Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c8a22460-1c12-4314-8b13-6a586edac27c.roa
File:                     c8a22460-1c12-4314-8b13-6a586edac27c.roa (raw, json)
Hash identifier:          W9P+35goa8o3yjgyGMMZ/ZBIP1VYcoyeHNo1SXgvhBo=
Subject key identifier:   A8:DB:54:55:6C:2F:25:45:50:1A:FC:A9:FF:F6:99:E5:E2:1E:F1:52
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       43D05749C09049604FD89263BB4A594B77014652
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c8a22460-1c12-4314-8b13-6a586edac27c.roa
Signing time:             Fri 25 Apr 2025 18:01:08 +0000
ROA not before:           Fri 25 Apr 2025 18:01:08 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ec00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d0:57:49:c0:90:49:60:4f:d8:92:63:bb:4a:59:4b:77:01:46:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 25 18:01:08 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=383f34ef6ed88a0b8ffef9b476cb0fda8856fd66b6f9f9784bde785329809e88, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:48:d9:48:cb:09:98:d1:a7:f4:3f:68:52:5c:
                    67:f0:1c:0b:2e:b0:57:a5:28:59:71:2b:54:e7:8e:
                    52:b4:6f:50:87:4c:0b:20:c7:1c:5d:d3:57:4d:0c:
                    94:dc:d0:59:88:23:74:30:d8:32:ea:89:cf:0d:30:
                    93:d4:3b:05:91:52:04:24:f0:de:9b:3f:32:a9:ef:
                    0d:a6:61:ec:83:a9:6d:30:bd:08:a1:29:19:ec:8c:
                    92:41:68:28:1b:02:eb:24:a3:50:94:d4:cf:1d:88:
                    7d:d5:57:e6:e6:d0:c2:91:1d:31:69:a2:ae:f6:0b:
                    d7:ec:9d:28:07:86:ad:a9:28:94:33:c2:bd:3a:b2:
                    c8:f2:61:04:20:86:4c:b3:46:29:df:45:35:dd:ac:
                    60:cd:eb:69:c5:a4:f7:7a:a9:ce:29:b5:47:b3:c2:
                    5b:c5:53:f4:f0:59:53:c3:3e:c1:a9:41:d4:42:18:
                    a8:11:cf:5a:b6:9c:16:8d:74:60:a7:45:ea:e5:83:
                    62:54:77:b9:70:77:19:6b:ae:96:f0:0f:88:c9:d5:
                    45:5b:75:5e:c5:ad:54:4f:0b:3b:93:9b:26:65:25:
                    ea:b8:9c:37:c1:e7:48:4b:c8:19:eb:8d:0f:31:41:
                    cb:4f:0b:a8:d5:76:ef:26:62:2c:fd:eb:16:f1:48:
                    60:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:DB:54:55:6C:2F:25:45:50:1A:FC:A9:FF:F6:99:E5:E2:1E:F1:52
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c8a22460-1c12-4314-8b13-6a586edac27c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:78:e9:e9:ce:c7:93:5b:f3:e7:f2:ce:7b:22:bc:76:dd:9f:
         c9:2f:9a:6b:09:4b:67:98:68:43:89:df:e7:b5:50:e4:de:2f:
         80:1e:57:cc:f0:8e:22:f4:21:0a:5f:50:4b:85:d6:da:b3:2b:
         b8:c6:30:c4:b6:21:15:d9:5b:3e:77:57:87:8f:64:f3:e0:e8:
         25:92:7b:d9:c8:3f:d7:3e:31:6e:84:98:e1:89:aa:fb:3b:24:
         7e:08:3c:96:3f:63:fd:83:53:18:9d:60:de:fe:7b:08:c8:a3:
         92:67:d9:29:ec:f1:76:a3:d4:30:b9:2b:a6:1b:cb:c6:8e:d9:
         3d:bb:23:96:83:aa:10:bc:ef:ca:b1:e5:0a:30:61:2d:dc:11:
         2d:fb:07:8a:14:bd:e0:88:1d:8e:01:e3:f9:c5:02:2e:3d:0b:
         bb:28:7c:13:80:a4:37:0c:47:b7:9a:40:0d:e6:b9:ab:e4:24:
         5b:2f:25:01:44:70:26:19:f8:a8:cd:6f:31:bd:61:e3:ca:5a:
         ac:c3:8e:ec:36:9c:4a:61:7a:29:65:75:7e:20:fb:3c:aa:d7:
         51:35:6d:11:a0:e7:e9:e1:2f:8a:8c:3d:81:96:a1:68:33:bd:
         b8:e1:0d:20:3f:19:51:09:2d:6c:b6:42:e5:af:36:76:8a:ed:
         d3:f7:ab:37
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQ9BXScCQSWBP2JJju0pZS3cBRlIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNDI1MTgwMTA4WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzODNmMzRlZjZlZDg4YTBiOGZmZWY5YjQ3NmNiMGZkYTg4
NTZmZDY2YjZmOWY5Nzg0YmRlNzg1MzI5ODA5ZTg4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9SNlIywmY0af0P2hSXGfwHAsusFelKFlxK1TnjlK0b1CH
TAsgxxxd01dNDJTc0FmII3Qw2DLqic8NMJPUOwWRUgQk8N6bPzKp7w2mYeyDqW0w
vQihKRnsjJJBaCgbAusko1CU1M8diH3VV+bm0MKRHTFpoq72C9fsnSgHhq2pKJQz
wr06ssjyYQQghkyzRinfRTXdrGDN62nFpPd6qc4ptUezwlvFU/TwWVPDPsGpQdRC
GKgRz1q2nBaNdGCnRerlg2JUd7lwdxlrrpbwD4jJ1UVbdV7FrVRPCzuTmyZlJeq4
nDfB50hLyBnrjQ8xQctPC6jVdu8mYiz96xbxSGAPAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqNtUVWwvJUVQGvyp//aZ5eIe8VIwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2M4YTIyNDYwLTFjMTItNDMxNC04YjEzLTZhNTg2ZWRhYzI3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD77DANBgkqhkiG9w0BAQsFAAOCAQEAfHjp6c7Hk1vz5/LOeyK8dt2f
yS+aawlLZ5hoQ4nf57VQ5N4vgB5XzPCOIvQhCl9QS4XW2rMruMYwxLYhFdlbPndX
h49k8+DoJZJ72cg/1z4xboSY4Ymq+zskfgg8lj9j/YNTGJ1g3v57CMijkmfZKezx
dqPUMLkrphvLxo7ZPbsjloOqELzvyrHlCjBhLdwRLfsHihS94IgdjgHj+cUCLj0L
uyh8E4CkNwxHt5pADea5q+QkWy8lAURwJhn4qM1vMb1h48parMOO7DacSmF6KWV1
fiD7PKrXUTVtEaDn6eEviow9gZahaDO9uOENID8ZUQktbLZC5a82dort0/erNw==
-----END CERTIFICATE-----