d3:1e:51:e0:bf:c5:f9:8a:30:ba:
                    43:a0:61:45:a7:46:1d:4d:27:16:e7:da:99:7a:0e:
                    72:58:ab:e4:4d:8d:7f:c0:f1:2e:e5:a6:61:b7:cd:
                    80:fb:cf:e3:5a:53:b2:77:6c:b1:3c:2d:bd:78:d6:
                    7a:76:f7:54:9b:e2:35:c2:96:5e:99:32:9e:6e:cf:
                    30:ad:99:09:3f:8c:9e:d5:5e:5d:22:d1:df:a5:4f:
                    b4:49:6a:75:d0:bf:d9:db:cf:5a:7c:7e:fa:5b:b9:
                    8e:43:d5:fb:5b:c0:d9:57:0e:20:43:75:c8:1f:c6:
                    3e:55:d8:9f:d9:7d:03:40:b1:d3:e6:06:ea:26:27:
                    15:22:71:a0:45:37:83:a8:89:b1:38:17:bf:84:a1:
                    3f:6e:b5:51:5b:2e:d1:e6:48:6a:05:a5:ab:73:a9:
                    0d:f1:e9:6e:78:66:b1:7a:f1:c3:fb:1a:64:74:b4:
                    16:60:4c:e4:1c:ec:d3:6c:14:94:77:62:e3:49:b4:
                    2c:a4:e2:f0:fa:d3:f7:39:17:b7:3e:d1:97:c7:49:
                    cf:de:a3:db:e0:fc:97:0f:d1:77:a6:c1:d8:74:71:
                    ef:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:62:85:66:BB:43:D6:C3:9D:BB:73:7B:5C:58:B5:FC:56:09:59:F8
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/af93e150-9469-47eb-8185-3ff03d87db06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:00:77:46:a2:56:7e:8c:eb:2f:00:7c:ab:26:fd:b5:8b:4c:
         52:ec:12:3c:02:9b:84:01:c4:e5:94:76:b3:ab:30:d6:51:d2:
         85:82:4c:b5:e2:cf:42:82:1e:37:7a:f8:6b:9c:d1:39:a6:28:
         a2:f7:5c:e7:21:5d:53:b8:ce:a7:bf:e4:6e:0c:47:68:b2:59:
         83:6a:57:c0:be:2b:4f:c6:db:e1:ca:0a:46:6c:6e:68:16:a7:
         31:75:6e:b2:14:61:ab:9f:40:fa:01:d2:b7:37:53:e9:1e:2c:
         85:3f:f5:1c:53:af:04:a0:20:97:21:b6:53:76:2e:e1:e3:1a:
         4f:0f:65:bb:91:1d:26:3f:3b:4f:e6:cf:0d:6f:7d:95:73:0c:
         f6:d2:fc:6d:45:a0:57:64:9b:02:6e:99:4d:23:34:c8:d6:29:
         d4:40:a1:76:6d:17:51:9a:47:c3:e6:85:cc:bb:da:a5:f1:35:
         9d:84:69:4f:f2:7a:ed:c7:c2:cf:5d:ae:b2:3f:ad:18:49:bb:
         3a:f1:c6:9f:d4:d3:38:d9:20:99:77:37:c1:59:c7:76:28:75:
         d7:44:f5:25:4e:c9:24:a0:7b:aa:3d:f4:a1:c4:96:d0:8b:ee:
         87:6e:22:56:37:54:8c:85:d7:a9:00:9f:1d:16:93:75:2d:1e:
         2c:f7:2e:e1
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUYXW+vkFgTmjpoEh9e0Qb1Q+cRukwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTI2MTUxMDM4WhcNMjUwNjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODEwZjQ1MGJlZTIyYTA3N2I3ZjEzNjRmYzk3ZDYxNmJk
YzI3NzVjZGQ3NjgwMzJmODgyMDQyNjA1OWQ5OTkyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxPcrmkrSf2uEsUqESBlOMbOYxcXeOHY3FiyD+yQqX+0jx
0x5R4L/F+YowukOgYUWnRh1NJxbn2pl6DnJYq+RNjX/A8S7lpmG3zYD7z+NaU7J3
bLE8Lb141np291Sb4jXCll6ZMp5uzzCtmQk/jJ7VXl0i0d+lT7RJanXQv9nbz1p8
fvpbuY5D1ftbwNlXDiBDdcgfxj5V2J/ZfQNAsdPmBuomJxUicaBFN4OoibE4F7+E
oT9utVFbLtHmSGoFpatzqQ3x6W54ZrF68cP7GmR0tBZgTOQc7NNsFJR3YuNJtCyk
4vD60/c5F7c+0ZfHSc/eo9vg/JcP0Xemwdh0ce/VAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZWKFZrtD1sOdu3N7XFi1/FYJWfgwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2FmOTNlMTUwLTk0NjktNDdlYi04MTg1LTNmZjAzZDg3ZGIwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPD78AAwDQYJKoZIhvcNAQELBQADggEBAB4Ad0aiVn6M6y8AfKsm/bWL
TFLsEjwCm4QBxOWUdrOrMNZR0oWCTLXiz0KCHjd6+Guc0TmmKKL3XOchXVO4zqe/
5G4MR2iyWYNqV8C+K0/G2+HKCkZsbmgWpzF1brIUYaufQPoB0rc3U+keLIU/9RxT
rwSgIJchtlN2LuHjGk8PZbuRHSY/O0/mzw1vfZVzDPbS/G1FoFdkmwJumU0jNMjW
KdRAoXZtF1GaR8Pmhcy72qXxNZ2EaU/yeu3Hws9drrI/rRhJuzrxxp/U0zjZIJl3
N8FZx3YodddE9SVOySSge6o99KHEltCL7oduIlY3VIyF16kAnx0Wk3UtHiz3LuE=
-----END CERTIFICATE-----