Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11f7b2bd-b866-4941-8b5b-ff2f70861881.roa
File:                     11f7b2bd-b866-4941-8b5b-ff2f70861881.roa (raw, json)
Hash identifier:          +DdQKchfUHh7amwHRhpjtkNfUUhWPu6/gc+j/eaHb28=
Subject key identifier:   9C:96:F3:19:D9:57:1F:62:D7:A2:B7:46:75:A9:2A:2A:85:D4:FB:92
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40B4A0DAD85FA4BB7B7D7B2BDC0C702CE63A2BCB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11f7b2bd-b866-4941-8b5b-ff2f70861881.roa
Signing time:             Mon 19 May 2025 15:21:08 +0000
ROA not before:           Mon 19 May 2025 15:21:08 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f00:8000::/39 maxlen: 39
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:b4:a0:da:d8:5f:a4:bb:7b:7d:7b:2b:dc:0c:70:2c:e6:3a:2b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 15:21:08 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=fd92deaf69c89fe776cf821cfecf4ac5fd724e05e4c7bac586fa6fb19042349d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:54:e4:f0:b9:4d:3c:46:84:67:c6:02:d4:dc:
                    e5:d2:cf:cb:50:06:9b:8d:dd:9a:e8:7d:85:ba:cf:
                    09:d2:3f:79:b9:91:db:d1:6e:dd:45:a6:a9:b8:a9:
                    18:41:d0:79:cc:f7:a4:c0:d6:93:70:6e:a1:2e:94:
                    26:47:22:90:9c:4e:8a:1d:d2:fa:54:41:09:14:16:
                    80:3b:bb:2c:41:55:7f:7e:21:91:cf:f6:e3:85:ed:
                    37:e0:89:6e:51:bb:b3:df:0f:dd:68:f3:48:c2:80:
                    ab:30:f7:cb:17:ca:73:33:c8:7a:5e:a1:c3:72:1d:
                    fd:6a:c3:a7:04:af:54:7a:b5:8e:23:35:8d:75:bf:
                    8c:e4:9c:ee:7a:8d:d4:cf:24:02:25:50:c6:5a:34:
                    b5:0b:58:4a:74:9d:2f:0e:d6:8f:81:ea:ec:d5:ba:
                    3c:65:1c:93:7b:7c:0a:b9:6c:5c:dc:f6:9e:94:96:
                    6c:59:33:55:4e:cd:de:e4:63:35:60:8e:20:91:65:
                    00:9a:be:c1:eb:0e:62:b6:cf:46:4e:26:21:70:03:
                    88:08:2e:51:6b:b8:21:0e:98:69:62:a0:01:2b:0f:
                    db:90:8b:89:cb:63:01:f7:1c:98:cf:15:85:24:35:
                    7f:31:44:d7:7f:06:5c:1b:ec:96:78:56:c1:6c:f4:
                    4b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:96:F3:19:D9:57:1F:62:D7:A2:B7:46:75:A9:2A:2A:85:D4:FB:92
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11f7b2bd-b866-4941-8b5b-ff2f70861881.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         2a:f3:57:77:62:89:f5:09:50:b5:1b:8c:af:45:80:04:54:cb:
         06:d1:72:43:d0:ca:22:ed:62:53:7a:a5:3b:bb:21:e9:fb:1a:
         10:c0:87:5a:02:8f:92:7c:f6:c7:d1:af:c2:f0:76:76:24:38:
         17:37:67:ab:f9:47:cf:3f:08:5c:5b:be:7b:96:f3:ce:08:4f:
         fc:5b:aa:ff:e1:c5:9f:f2:e9:a1:c9:94:8f:54:0c:c3:1f:cc:
         b7:31:d7:c1:c8:dc:62:77:fb:53:47:be:85:b8:4b:f1:02:ba:
         11:3d:ef:6f:cf:d7:50:58:14:a7:2d:97:d6:1f:ea:4a:a2:fe:
         92:cc:6d:e8:c9:9e:bd:03:6b:d0:78:ae:df:c4:85:d4:d0:28:
         ea:a3:bd:04:b3:cf:bd:5f:2c:09:46:e9:05:23:c5:a4:cd:0e:
         57:17:85:bd:4f:13:21:0b:d5:8a:2c:ee:c5:69:71:6a:39:cb:
         2b:7f:1b:9b:0b:1c:14:77:50:79:b2:78:0f:bb:6b:94:23:68:
         05:69:48:18:da:46:d7:f5:3a:ad:10:54:a5:09:1a:da:cf:03:
         f9:e5:51:c7:c1:e1:d9:e9:93:52:ba:aa:56:43:fb:cb:fc:0e:
         0e:11:b8:37:f1:cd:c2:4c:b0:9a:21:d9:ee:9b:c8:21:a2:c4:
         12:97:f8:03
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQLSg2thfpLt7fXsr3AxwLOY6K8swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTUyMTA4WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDkyZGVhZjY5Yzg5ZmU3NzZjZjgyMWNmZWNmNGFjNWZk
NzI0ZTA1ZTRjN2JhYzU4NmZhNmZiMTkwNDIzNDlkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnVOTwuU08RoRnxgLU3OXSz8tQBpuN3ZrofYW6zwnSP3m5
kdvRbt1Fpqm4qRhB0HnM96TA1pNwbqEulCZHIpCcTood0vpUQQkUFoA7uyxBVX9+
IZHP9uOF7TfgiW5Ru7PfD91o80jCgKsw98sXynMzyHpeocNyHf1qw6cEr1R6tY4j
NY11v4zknO56jdTPJAIlUMZaNLULWEp0nS8O1o+B6uzVujxlHJN7fAq5bFzc9p6U
lmxZM1VOzd7kYzVgjiCRZQCavsHrDmK2z0ZOJiFwA4gILlFruCEOmGlioAErD9uQ
i4nLYwH3HJjPFYUkNX8xRNd/Blwb7JZ4VsFs9EutAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUnJbzGdlXH2LXordGdakqKoXU+5IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExZjdiMmJkLWI4NjYtNDk0MS04YjViLWZmMmY3MDg2MTg4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB8AgDANBgkqhkiG9w0BAQsFAAOCAQEAKvNXd2KJ9QlQtRuMr0WABFTL
BtFyQ9DKIu1iU3qlO7sh6fsaEMCHWgKPknz2x9GvwvB2diQ4Fzdnq/lHzz8IXFu+
e5bzzghP/Fuq/+HFn/LpocmUj1QMwx/MtzHXwcjcYnf7U0e+hbhL8QK6ET3vb8/X
UFgUpy2X1h/qSqL+ksxt6MmevQNr0Hiu38SF1NAo6qO9BLPPvV8sCUbpBSPFpM0O
VxeFvU8TIQvViizuxWlxajnLK38bmwscFHdQebJ4D7trlCNoBWlIGNpG1/U6rRBU
pQka2s8D+eVRx8Hh2emTUrqqVkP7y/wODhG4N/HNwkywmiHZ7pvIIaLEEpf4Aw==
-----END CERTIFICATE-----