Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b35ef4c-a3c4-48e9-9f86-c2d68b0fe6ce.roa
File:                     1b35ef4c-a3c4-48e9-9f86-c2d68b0fe6ce.roa (raw, json)
Hash identifier:          Cad36Is2ZXpxtoeI0MtqlPyLXVMaWIZSLtWwBLnDXEc=
Subject key identifier:   86:01:0E:5A:7C:39:8F:DB:6F:79:45:80:EC:0D:CB:BB:76:7C:73:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E2DA1EEE140AB6F150891009706F7099DA4351A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b35ef4c-a3c4-48e9-9f86-c2d68b0fe6ce.roa
Signing time:             Fri 29 Aug 2025 00:31:17 +0000
ROA not before:           Fri 29 Aug 2025 00:31:17 +0000
ROA not after:            Fri 03 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:81c2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Sep 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:2d:a1:ee:e1:40:ab:6f:15:08:91:00:97:06:f7:09:9d:a4:35:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 29 00:31:17 2025 GMT
            Not After : Oct  3 23:59:59 2025 GMT
        Subject: serialNumber=9b688c2145384db028934b8df69478f76980a8c11106cc6d8c66dff7dcb8bd90, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:54:79:f8:9e:c7:b7:60:d9:dd:58:8c:29:aa:
                    a0:eb:e3:99:99:2c:e5:ca:67:c0:a6:b0:47:2e:d6:
                    85:3c:83:0c:c3:22:ef:0d:e1:bd:a3:f5:2e:20:38:
                    df:d2:c4:99:ce:c2:11:4d:19:5e:fb:6e:7a:87:8b:
                    83:08:60:d5:b9:75:2b:12:c0:56:7c:68:1e:fa:53:
                    61:18:b1:77:7d:24:8e:6d:85:09:56:ef:d1:48:67:
                    d8:5d:4b:3e:ba:e2:5d:87:c6:38:1d:20:fd:c4:5f:
                    70:de:86:af:37:83:da:74:05:f0:63:2e:03:a9:f0:
                    f1:66:b4:cd:d0:80:7a:32:ff:cf:d0:1f:7b:89:8a:
                    d2:96:bc:1e:03:cb:a0:30:7e:83:32:c8:e5:94:a2:
                    91:83:81:91:33:c9:10:01:fe:37:c0:c7:8d:66:eb:
                    98:80:65:43:e7:45:3d:31:d1:98:8a:bb:89:88:6f:
                    fe:0b:a7:34:a3:97:97:83:43:90:a0:2d:d2:71:da:
                    53:26:a0:db:65:65:af:8f:3b:85:f1:e9:2c:24:f6:
                    9f:0c:31:6b:1b:5b:e2:71:01:8c:6c:64:da:9a:c2:
                    85:e2:17:f1:0d:f9:05:d6:a4:83:dc:a6:c6:f3:a7:
                    2f:38:da:a8:70:7a:3b:5b:d9:25:ff:b1:10:b3:4f:
                    77:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:01:0E:5A:7C:39:8F:DB:6F:79:45:80:EC:0D:CB:BB:76:7C:73:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b35ef4c-a3c4-48e9-9f86-c2d68b0fe6ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:81c2::/48

    Signature Algorithm: sha256WithRSAEncryption
         d4:58:23:02:b5:70:83:18:43:db:a5:9b:c0:92:6e:91:dd:7c:
         04:5f:45:53:b1:d7:e3:eb:93:3f:20:8b:da:da:c2:08:65:41:
         ad:96:90:14:d5:bf:74:f9:9b:af:82:41:04:38:62:86:d8:18:
         10:93:79:40:c8:a1:40:ce:9e:e3:3d:ed:5c:49:b2:ef:24:ed:
         d9:05:17:cc:c4:98:af:55:a5:b7:f4:32:3e:14:58:95:67:14:
         f7:86:f2:b6:97:ad:fd:3a:28:5d:15:b6:a1:38:a9:93:db:e8:
         ab:cc:30:e1:db:fc:d5:f5:05:2d:f9:73:f2:43:71:62:22:77:
         1c:4d:ba:e7:d3:82:65:73:d1:be:98:44:aa:14:b8:22:10:ef:
         9d:95:82:b3:79:00:4e:f2:77:8e:11:94:60:c4:37:c0:6b:32:
         be:65:c8:60:58:91:45:03:43:b4:27:8c:42:ca:01:13:c4:96:
         3b:a8:5f:7e:ec:dd:10:a0:e2:ba:6c:c8:70:ba:87:ef:86:b7:
         77:94:11:a5:cc:06:41:cb:6c:de:09:f3:6c:ef:c8:3e:1d:83:
         fd:83:af:3f:da:7e:af:08:0a:32:d4:33:66:7e:9f:d5:c9:6f:
         92:8d:00:d6:e6:cf:18:82:87:a1:c8:51:73:2a:e9:18:2d:b1:
         50:db:ea:48
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULi2h7uFAq28VCJEAlwb3CZ2kNRowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODI5MDAzMTE3WhcNMjUxMDAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjY4OGMyMTQ1Mzg0ZGIwMjg5MzRiOGRmNjk0NzhmNzY5
ODBhOGMxMTEwNmNjNmQ4YzY2ZGZmN2RjYjhiZDkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdVHn4nse3YNndWIwpqqDr45mZLOXKZ8CmsEcu1oU8gwzD
Iu8N4b2j9S4gON/SxJnOwhFNGV77bnqHi4MIYNW5dSsSwFZ8aB76U2EYsXd9JI5t
hQlW79FIZ9hdSz664l2HxjgdIP3EX3Dehq83g9p0BfBjLgOp8PFmtM3QgHoy/8/Q
H3uJitKWvB4Dy6AwfoMyyOWUopGDgZEzyRAB/jfAx41m65iAZUPnRT0x0ZiKu4mI
b/4LpzSjl5eDQ5CgLdJx2lMmoNtlZa+PO4Xx6Swk9p8MMWsbW+JxAYxsZNqawoXi
F/EN+QXWpIPcpsbzpy842qhwejtb2SX/sRCzT3fZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhgEOWnw5j9tveUWA7A3Lu3Z8c6cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFiMzVlZjRjLWEzYzQtNDhlOS05Zjg2LWMyZDY4YjBmZTZjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gcIwDQYJKoZIhvcNAQELBQADggEBANRYIwK1cIMYQ9ulm8CSbpHd
fARfRVOx1+Prkz8gi9rawghlQa2WkBTVv3T5m6+CQQQ4YobYGBCTeUDIoUDOnuM9
7VxJsu8k7dkFF8zEmK9Vpbf0Mj4UWJVnFPeG8raXrf06KF0VtqE4qZPb6KvMMOHb
/NX1BS35c/JDcWIidxxNuufTgmVz0b6YRKoUuCIQ752VgrN5AE7yd44RlGDEN8Br
Mr5lyGBYkUUDQ7QnjELKARPEljuoX37s3RCg4rpsyHC6h++Gt3eUEaXMBkHLbN4J
82zvyD4dg/2Drz/afq8ICjLUM2Z+n9XJb5KNANbmzxiCh6HIUXMq6RgtsVDb6kg=
-----END CERTIFICATE-----