Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/39d7aacd-f349-4a6b-a4b8-d829e9d29a4f.roa
File:                     39d7aacd-f349-4a6b-a4b8-d829e9d29a4f.roa (raw, json)
Hash identifier:          pJjcMU3/J0kvEWW+kAGIme6ZQcREXGXgobiTbBGvvDQ=
Subject key identifier:   C1:E6:66:4E:C7:D9:AA:75:D0:31:EE:B1:F0:AE:13:20:31:69:59:DB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       292B809AC2625D79C9FD6EB50452B58859CB1E9B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/39d7aacd-f349-4a6b-a4b8-d829e9d29a4f.roa
Signing time:             Tue 08 Jul 2025 16:00:15 +0000
ROA not before:           Tue 08 Jul 2025 16:00:15 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:40a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:2b:80:9a:c2:62:5d:79:c9:fd:6e:b5:04:52:b5:88:59:cb:1e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 16:00:15 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=1997483241a4db7ebe13bff1c75e0e7153bcaec598e42597f9142719b58d939c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4f:fa:f6:90:11:78:66:b8:4d:70:9f:a6:d6:
                    f9:62:23:2e:5d:17:0a:b6:3c:b0:3f:d7:6f:15:9f:
                    1f:e3:17:7c:7a:29:6f:2e:21:5a:94:c0:d5:83:f6:
                    be:4f:91:e6:f0:bf:18:4f:de:0d:94:10:51:7b:2b:
                    97:37:7e:1d:d1:6a:4b:03:4a:00:cd:68:08:b3:53:
                    9e:9b:10:86:1c:86:22:5f:9d:1e:49:ad:59:1c:59:
                    27:76:1d:a5:8a:29:b9:87:1d:be:fa:7c:19:c6:a7:
                    bd:e5:a9:6c:a7:e7:3d:2e:80:be:00:f8:0d:60:df:
                    15:90:02:88:2c:42:82:af:8b:0a:0d:d2:0d:71:12:
                    d8:a6:3f:a3:6c:9b:0c:70:f1:21:6e:c3:23:46:c7:
                    34:92:aa:4e:16:d6:df:4e:a8:2a:b1:9d:4e:17:b9:
                    61:1d:63:43:58:a4:a8:c8:54:36:ee:98:d3:93:70:
                    4b:d7:12:7d:c3:81:78:c9:8e:7b:2a:23:2a:a7:60:
                    6e:15:cc:1f:11:13:90:b9:16:d8:1f:bd:58:72:b4:
                    74:c6:0c:b6:9e:84:b3:1e:64:c5:64:78:17:26:e7:
                    65:a1:47:3d:18:43:be:41:bb:07:36:96:ed:a0:7b:
                    ba:8b:5a:af:07:d9:71:74:f3:26:b3:76:a4:24:59:
                    42:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E6:66:4E:C7:D9:AA:75:D0:31:EE:B1:F0:AE:13:20:31:69:59:DB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/39d7aacd-f349-4a6b-a4b8-d829e9d29a4f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:40a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:d4:c6:85:9b:23:fa:2a:4c:3e:16:29:2c:3c:19:06:63:14:
         cf:5f:5d:dc:7c:53:81:00:56:38:97:cd:d6:c7:86:54:63:14:
         77:a4:69:f0:ee:1b:36:7a:08:b1:b4:f7:a8:3c:39:08:20:25:
         08:15:31:a1:0a:d3:58:5c:37:4f:21:79:2f:59:14:ce:52:93:
         60:a1:61:44:c2:b0:04:f6:6c:76:d0:e7:1b:23:8a:17:0c:22:
         f5:ef:4a:bd:8c:02:a5:91:60:e9:8f:3a:ca:3e:36:ca:42:6e:
         1e:99:b8:28:74:5e:d6:b8:6e:12:53:fa:00:9c:c3:b7:64:42:
         d1:66:3b:fd:2c:83:45:a1:2c:2e:4a:b8:20:9b:f3:9e:bc:49:
         52:3e:3d:bb:ea:e3:ba:1d:d8:3e:66:a0:18:f7:e6:3c:cc:e3:
         d8:17:d0:65:0d:21:c6:b6:dd:7d:aa:1a:32:92:d5:fe:e5:5a:
         90:d2:5f:0e:66:7f:02:21:03:93:2d:87:ac:b9:c0:fc:b8:e7:
         c7:50:2f:c8:82:54:07:30:37:df:e6:53:ab:df:37:9c:f7:6e:
         3d:54:89:15:66:14:4c:a4:ae:4f:4d:76:9a:60:2b:97:b9:2a:
         bf:b7:10:c1:4c:fe:bd:29:51:f0:79:e7:40:16:05:69:53:4a:
         3b:27:9c:56
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKSuAmsJiXXnJ/W61BFK1iFnLHpswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MTYwMDE1WhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOTk3NDgzMjQxYTRkYjdlYmUxM2JmZjFjNzVlMGU3MTUz
YmNhZWM1OThlNDI1OTdmOTE0MjcxOWI1OGQ5MzljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWT/r2kBF4ZrhNcJ+m1vliIy5dFwq2PLA/128Vnx/jF3x6
KW8uIVqUwNWD9r5PkebwvxhP3g2UEFF7K5c3fh3RaksDSgDNaAizU56bEIYchiJf
nR5JrVkcWSd2HaWKKbmHHb76fBnGp73lqWyn5z0ugL4A+A1g3xWQAogsQoKviwoN
0g1xEtimP6Nsmwxw8SFuwyNGxzSSqk4W1t9OqCqxnU4XuWEdY0NYpKjIVDbumNOT
cEvXEn3DgXjJjnsqIyqnYG4VzB8RE5C5FtgfvVhytHTGDLaehLMeZMVkeBcm52Wh
Rz0YQ75Buwc2lu2ge7qLWq8H2XF08yazdqQkWUKXAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUweZmTsfZqnXQMe6x8K4TIDFpWdswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM5ZDdhYWNkLWYzNDktNGE2Yi1hNGI4LWQ4MjllOWQyOWE0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//QKAwDQYJKoZIhvcNAQELBQADggEBAF/UxoWbI/oqTD4WKSw8GQZj
FM9fXdx8U4EAVjiXzdbHhlRjFHekafDuGzZ6CLG096g8OQggJQgVMaEK01hcN08h
eS9ZFM5Sk2ChYUTCsAT2bHbQ5xsjihcMIvXvSr2MAqWRYOmPOso+NspCbh6ZuCh0
Xta4bhJT+gCcw7dkQtFmO/0sg0WhLC5KuCCb8568SVI+Pbvq47od2D5moBj35jzM
49gX0GUNIca23X2qGjKS1f7lWpDSXw5mfwIhA5Mth6y5wPy458dQL8iCVAcwN9/m
U6vfN5z3bj1UiRVmFEykrk9NdppgK5e5Kr+3EMFM/r0pUfB550AWBWlTSjsnnFY=
-----END CERTIFICATE-----