Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a31abf8e-abb9-416e-89b1-647842c3d07d.roa
File:                     a31abf8e-abb9-416e-89b1-647842c3d07d.roa (raw, json)
Hash identifier:          8HFuj5a5QPAsYCq2DDUTeaEIbd9aEABBOKp0DXEcNKM=
Subject key identifier:   89:7D:C3:42:22:53:2C:90:C0:0C:26:6D:14:30:AA:09:D2:37:34:3E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0BE49F37BBD204F02CF689C77434234E470E21E7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a31abf8e-abb9-416e-89b1-647842c3d07d.roa
Signing time:             Tue 08 Jul 2025 16:12:03 +0000
ROA not before:           Tue 08 Jul 2025 16:12:03 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffb:2000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:e4:9f:37:bb:d2:04:f0:2c:f6:89:c7:74:34:23:4e:47:0e:21:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 16:12:03 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=1041f271a57d9baf00e546a215c3bc10d1efcb45f3a6a3443cae0f7eedc1461a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:dd:b3:d6:11:4b:06:8e:9e:01:b9:b3:19:7d:
                    e6:2a:ed:c2:e8:99:31:d5:42:3d:10:db:8e:fb:18:
                    4e:7b:53:a0:0f:51:6a:40:44:11:ba:24:fb:62:9e:
                    a9:a2:6b:7d:60:0c:60:2f:0d:94:37:75:1d:1c:f2:
                    89:ee:9d:49:d0:be:96:86:4a:03:27:9c:cb:12:34:
                    97:dc:58:9e:e2:17:e6:63:a3:3b:30:d5:c1:f0:d8:
                    2f:27:5f:37:e8:f3:b2:3b:ef:ef:d3:d2:b5:88:67:
                    b6:6a:79:61:9d:49:dc:f0:29:8d:0d:c7:c9:e1:4a:
                    95:46:5d:b3:52:e9:a3:39:ec:a1:29:32:77:dc:04:
                    22:22:b2:d1:61:4c:70:42:78:e5:bb:d7:09:3a:eb:
                    bf:fe:6d:a2:03:d9:53:7d:8f:1d:d2:a2:4d:5d:c4:
                    c3:e1:50:d5:14:87:82:41:76:d7:cd:a8:6a:22:dc:
                    b0:43:d1:d8:f8:8c:46:eb:b1:b2:5d:7b:ff:0d:b9:
                    2c:f4:50:d2:b3:4d:18:c3:8a:f9:ae:de:f4:2f:26:
                    ca:94:de:f7:01:cf:7a:80:55:49:80:39:83:ea:c7:
                    04:c6:97:7f:2a:45:28:8b:a7:c1:cb:0d:e0:ee:ac:
                    88:d3:5b:54:f8:d1:32:ed:44:29:e5:7a:b9:c4:3d:
                    4d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:7D:C3:42:22:53:2C:90:C0:0C:26:6D:14:30:AA:09:D2:37:34:3E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a31abf8e-abb9-416e-89b1-647842c3d07d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ba:f3:ff:d0:4c:d6:63:a7:1e:d1:8d:fd:36:34:91:45:71:44:
         21:4a:98:01:b2:f0:39:45:59:a1:85:ce:13:d8:4c:5c:a6:59:
         68:7f:64:72:09:0e:e1:7e:b7:fd:a2:b5:6e:7d:8a:51:56:04:
         26:0b:6a:43:1e:61:5c:3b:b6:98:5d:6f:de:f4:b7:bf:41:9a:
         93:92:9e:5f:2c:37:58:e0:b9:d6:95:e0:1a:e3:50:a8:88:47:
         50:25:66:a9:25:59:82:74:49:3d:f5:63:ef:b3:30:d0:56:73:
         b5:bb:d4:ed:99:4c:42:de:d6:1b:18:6f:3d:04:33:bc:4c:b9:
         ec:89:26:20:ed:5a:f8:19:e4:e3:56:f4:2e:df:cc:03:9f:17:
         ff:ba:32:28:2c:d0:37:bb:ba:3c:74:df:5a:54:6e:35:19:71:
         0d:60:bd:b7:96:0f:94:9e:4f:3c:03:59:f2:95:87:42:a2:41:
         87:ae:a9:71:89:c5:3e:6e:8d:05:70:bd:22:7c:2f:f9:0e:e5:
         b1:b6:b0:a8:a5:58:4b:87:e0:61:e1:17:dc:a3:48:fa:b5:7d:
         38:7a:90:4d:0d:7f:06:31:cf:40:f6:02:bb:a6:d4:a2:d3:83:
         1b:9d:44:ea:b5:11:45:2a:1a:cc:a0:46:57:7b:4d:10:6c:b1:
         23:ca:e6:d5
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUC+SfN7vSBPAs9onHdDQjTkcOIecwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MTYxMjAzWhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMDQxZjI3MWE1N2Q5YmFmMDBlNTQ2YTIxNWMzYmMxMGQx
ZWZjYjQ1ZjNhNmEzNDQzY2FlMGY3ZWVkYzE0NjFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCf3bPWEUsGjp4BubMZfeYq7cLomTHVQj0Q2477GE57U6AP
UWpARBG6JPtinqmia31gDGAvDZQ3dR0c8onunUnQvpaGSgMnnMsSNJfcWJ7iF+Zj
ozsw1cHw2C8nXzfo87I77+/T0rWIZ7ZqeWGdSdzwKY0Nx8nhSpVGXbNS6aM57KEp
MnfcBCIistFhTHBCeOW71wk667/+baID2VN9jx3Sok1dxMPhUNUUh4JBdtfNqGoi
3LBD0dj4jEbrsbJde/8NuSz0UNKzTRjDivmu3vQvJsqU3vcBz3qAVUmAOYPqxwTG
l38qRSiLp8HLDeDurIjTW1T40TLtRCnlernEPU33AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUiX3DQiJTLJDADCZtFDCqCdI3ND4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzMWFiZjhlLWFiYjktNDE2ZS04OWIxLTY0Nzg0MmMzZDA3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/7IDANBgkqhkiG9w0BAQsFAAOCAQEAuvP/0EzWY6ce0Y39NjSRRXFE
IUqYAbLwOUVZoYXOE9hMXKZZaH9kcgkO4X63/aK1bn2KUVYEJgtqQx5hXDu2mF1v
3vS3v0Gak5KeXyw3WOC51pXgGuNQqIhHUCVmqSVZgnRJPfVj77Mw0FZztbvU7ZlM
Qt7WGxhvPQQzvEy57IkmIO1a+Bnk41b0Lt/MA58X/7oyKCzQN7u6PHTfWlRuNRlx
DWC9t5YPlJ5PPANZ8pWHQqJBh66pcYnFPm6NBXC9Inwv+Q7lsbawqKVYS4fgYeEX
3KNI+rV9OHqQTQ1/BjHPQPYCu6bUotODG51E6rURRSoazKBGV3tNEGyxI8rm1Q==
-----END CERTIFICATE-----
Generated at Mon Jul 21 18:14:08 2025 by rpki-client