Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10766232-d957-4405-85ce-681703faff9e.roa
File:                     10766232-d957-4405-85ce-681703faff9e.roa (raw, json)
Hash identifier:          Fq7358luX6nF2S5jPDuD7yJfZjt8xbjBojPsXRCQGF0=
Subject key identifier:   25:39:57:36:F3:6E:DD:63:47:C4:A4:F1:F1:FC:24:AC:82:EC:C8:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C5BBD70B8CB24CDF2283E4371EAFCAD7E946AD7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10766232-d957-4405-85ce-681703faff9e.roa
Signing time:             Mon 19 May 2025 16:02:05 +0000
ROA not before:           Mon 19 May 2025 16:02:05 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:4020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:5b:bd:70:b8:cb:24:cd:f2:28:3e:43:71:ea:fc:ad:7e:94:6a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 16:02:05 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=8ea771a6231cd516db606e6690457ba5f599a2d3cbe1624e199285bd40eba251, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2c:e2:ce:c5:d1:a5:37:37:d0:2b:32:19:bc:
                    ac:8a:22:cf:bc:77:32:8f:2a:6d:f5:ff:8e:aa:cc:
                    5c:b7:e1:7d:6c:66:56:be:83:84:e6:91:05:e9:82:
                    d6:92:45:84:cd:35:d9:85:ff:29:bd:06:86:ec:bf:
                    73:f2:9a:18:04:d2:04:59:ac:75:66:75:aa:a2:94:
                    23:df:4e:b5:34:a4:72:bd:ef:c4:4c:89:11:69:fc:
                    90:a5:ec:02:32:b1:ed:3d:c2:6f:e8:92:4a:0c:30:
                    0c:99:16:7f:f3:4a:3f:57:b8:47:d8:af:53:70:9f:
                    22:12:00:af:e9:81:e8:6d:b3:ae:c0:c3:c2:a1:bb:
                    0e:c9:2e:89:48:ef:d9:63:da:50:a7:be:22:cb:a9:
                    85:02:94:e7:36:59:fa:65:68:9d:0d:9e:70:6a:ac:
                    e9:b7:61:8b:ac:a1:72:0b:0c:ec:06:53:37:1c:59:
                    a1:b1:8f:1a:35:c6:1a:d7:74:c0:79:5e:f4:5c:7e:
                    40:28:51:8d:cc:2d:80:28:41:e0:92:12:80:d9:75:
                    cb:39:1b:75:14:40:81:a9:f2:ac:a4:83:52:b3:f2:
                    a4:16:c4:5a:5b:ec:ef:e2:4a:7d:60:92:56:ea:96:
                    50:a6:c9:9d:c9:92:f8:64:b4:01:b6:90:b7:ab:da:
                    99:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:39:57:36:F3:6E:DD:63:47:C4:A4:F1:F1:FC:24:AC:82:EC:C8:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10766232-d957-4405-85ce-681703faff9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:4020::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:0a:90:4d:8d:db:e9:4b:08:61:06:27:b1:3c:32:6a:0a:bb:
         20:85:39:80:8d:ed:33:ef:69:8b:87:2e:70:b2:13:f4:cb:27:
         22:c2:01:61:3e:97:cb:8e:10:e3:ac:89:23:40:d0:21:12:a9:
         66:ef:8d:5a:8a:2e:83:2f:45:f7:0e:37:d4:3a:0e:26:c4:29:
         a2:a6:9f:cd:00:df:e6:ca:62:26:e8:65:3f:51:7c:40:bb:af:
         d2:ef:23:6b:44:f4:60:47:fd:d3:3f:08:9a:4e:a3:51:db:69:
         79:c4:c1:90:1d:52:f6:f6:68:21:69:26:33:07:e3:60:f4:61:
         32:53:3c:67:82:e9:33:1e:a9:67:7c:1b:a7:ff:09:cd:82:b8:
         0d:2e:8c:12:16:e4:95:8a:b8:e6:c5:51:d3:99:ea:98:29:29:
         f9:16:ed:c1:21:85:06:fc:64:dc:1e:fe:8f:56:e6:bf:70:c9:
         92:85:e5:7a:80:1d:f8:17:68:95:de:e9:dc:29:03:48:e5:68:
         e0:fe:0d:15:03:9c:de:4a:c4:be:47:cf:92:ab:6f:20:f2:5d:
         92:a7:b3:b8:9e:d0:6d:0d:f9:0d:fa:e6:77:ec:e7:76:d0:ac:
         10:6f:0c:84:b7:b3:77:0f:d9:f6:9c:46:83:e7:40:d7:77:e6:
         83:4b:11:5d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUHFu9cLjLJM3yKD5Dcer8rX6UatcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTYwMjA1WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWE3NzFhNjIzMWNkNTE2ZGI2MDZlNjY5MDQ1N2JhNWY1
OTlhMmQzY2JlMTYyNGUxOTkyODViZDQwZWJhMjUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDLOLOxdGlNzfQKzIZvKyKIs+8dzKPKm31/46qzFy34X1s
Zla+g4TmkQXpgtaSRYTNNdmF/ym9Bobsv3PymhgE0gRZrHVmdaqilCPfTrU0pHK9
78RMiRFp/JCl7AIyse09wm/okkoMMAyZFn/zSj9XuEfYr1NwnyISAK/pgehts67A
w8Khuw7JLolI79lj2lCnviLLqYUClOc2WfplaJ0NnnBqrOm3YYusoXILDOwGUzcc
WaGxjxo1xhrXdMB5XvRcfkAoUY3MLYAoQeCSEoDZdcs5G3UUQIGp8qykg1Kz8qQW
xFpb7O/iSn1gklbqllCmyZ3JkvhktAG2kLer2plLAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJTlXNvNu3WNHxKTx8fwkrILsyEMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwNzY2MjMyLWQ5NTctNDQwNS04NWNlLTY4MTcwM2ZhZmY5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84QCAwDQYJKoZIhvcNAQELBQADggEBAHUKkE2N2+lLCGEGJ7E8MmoK
uyCFOYCN7TPvaYuHLnCyE/TLJyLCAWE+l8uOEOOsiSNA0CESqWbvjVqKLoMvRfcO
N9Q6DibEKaKmn80A3+bKYiboZT9RfEC7r9LvI2tE9GBH/dM/CJpOo1HbaXnEwZAd
Uvb2aCFpJjMH42D0YTJTPGeC6TMeqWd8G6f/Cc2CuA0ujBIW5JWKuObFUdOZ6pgp
KfkW7cEhhQb8ZNwe/o9W5r9wyZKF5XqAHfgXaJXe6dwpA0jlaOD+DRUDnN5KxL5H
z5KrbyDyXZKns7ie0G0N+Q365nfs53bQrBBvDIS3s3cP2facRoPnQNd35oNLEV0=
-----END CERTIFICATE-----