Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5709ea0-6bb9-4753-913b-299185e04aba.roa
File:                     c5709ea0-6bb9-4753-913b-299185e04aba.roa (raw, json)
Hash identifier:          0cZWs96WpM9j5JB1VK4Eor/5dDvMjuC0aXEN/ctzWnM=
Subject key identifier:   33:8D:ED:EB:0F:C7:78:5D:31:73:B0:AE:9E:25:03:BB:92:09:88:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E70E621948D1A4AEF5C3593E491968DC020D968
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5709ea0-6bb9-4753-913b-299185e04aba.roa
Signing time:             Tue 08 Jul 2025 15:50:30 +0000
ROA not before:           Tue 08 Jul 2025 15:50:30 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f69:8080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:70:e6:21:94:8d:1a:4a:ef:5c:35:93:e4:91:96:8d:c0:20:d9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 15:50:30 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=859b8ceb45c2f48155e84b8f7e57d00b4c8c41cc5f151f5e5e7a409488fe92f1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:08:63:ec:23:5a:04:e6:fd:d7:36:84:ed:af:
                    ff:76:55:94:c7:c4:c9:f4:0b:10:d3:f4:93:2e:52:
                    43:21:be:f1:ab:ea:bc:20:63:34:99:d9:3f:13:b3:
                    03:1b:9a:af:0c:dc:72:4b:84:c7:4a:97:64:5b:04:
                    12:b5:d8:5a:80:4e:02:72:7b:0d:9a:8e:36:fc:7f:
                    de:55:84:fa:7e:42:15:f1:b8:47:7d:6e:6b:9c:70:
                    e2:71:b6:eb:91:66:53:51:f2:37:46:29:84:49:85:
                    af:12:5b:45:65:3c:5b:82:25:fe:0d:b5:e6:a8:a8:
                    d0:cb:44:be:0f:b7:f1:3d:f4:99:ff:a1:ac:9f:e5:
                    dc:9f:2c:70:23:99:75:bf:d9:98:ef:68:a1:ee:cf:
                    d3:55:91:ab:19:a2:f1:d3:32:b2:e7:a7:b7:43:2d:
                    b9:ef:3c:93:e4:c7:9b:36:59:fe:e3:8b:de:28:67:
                    33:c1:75:fd:d9:7b:05:fe:c3:fb:d9:25:3e:ac:4c:
                    08:12:95:f1:b8:12:ab:9c:cc:9b:ba:11:c3:8c:be:
                    02:44:5e:47:fc:3f:e8:ad:a8:6f:6c:df:5e:34:5a:
                    56:4b:96:c4:9d:c6:d1:54:55:84:23:e8:fd:15:26:
                    2a:99:31:27:76:51:df:f9:de:8a:e0:1d:ec:cb:55:
                    76:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:8D:ED:EB:0F:C7:78:5D:31:73:B0:AE:9E:25:03:BB:92:09:88:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5709ea0-6bb9-4753-913b-299185e04aba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:8080::/46

    Signature Algorithm: sha256WithRSAEncryption
         6f:d8:dc:61:c2:3d:df:11:d8:6a:aa:4e:4e:ea:2d:ea:f3:ea:
         ae:2f:c4:fc:24:a9:1f:3d:1f:b8:d1:0d:92:67:a1:9c:80:9d:
         ae:e9:b6:88:6c:f7:d9:5a:e5:41:ca:25:57:8a:7b:70:9e:1d:
         97:c0:de:4a:27:6c:09:e5:af:1d:06:93:b3:59:58:97:98:cc:
         5d:13:e6:61:ce:82:d9:13:80:0d:77:ec:eb:8c:bc:a8:e4:7a:
         95:9f:ac:c8:a2:74:3d:8b:ec:d6:d2:4f:a1:4a:fc:cd:11:3a:
         c6:d0:1d:8a:59:29:2f:74:ce:7d:28:64:90:c5:46:49:76:54:
         d5:f9:26:99:1b:9e:d5:78:e9:c6:79:b3:4a:90:29:4e:c5:36:
         4b:26:85:2e:78:2c:37:75:ef:60:1c:0d:92:f3:8c:af:f1:eb:
         6b:0c:f5:ee:82:cb:fe:57:db:61:3f:c2:0a:6a:8b:3a:66:7a:
         02:c2:25:d9:0e:f3:a2:69:03:86:15:10:f9:18:6f:28:52:37:
         84:73:7d:8f:dc:2f:e9:c8:e5:31:16:b8:93:fa:ff:6a:d0:be:
         9d:58:84:d4:f0:c2:49:03:60:af:04:65:1c:c7:f8:cd:8c:3e:
         b4:80:36:b6:01:21:67:6c:23:d0:d5:70:c4:a6:41:c2:51:c6:
         cf:5d:6e:f6
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUbnDmIZSNGkrvXDWT5JGWjcAg2WgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MTU1MDMwWhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTliOGNlYjQ1YzJmNDgxNTVlODRiOGY3ZTU3ZDAwYjRj
OGM0MWNjNWYxNTFmNWU1ZTdhNDA5NDg4ZmU5MmYxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeCGPsI1oE5v3XNoTtr/92VZTHxMn0CxDT9JMuUkMhvvGr
6rwgYzSZ2T8TswMbmq8M3HJLhMdKl2RbBBK12FqATgJyew2ajjb8f95VhPp+QhXx
uEd9bmuccOJxtuuRZlNR8jdGKYRJha8SW0VlPFuCJf4NteaoqNDLRL4Pt/E99Jn/
oayf5dyfLHAjmXW/2ZjvaKHuz9NVkasZovHTMrLnp7dDLbnvPJPkx5s2Wf7ji94o
ZzPBdf3ZewX+w/vZJT6sTAgSlfG4EquczJu6EcOMvgJEXkf8P+itqG9s3140WlZL
lsSdxtFUVYQj6P0VJiqZMSd2Ud/53orgHezLVXb/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUM43t6w/HeF0xc7CuniUDu5IJiA8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1NzA5ZWEwLTZiYjktNDc1My05MTNiLTI5OTE4NWUwNGFiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB9pgIAwDQYJKoZIhvcNAQELBQADggEBAG/Y3GHCPd8R2GqqTk7qLerz
6q4vxPwkqR89H7jRDZJnoZyAna7ptohs99la5UHKJVeKe3CeHZfA3konbAnlrx0G
k7NZWJeYzF0T5mHOgtkTgA137OuMvKjkepWfrMiidD2L7NbST6FK/M0ROsbQHYpZ
KS90zn0oZJDFRkl2VNX5JpkbntV46cZ5s0qQKU7FNksmhS54LDd172AcDZLzjK/x
62sM9e6Cy/5X22E/wgpqizpmegLCJdkO86JpA4YVEPkYbyhSN4RzfY/cL+nI5TEW
uJP6/2rQvp1YhNTwwkkDYK8EZRzH+M2MPrSANrYBIWdsI9DVcMSmQcJRxs9dbvY=
-----END CERTIFICATE-----