Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd071994-2f6d-4abe-9d59-0adb3a6c8a49.roa
File:                     bd071994-2f6d-4abe-9d59-0adb3a6c8a49.roa (raw, json)
Hash identifier:          2j+eA2e/h4D7Nnu/bwEzWDvbBs8N4O4dtPtn1UzOY8Q=
Subject key identifier:   C5:81:0C:A1:24:A1:4A:02:D5:A9:3C:C0:90:9A:C4:5E:64:3A:94:EE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45C8D76F783F66E6998CCA6CD95B9C86A226D491
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd071994-2f6d-4abe-9d59-0adb3a6c8a49.roa
Signing time:             Fri 28 Mar 2025 17:20:51 +0000
ROA not before:           Fri 28 Mar 2025 17:20:51 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f14:4000::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:c8:d7:6f:78:3f:66:e6:99:8c:ca:6c:d9:5b:9c:86:a2:26:d4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 17:20:51 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d8:d8:d9:ad:64:5d:4f:a3:13:3f:8d:f3:52:
                    c9:e9:0e:43:3a:81:70:9d:fb:5c:fe:8b:a6:99:0a:
                    dd:c3:8c:41:d1:4a:b3:91:b5:d8:dc:77:12:53:84:
                    14:f6:80:f0:a4:e9:c1:41:66:7a:a7:45:55:d6:cc:
                    d7:38:03:9b:82:2f:be:4f:79:1a:16:14:48:9f:99:
                    28:f2:f2:5c:21:c8:23:32:b3:b7:26:74:98:4e:b9:
                    b6:50:e4:0e:74:7f:8a:ec:56:11:aa:fc:0e:4a:07:
                    35:b4:2b:cc:58:db:f7:ae:f9:62:1b:c3:e7:57:e1:
                    a1:78:0d:bf:54:fb:a0:d4:98:3b:7b:01:7b:db:d8:
                    24:1e:06:83:58:6d:b9:a3:75:37:47:f7:64:0e:a4:
                    a2:13:63:0a:3e:81:e0:f2:e9:4a:52:48:0a:ab:06:
                    65:30:c7:af:6c:c5:9d:80:d0:4a:79:5e:e4:24:d3:
                    06:2b:7d:c2:14:dd:c4:2a:16:11:91:fb:f7:00:bb:
                    a9:2e:47:76:45:8b:fd:4e:d0:45:51:49:b9:63:89:
                    83:41:66:6d:7d:f4:cf:e4:0d:85:5b:00:ab:1f:71:
                    a9:39:c3:fd:23:b7:a0:68:a5:ea:43:21:68:6f:97:
                    49:66:99:00:39:ee:61:a3:fb:a1:51:7e:e8:bd:fe:
                    27:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:81:0C:A1:24:A1:4A:02:D5:A9:3C:C0:90:9A:C4:5E:64:3A:94:EE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd071994-2f6d-4abe-9d59-0adb3a6c8a49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f14:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         87:5a:8f:97:9f:c8:d5:4e:8f:5e:4e:f0:03:8f:ae:7a:86:3d:
         b1:be:7d:43:97:e9:d0:0e:f7:97:39:cc:34:e3:3a:97:0e:d7:
         65:f8:b8:32:02:e7:c7:f2:68:61:fb:b0:e9:a9:0a:16:f9:50:
         5a:24:06:a6:1a:09:f4:d9:53:68:0d:f9:55:bd:f3:cf:72:e8:
         9e:a9:f0:ad:45:a0:7a:f0:d0:6e:33:cf:0f:cc:63:62:2f:ff:
         72:29:5d:b9:58:b8:ed:fb:4c:f9:b5:0b:4d:b9:6e:0b:31:e1:
         ed:bb:3e:df:2a:f3:51:bf:a2:5e:d6:e3:2a:ce:78:71:8d:eb:
         99:1d:13:75:22:a0:ef:1d:30:8a:ca:29:14:04:3c:cd:2b:fd:
         d1:9c:fa:94:39:29:05:e9:4d:78:c3:bf:d1:98:77:59:5c:97:
         1c:ec:a0:e3:a5:9f:f3:20:b0:d0:c5:5e:25:3e:f5:be:35:10:
         cd:0e:b9:9d:dc:ee:b8:7b:16:4e:c2:63:8b:73:92:69:47:22:
         e5:7f:7b:4a:59:c8:57:da:19:72:87:0c:47:af:67:9b:cf:19:
         b3:22:d9:4b:71:03:6c:e1:72:65:26:c8:81:07:13:82:56:ec:
         fb:a0:3d:7a:39:58:ec:f0:62:72:b8:e6:86:f2:f8:71:23:bf:
         03:73:ad:56
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURcjXb3g/ZuaZjMps2VuchqIm1JEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTcyMDUxWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDEzZTUzMTlkYTg2ZjYwOWFkMDYyZTY5YzJkMTdhNDVj
ODQxNmU3YThkYzUxNmRlYjU3ODc3NDE1YTcwOTUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC72NjZrWRdT6MTP43zUsnpDkM6gXCd+1z+i6aZCt3DjEHR
SrORtdjcdxJThBT2gPCk6cFBZnqnRVXWzNc4A5uCL75PeRoWFEifmSjy8lwhyCMy
s7cmdJhOubZQ5A50f4rsVhGq/A5KBzW0K8xY2/eu+WIbw+dX4aF4Db9U+6DUmDt7
AXvb2CQeBoNYbbmjdTdH92QOpKITYwo+geDy6UpSSAqrBmUwx69sxZ2A0Ep5XuQk
0wYrfcIU3cQqFhGR+/cAu6kuR3ZFi/1O0EVRSbljiYNBZm199M/kDYVbAKsfcak5
w/0jt6BopepDIWhvl0lmmQA57mGj+6FRfui9/ic1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUxYEMoSShSgLVqTzAkJrEXmQ6lO4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkMDcxOTk0LTJmNmQtNGFiZS05ZDU5LTBhZGIzYTZjOGE0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8UQDANBgkqhkiG9w0BAQsFAAOCAQEAh1qPl5/I1U6PXk7wA4+ueoY9
sb59Q5fp0A73lznMNOM6lw7XZfi4MgLnx/JoYfuw6akKFvlQWiQGphoJ9NlTaA35
Vb3zz3LonqnwrUWgevDQbjPPD8xjYi//cilduVi47ftM+bULTbluCzHh7bs+3yrz
Ub+iXtbjKs54cY3rmR0TdSKg7x0wisopFAQ8zSv90Zz6lDkpBelNeMO/0Zh3WVyX
HOyg46Wf8yCw0MVeJT71vjUQzQ65ndzuuHsWTsJji3OSaUci5X97SlnIV9oZcocM
R69nm88ZsyLZS3EDbOFyZSbIgQcTglbs+6A9ejlY7PBicrjmhvL4cSO/A3OtVg==
-----END CERTIFICATE-----