Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4adbd4db-9c77-456a-9a38-aae1df82a18a.roa
File:                     4adbd4db-9c77-456a-9a38-aae1df82a18a.roa (raw, json)
Hash identifier:          HJP7ZcPaZn2p5/06ZnJNe++i6DQgv0MK/NpiIYHJe5M=
Subject key identifier:   FB:2F:CE:BC:E6:55:F8:D5:A4:FF:38:E1:F2:94:1A:37:E8:21:32:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       383A49C71C92D50548B2B63F181CA8B99BE15CD2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4adbd4db-9c77-456a-9a38-aae1df82a18a.roa
Signing time:             Mon 19 May 2025 18:11:54 +0000
ROA not before:           Mon 19 May 2025 18:11:54 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1b:4000::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:3a:49:c7:1c:92:d5:05:48:b2:b6:3f:18:1c:a8:b9:9b:e1:5c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 18:11:54 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=013a3c2e13d114135c6ad0f87fe81f00c3a82ceb2ab1df5924db10b990bd0f7d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:48:8f:e0:a1:79:8e:ff:16:fc:b5:08:e1:5e:
                    39:3e:b4:11:1d:b0:19:c5:bb:f6:12:98:26:ef:1a:
                    88:87:19:05:2e:04:03:68:3d:00:dc:75:b0:fc:c3:
                    a8:7a:f6:b4:f3:f5:ac:8d:c8:af:aa:ed:aa:08:a6:
                    28:95:fd:70:9c:82:b1:5d:f3:e2:ec:75:9f:bd:10:
                    24:7f:71:50:e5:5a:6b:24:8d:26:5a:f2:c4:5b:1e:
                    cf:e3:f3:7c:a8:60:0f:1e:3e:62:9c:7d:4c:1f:35:
                    ef:3e:12:45:3a:8f:7b:2c:ee:c0:63:d8:b8:05:0a:
                    c4:62:8f:c9:e2:c7:b2:46:cc:b2:4c:92:b7:cb:80:
                    d0:ba:e1:cf:92:ab:06:74:4c:60:3b:3a:11:ce:6c:
                    54:c8:11:51:60:16:a6:92:2a:56:a6:8d:f1:7f:ad:
                    80:4e:4d:d0:24:62:3e:78:c5:13:62:0d:ce:ae:71:
                    65:31:8e:53:58:03:b7:3c:56:81:74:bd:d3:e3:78:
                    31:ff:13:2d:ee:3a:70:5a:a4:63:b6:fc:66:1e:27:
                    ee:e5:1f:cf:28:ff:b3:f0:04:8c:04:c5:38:45:ec:
                    82:59:64:6f:d1:9c:cd:40:04:c5:16:d2:ee:11:93:
                    38:7e:e0:87:9e:10:a5:11:0f:e5:65:33:4a:9d:07:
                    14:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2F:CE:BC:E6:55:F8:D5:A4:FF:38:E1:F2:94:1A:37:E8:21:32:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4adbd4db-9c77-456a-9a38-aae1df82a18a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1b:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         d0:30:2d:ee:4e:50:9b:53:77:6f:6b:5a:76:8b:74:fa:24:99:
         15:c1:43:1f:57:f3:4e:49:53:3c:0b:c5:a8:2e:8c:92:bf:5e:
         f0:e0:3c:32:9d:10:6d:85:71:05:2c:2e:b0:c3:d9:9b:d3:fe:
         8c:e9:f6:f7:db:86:0c:02:e7:f9:d0:97:3a:27:01:7c:86:3f:
         e8:c8:c7:f2:65:87:d7:0f:de:5a:48:58:e8:02:2d:12:bb:95:
         fa:69:86:2c:e9:7e:64:ff:ed:60:e5:e1:c4:61:0c:f9:0d:2e:
         fe:c4:3b:4c:75:e4:8b:41:e7:20:b6:90:0c:9c:4d:e5:85:e9:
         1c:70:9e:e8:e8:5c:f4:2f:ba:be:8f:54:18:6c:b5:c7:9f:da:
         91:88:ac:23:ba:03:5f:4a:38:54:a3:74:1c:5a:ed:b7:ad:e9:
         e2:56:11:d3:88:64:67:d9:08:53:70:fc:d7:2a:2d:ac:16:92:
         20:be:5c:5f:e3:16:57:b5:41:b4:47:07:69:15:d3:6a:20:e7:
         43:44:a4:c4:75:d0:df:c4:1d:1e:d6:83:78:67:d0:14:b1:5b:
         bb:e0:f0:81:bc:fc:e0:ff:0b:3b:98:ef:4c:29:d8:04:20:89:
         d6:34:f0:b5:4c:84:11:4f:ef:a5:7e:1d:e8:fa:bd:69:22:6e:
         9e:7c:55:70
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUODpJxxyS1QVIsrY/GByouZvhXNIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTgxMTU0WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMTNhM2MyZTEzZDExNDEzNWM2YWQwZjg3ZmU4MWYwMGMz
YTgyY2ViMmFiMWRmNTkyNGRiMTBiOTkwYmQwZjdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKSI/goXmO/xb8tQjhXjk+tBEdsBnFu/YSmCbvGoiHGQUu
BANoPQDcdbD8w6h69rTz9ayNyK+q7aoIpiiV/XCcgrFd8+LsdZ+9ECR/cVDlWmsk
jSZa8sRbHs/j83yoYA8ePmKcfUwfNe8+EkU6j3ss7sBj2LgFCsRij8nix7JGzLJM
krfLgNC64c+SqwZ0TGA7OhHObFTIEVFgFqaSKlamjfF/rYBOTdAkYj54xRNiDc6u
cWUxjlNYA7c8VoF0vdPjeDH/Ey3uOnBapGO2/GYeJ+7lH88o/7PwBIwExThF7IJZ
ZG/RnM1ABMUW0u4Rkzh+4IeeEKURD+VlM0qdBxRlAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+y/OvOZV+NWk/zjh8pQaN+ghMtkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhZGJkNGRiLTljNzctNDU2YS05YTM4LWFhZTFkZjgyYTE4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8bQDANBgkqhkiG9w0BAQsFAAOCAQEA0DAt7k5Qm1N3b2tadot0+iSZ
FcFDH1fzTklTPAvFqC6Mkr9e8OA8Mp0QbYVxBSwusMPZm9P+jOn299uGDALn+dCX
OicBfIY/6MjH8mWH1w/eWkhY6AItEruV+mmGLOl+ZP/tYOXhxGEM+Q0u/sQ7THXk
i0HnILaQDJxN5YXpHHCe6Ohc9C+6vo9UGGy1x5/akYisI7oDX0o4VKN0HFrtt63p
4lYR04hkZ9kIU3D81yotrBaSIL5cX+MWV7VBtEcHaRXTaiDnQ0SkxHXQ38QdHtaD
eGfQFLFbu+Dwgbz84P8LO5jvTCnYBCCJ1jTwtUyEEU/vpX4d6Pq9aSJunnxVcA==
-----END CERTIFICATE-----