Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa
File:                     cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa (raw, json)
Hash identifier:          /DzFMsI/AxyX7Dva8LdDXLNfZBoXjSpy6gB6v0OZLUc=
Subject key identifier:   B1:F4:65:6B:0F:74:57:C8:CC:8E:F8:35:F8:3E:26:90:20:E3:9B:1F
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6AD28A0D6F4EA62E1DB39061279E348FA5982344
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa
Signing time:             Fri 25 Apr 2025 17:50:23 +0000
ROA not before:           Fri 25 Apr 2025 17:50:23 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5518::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:d2:8a:0d:6f:4e:a6:2e:1d:b3:90:61:27:9e:34:8f:a5:98:23:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 25 17:50:23 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=5669dcd6f82dbf314351c43703454ce5197b2f1ca9caf2886bb8ed9f9d2778ff, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:95:c7:b8:97:2a:55:91:c9:c4:77:68:f1:1b:
                    09:30:45:31:0c:61:ff:94:ca:52:08:0b:39:79:e9:
                    e7:49:be:66:1e:8f:57:98:86:df:ef:da:0c:29:93:
                    6b:0b:74:79:f3:5d:1c:3e:3e:3d:63:4f:c6:6c:e7:
                    d6:4f:f5:8c:61:56:73:81:f0:25:cf:56:96:b6:c4:
                    e5:fb:1e:0c:92:99:83:88:ef:2b:c4:83:46:51:4f:
                    15:0c:8e:4c:af:02:3b:9b:af:ce:75:82:bf:bb:c0:
                    02:f3:eb:ac:40:56:fd:db:2d:6b:28:44:f3:8b:d1:
                    89:02:81:ac:8a:b5:30:6e:a9:56:65:f0:87:73:e6:
                    03:89:7a:c6:73:48:e2:63:d9:d8:f9:e5:06:e6:b2:
                    ec:18:c4:7a:d9:0d:cb:d8:8a:01:40:b6:ad:95:5c:
                    11:30:a6:6b:97:84:eb:61:04:72:52:35:1b:80:d5:
                    23:56:4c:e9:61:70:aa:24:24:d5:6a:ba:e1:52:a6:
                    08:e4:5b:4b:fb:62:20:24:12:67:8d:b6:18:0c:31:
                    62:e1:2f:46:06:55:66:52:d6:6e:3c:be:19:4e:0f:
                    92:e7:6e:d3:e9:d9:59:f0:3a:f5:73:4c:6a:79:5a:
                    34:31:a7:22:3b:a2:44:11:05:77:7a:08:ee:bb:13:
                    81:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F4:65:6B:0F:74:57:C8:CC:8E:F8:35:F8:3E:26:90:20:E3:9B:1F
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5518::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:2f:56:97:dd:59:2d:2a:a4:55:8d:8f:fc:3e:a3:3b:82:b4:
         a6:08:ba:52:07:5a:62:d6:24:80:db:77:28:44:55:a6:95:1e:
         db:50:df:eb:65:02:f3:3b:7f:f8:64:31:e6:23:7a:29:ba:d6:
         3a:67:3f:12:08:b5:36:cc:a1:b4:5f:29:44:63:46:bc:db:a9:
         0e:ca:7e:7b:d4:85:56:5d:fb:30:78:7a:53:6f:2e:f0:69:1c:
         fe:cd:6b:c2:d1:33:65:17:71:da:f4:88:ea:5c:3c:db:cb:f9:
         df:3f:55:98:eb:91:cc:b0:82:a6:0b:58:36:cf:48:ff:e9:54:
         fc:cc:ca:f8:fb:7b:05:6d:e2:a2:e9:47:70:38:e2:8c:b7:1f:
         fe:10:ca:ff:cd:73:2f:a1:31:17:8b:2a:c1:3f:d7:8d:42:9f:
         b5:ef:df:fc:10:0f:af:dd:6d:1e:c0:9c:e6:05:d5:3a:c3:81:
         21:0f:01:2f:b6:b6:78:88:32:24:1e:dc:7c:2c:be:e0:9b:1d:
         6c:f2:7d:ff:ae:4e:e6:35:4f:2a:ee:e3:0c:05:01:e0:a6:2f:
         ef:78:8a:33:e0:dc:67:62:56:d7:7a:73:48:2b:ac:08:61:3d:
         e1:74:e1:e2:74:4f:fc:5a:dc:b0:bd:8c:96:a8:4f:c0:02:22:
         c4:d4:99:11
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUatKKDW9Opi4ds5BhJ540j6WYI0QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNDI1MTc1MDIzWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjY5ZGNkNmY4MmRiZjMxNDM1MWM0MzcwMzQ1NGNlNTE5
N2IyZjFjYTljYWYyODg2YmI4ZWQ5ZjlkMjc3OGZmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2lce4lypVkcnEd2jxGwkwRTEMYf+UylIICzl56edJvmYe
j1eYht/v2gwpk2sLdHnzXRw+Pj1jT8Zs59ZP9YxhVnOB8CXPVpa2xOX7HgySmYOI
7yvEg0ZRTxUMjkyvAjubr851gr+7wALz66xAVv3bLWsoRPOL0YkCgayKtTBuqVZl
8Idz5gOJesZzSOJj2dj55QbmsuwYxHrZDcvYigFAtq2VXBEwpmuXhOthBHJSNRuA
1SNWTOlhcKokJNVquuFSpgjkW0v7YiAkEmeNthgMMWLhL0YGVWZS1m48vhlOD5Ln
btPp2VnwOvVzTGp5WjQxpyI7okQRBXd6CO67E4F3AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUsfRlaw90V8jMjvg1+D4mkCDjmx8wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2NiZjQzZDk5LTRkMDEtNGQyNC1hZGE5LTZlMzQzNjhkMWQ3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRgwDQYJKoZIhvcNAQELBQADggEBAHEvVpfdWS0qpFWNj/w+ozuC
tKYIulIHWmLWJIDbdyhEVaaVHttQ3+tlAvM7f/hkMeYjeim61jpnPxIItTbMobRf
KURjRrzbqQ7KfnvUhVZd+zB4elNvLvBpHP7Na8LRM2UXcdr0iOpcPNvL+d8/VZjr
kcywgqYLWDbPSP/pVPzMyvj7ewVt4qLpR3A44oy3H/4Qyv/Ncy+hMReLKsE/141C
n7Xv3/wQD6/dbR7AnOYF1TrDgSEPAS+2tniIMiQe3HwsvuCbHWzyff+uTuY1Tyru
4wwFAeCmL+94ijPg3GdiVtd6c0grrAhhPeF04eJ0T/xa3LC9jJaoT8ACIsTUmRE=
-----END CERTIFICATE-----