Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/22382750-431d-4ab9-aa08-e0f973e067f8.roa
File:                     22382750-431d-4ab9-aa08-e0f973e067f8.roa (raw, json)
Hash identifier:          4FMg5QxZk6ht8RipLABYQV2Z5R0vQT7t1RWwyML/+to=
Subject key identifier:   E3:C8:47:68:FF:CB:32:F5:52:01:5F:8C:2C:42:86:1B:45:09:0F:0D
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       7B18761DC226EDD26617BE7AE0D1797D48EB411A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/22382750-431d-4ab9-aa08-e0f973e067f8.roa
Signing time:             Mon 31 Mar 2025 19:00:12 +0000
ROA not before:           Mon 31 Mar 2025 19:00:12 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f00c::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:18:76:1d:c2:26:ed:d2:66:17:be:7a:e0:d1:79:7d:48:eb:41:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 19:00:12 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e3:b3:88:2c:45:00:86:5a:7e:d7:8b:d5:20:
                    60:8c:46:78:6b:78:6a:8f:3e:e7:54:2d:38:1c:06:
                    2a:b0:c3:bd:f1:84:e6:91:fd:80:cc:ad:75:99:07:
                    26:4a:0d:94:01:15:88:c0:1e:3e:e6:50:7d:f5:8f:
                    a1:bf:d5:4b:38:f3:66:e5:e4:97:7b:c1:23:be:b1:
                    6c:dc:a7:b6:84:1b:c9:15:bb:cb:26:64:ad:6c:34:
                    46:1f:fc:83:49:7d:3e:2f:37:c3:71:94:40:6b:f4:
                    4d:06:4b:de:cb:f2:c2:82:a0:8e:64:48:f4:46:4c:
                    3b:78:94:5b:51:07:23:4e:2d:09:aa:c2:d2:c7:59:
                    9b:64:75:3e:5e:00:2f:b4:ec:6b:ad:39:81:06:c6:
                    1d:0e:97:0b:02:a7:2d:ca:fd:85:63:13:94:e5:83:
                    95:1f:a6:e1:2a:d3:fe:72:55:eb:09:4e:61:8d:5c:
                    20:e6:fe:6e:a8:11:76:e0:1f:10:1d:98:96:38:a1:
                    1e:18:30:c3:52:ba:e8:c5:7d:b7:37:cc:58:ee:64:
                    04:f2:1f:20:3f:ad:ef:41:a3:00:02:44:e6:e5:93:
                    48:46:a5:f7:1a:12:f0:fa:f1:9d:24:61:27:a0:bf:
                    8d:85:64:1d:74:ee:f1:84:16:66:12:a4:4a:fc:64:
                    cb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C8:47:68:FF:CB:32:F5:52:01:5F:8C:2C:42:86:1B:45:09:0F:0D
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/22382750-431d-4ab9-aa08-e0f973e067f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f00c::/39

    Signature Algorithm: sha256WithRSAEncryption
         5c:2c:22:9f:99:40:af:7f:78:c2:aa:1a:3f:d1:07:3b:19:78:
         e7:4b:b0:fb:44:fb:8b:52:93:0f:c9:18:d0:35:96:5b:fa:ba:
         b3:9c:c1:0c:3a:55:fe:23:ae:13:d1:0d:03:27:d5:24:68:1a:
         ea:3a:27:ef:ad:2f:a0:85:1a:bd:28:3b:29:ad:84:5a:10:1d:
         4c:82:73:97:ef:03:8f:44:52:5b:a4:f9:dd:c6:92:36:7b:4d:
         69:23:44:1c:5d:8e:d4:95:ae:6a:9e:a4:41:0f:fa:5c:8b:2e:
         45:3a:68:cd:21:26:7b:a5:0a:19:13:a1:cf:c1:a9:53:5b:a8:
         40:4a:60:b6:a2:10:69:05:6f:a8:1c:ea:fd:f4:9a:2a:90:b1:
         3f:52:69:56:f9:9b:2f:78:5a:db:97:4a:64:26:36:4e:6d:59:
         23:b9:b0:31:26:40:21:42:34:35:90:ec:dc:3d:11:fd:b9:31:
         23:4b:86:7f:2b:99:79:eb:6a:76:fd:af:ac:e4:26:a1:e6:36:
         0e:b0:a1:56:03:d0:99:a8:bf:7b:cf:8b:03:ea:1f:f5:c5:f1:
         00:c7:4b:42:7d:9d:96:24:00:19:20:22:cb:ad:d6:7f:a8:f6:
         c7:ee:5e:a3:1b:ac:ca:bd:50:bb:ce:e4:29:5c:3c:fe:de:cc:
         9a:65:00:1f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUexh2HcIm7dJmF7564NF5fUjrQRowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTkwMDEyWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjY2QzOWE2ZTE0YTliMmIzNTlhMDViNDA1MzU4ZDkzMjVi
YzNmMjJjMjEwNDQwMDMwMDcwNWM3NzE4NWQwZGNmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo47OILEUAhlp+14vVIGCMRnhreGqPPudULTgcBiqww73x
hOaR/YDMrXWZByZKDZQBFYjAHj7mUH31j6G/1Us482bl5Jd7wSO+sWzcp7aEG8kV
u8smZK1sNEYf/INJfT4vN8NxlEBr9E0GS97L8sKCoI5kSPRGTDt4lFtRByNOLQmq
wtLHWZtkdT5eAC+07GutOYEGxh0OlwsCpy3K/YVjE5Tlg5UfpuEq0/5yVesJTmGN
XCDm/m6oEXbgHxAdmJY4oR4YMMNSuujFfbc3zFjuZATyHyA/re9BowACROblk0hG
pfcaEvD68Z0kYSegv42FZB107vGEFmYSpEr8ZMthAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU48hHaP/LMvVSAV+MLEKGG0UJDw0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzIyMzgyNzUwLTQzMWQtNGFiOS1hYTA4LWUwZjk3M2UwNjdmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAPAMADANBgkqhkiG9w0BAQsFAAOCAQEAXCwin5lAr394wqoaP9EHOxl4
50uw+0T7i1KTD8kY0DWWW/q6s5zBDDpV/iOuE9ENAyfVJGga6jon760voIUavSg7
Ka2EWhAdTIJzl+8Dj0RSW6T53caSNntNaSNEHF2O1JWuap6kQQ/6XIsuRTpozSEm
e6UKGROhz8GpU1uoQEpgtqIQaQVvqBzq/fSaKpCxP1JpVvmbL3ha25dKZCY2Tm1Z
I7mwMSZAIUI0NZDs3D0R/bkxI0uGfyuZeetqdv2vrOQmoeY2DrChVgPQmai/e8+L
A+of9cXxAMdLQn2dliQAGSAiy63Wf6j2x+5eoxusyr1Qu87kKVw8/t7MmmUAHw==
-----END CERTIFICATE-----
Generated at Sat Apr 5 11:20:30 2025 by rpki-client