Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38153cce-e525-47a5-af36-a8f25ad480b4.roa
File:                     38153cce-e525-47a5-af36-a8f25ad480b4.roa (raw, json)
Hash identifier:          3+teIyI5F9DXtkLBPJiShUTJcsQErNkugBcAccJEM4I=
Subject key identifier:   32:76:66:92:13:A9:46:D9:B8:C1:62:52:1D:12:9E:20:98:67:63:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E8D25247D31996717E3C65D15E3475E920E4273
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38153cce-e525-47a5-af36-a8f25ad480b4.roa
Signing time:             Tue 20 May 2025 00:41:25 +0000
ROA not before:           Tue 20 May 2025 00:41:25 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f21:8000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 10 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:8d:25:24:7d:31:99:67:17:e3:c6:5d:15:e3:47:5e:92:0e:42:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 20 00:41:25 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=edfed8d43fc6d4042c86df40877821e6927f7e8ae0a47dc6372c1b9ffd4449f9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:43:5a:ba:56:40:aa:51:fa:d5:f3:0d:f5:
                    40:36:de:e8:39:a9:59:73:a6:6c:2a:45:36:7d:cd:
                    be:58:dc:5d:43:8b:ed:e0:bc:2e:16:81:ed:20:28:
                    d0:6f:90:74:b8:6d:5b:1d:57:62:8a:b1:52:9b:7d:
                    4c:71:f9:6d:b0:63:23:2b:50:87:61:f6:2e:c9:f4:
                    fd:04:20:a9:7d:90:82:0f:9a:7c:cf:05:46:b1:60:
                    14:52:ab:7a:94:40:84:e8:a4:b5:73:df:07:60:22:
                    8c:66:df:7f:9f:c9:a0:ab:46:54:0c:2a:e2:fd:e3:
                    bf:cc:06:0a:5b:a3:c6:d1:07:ca:39:77:a6:46:a3:
                    a5:f2:b1:ef:4a:5d:e5:e8:7b:dd:a7:2f:58:35:14:
                    62:49:fe:2c:e1:41:57:31:2d:bc:7e:4c:80:af:1e:
                    c7:90:9f:e1:91:a0:4f:f1:6d:b7:e0:ba:5a:76:64:
                    7e:23:c2:21:a4:57:1f:28:9e:c4:5e:98:a5:95:33:
                    6f:be:60:8a:ae:75:83:09:4e:c6:ec:b5:9c:04:0b:
                    da:81:df:1c:0a:7f:eb:74:39:93:ae:bd:2d:aa:98:
                    36:77:d9:ce:54:b7:b3:3c:b9:fd:be:06:0c:d1:22:
                    16:4d:25:73:db:27:7d:03:82:fd:f6:17:0a:0e:9e:
                    bf:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:76:66:92:13:A9:46:D9:B8:C1:62:52:1D:12:9E:20:98:67:63:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38153cce-e525-47a5-af36-a8f25ad480b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f21:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         74:05:5c:34:63:1b:0e:1f:14:a4:8f:67:ca:14:79:37:0a:09:
         de:32:91:d2:0e:e4:4f:4b:5b:6e:ac:6a:d9:91:31:a5:6f:ca:
         fb:ef:6c:32:79:00:e1:44:f1:32:25:d7:a5:af:9d:3e:fa:76:
         79:bd:9d:0e:b0:a5:6d:bb:77:7b:ee:2f:7b:8d:03:6a:dc:85:
         8c:26:52:22:de:08:73:2d:8c:ed:6c:73:4c:54:ef:4f:9e:f8:
         81:7c:1f:1e:81:2e:75:eb:a5:79:b8:04:0d:94:05:c0:c6:f6:
         67:0d:77:03:ac:14:96:dc:59:24:ce:b2:b0:c6:e0:61:f1:dd:
         32:03:66:cc:7b:5f:4a:16:73:12:a3:cb:c2:a8:36:22:72:21:
         b7:61:24:33:97:ea:7b:70:6f:f2:bb:6b:9b:6e:bb:fc:d6:9d:
         68:b4:17:93:95:60:44:e7:ce:93:62:e9:98:d8:f1:47:17:65:
         75:56:cd:55:46:c2:c1:a6:84:27:8f:09:03:ff:7e:f0:79:48:
         4e:a0:82:9c:1b:ac:07:e9:5f:b7:92:28:3f:73:6d:36:87:74:
         2e:0b:86:7a:08:e3:98:46:be:30:f3:46:be:17:8c:00:26:4c:
         a3:ee:73:cc:25:35:81:d7:b4:9c:37:c0:50:2d:65:2e:13:01:
         a2:c3:4a:d3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPo0lJH0xmWcX48ZdFeNHXpIOQnMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTIwMDA0MTI1WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGZlZDhkNDNmYzZkNDA0MmM4NmRmNDA4Nzc4MjFlNjky
N2Y3ZThhZTBhNDdkYzYzNzJjMWI5ZmZkNDQ0OWY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkJUNaulZAqlH61fMN9UA23ug5qVlzpmwqRTZ9zb5Y3F1D
i+3gvC4Wge0gKNBvkHS4bVsdV2KKsVKbfUxx+W2wYyMrUIdh9i7J9P0EIKl9kIIP
mnzPBUaxYBRSq3qUQITopLVz3wdgIoxm33+fyaCrRlQMKuL947/MBgpbo8bRB8o5
d6ZGo6Xyse9KXeXoe92nL1g1FGJJ/izhQVcxLbx+TICvHseQn+GRoE/xbbfgulp2
ZH4jwiGkVx8onsRemKWVM2++YIqudYMJTsbstZwEC9qB3xwKf+t0OZOuvS2qmDZ3
2c5Ut7M8uf2+BgzRIhZNJXPbJ30Dgv32FwoOnr8RAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUMnZmkhOpRtm4wWJSHRKeIJhnYy4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4MTUzY2NlLWU1MjUtNDdhNS1hZjM2LWE4ZjI1YWQ0ODBiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8hgDANBgkqhkiG9w0BAQsFAAOCAQEAdAVcNGMbDh8UpI9nyhR5NwoJ
3jKR0g7kT0tbbqxq2ZExpW/K++9sMnkA4UTxMiXXpa+dPvp2eb2dDrClbbt3e+4v
e40DatyFjCZSIt4Icy2M7WxzTFTvT574gXwfHoEudeulebgEDZQFwMb2Zw13A6wU
ltxZJM6ysMbgYfHdMgNmzHtfShZzEqPLwqg2InIht2EkM5fqe3Bv8rtrm267/Nad
aLQXk5VgROfOk2LpmNjxRxdldVbNVUbCwaaEJ48JA/9+8HlITqCCnBusB+lft5Io
P3NtNod0LguGegjjmEa+MPNGvheMACZMo+5zzCU1gde0nDfAUC1lLhMBosNK0w==
-----END CERTIFICATE-----