Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/624938a7-7c55-4a2c-87ea-1939815006d1.roa
File:                     624938a7-7c55-4a2c-87ea-1939815006d1.roa (raw, json)
Hash identifier:          c57j9rufcDDXtE3SroGCP+2FoChu3zYX34yYsxtQ5C8=
Subject key identifier:   A5:13:A9:B2:3F:EC:CF:5D:2E:A8:DD:4A:57:F7:AD:7B:1A:F9:E2:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4ECD09A6E3009A422877B76ACDE672510A0160C7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/624938a7-7c55-4a2c-87ea-1939815006d1.roa
Signing time:             Fri 28 Mar 2025 16:21:24 +0000
ROA not before:           Fri 28 Mar 2025 16:21:24 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff1:8000::/39 maxlen: 39
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:cd:09:a6:e3:00:9a:42:28:77:b7:6a:cd:e6:72:51:0a:01:60:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:21:24 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=5fa5da3728068a2acca9840815bf5a5673f941b99012bcbc12944396bd5bfbd4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a3:c3:09:08:6f:be:c8:9c:a3:62:1e:d6:b5:
                    8e:13:7e:b5:9a:c6:36:a4:9c:e8:b3:93:34:ed:89:
                    a4:47:49:28:75:02:f0:ca:af:67:54:b6:2b:6d:52:
                    db:f0:45:1e:81:5f:87:84:16:e2:87:ae:a8:80:60:
                    69:6b:e1:e7:46:32:c4:cb:87:69:3e:9e:42:07:e7:
                    ed:93:78:ee:b1:b0:75:de:7a:35:e5:29:73:a8:a1:
                    67:89:78:a0:ad:3f:f9:6b:bf:2c:b9:1b:52:e3:2a:
                    ed:dc:c3:4f:29:a1:db:19:1f:96:4d:bd:48:f3:52:
                    c7:9a:17:9d:3d:b6:c9:8f:ea:64:29:3e:d3:7c:a9:
                    be:18:e4:94:77:cf:6d:89:e5:fe:0b:09:af:68:e6:
                    5c:f3:ee:60:dc:56:22:07:4a:36:36:c6:7b:33:3f:
                    70:00:9f:bc:96:ab:56:4e:7d:2e:d4:16:b9:00:0b:
                    e7:38:8e:db:e4:35:ca:da:02:49:3d:63:cc:79:99:
                    5b:28:c6:16:e3:01:00:77:0c:04:66:84:a7:36:83:
                    b2:bc:e5:2b:b6:e2:38:22:e9:4f:18:50:3b:04:9e:
                    c8:89:2b:ab:a6:09:59:13:a6:8c:53:52:ed:05:8c:
                    bb:0f:0a:44:cb:a7:ef:4f:80:2a:a3:0b:eb:97:15:
                    73:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:13:A9:B2:3F:EC:CF:5D:2E:A8:DD:4A:57:F7:AD:7B:1A:F9:E2:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/624938a7-7c55-4a2c-87ea-1939815006d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         a2:aa:ba:81:87:8f:f6:fc:55:09:3b:bd:1d:76:b0:44:0c:ea:
         2b:72:6c:67:49:5e:0e:4e:d4:94:9e:48:fc:b7:09:77:88:10:
         bd:f7:ae:7e:0a:eb:7d:cc:b1:92:92:81:f9:ca:76:02:a6:97:
         65:47:30:0f:db:2d:5b:fc:8e:9a:48:8a:54:00:af:13:28:26:
         df:86:6a:4a:88:2c:f5:ae:3a:71:10:c3:e4:9c:4f:fd:f5:b4:
         55:03:51:bd:3b:01:63:95:7e:be:be:4e:17:16:00:9a:12:a3:
         3c:31:ec:b1:02:81:18:5f:a9:1e:17:e7:a2:29:dc:71:18:20:
         b3:58:27:93:92:8d:bb:6c:2d:1a:4c:3b:23:70:5c:9a:3e:b2:
         67:32:73:a7:23:db:7b:59:90:d8:fb:f9:9b:31:c1:41:16:44:
         4f:b1:bc:08:14:d4:26:1e:73:10:7f:64:86:65:f0:57:d9:1a:
         ef:bf:9b:fc:f7:1b:63:57:21:d0:1d:e7:1a:dd:f3:14:ac:f5:
         cd:e4:d4:45:dc:68:4d:c0:49:fb:68:d7:72:91:59:99:ab:f6:
         3c:8a:cb:66:fd:9c:de:77:48:b4:89:88:d4:14:65:e1:62:54:
         d1:98:c9:31:e8:91:4b:bc:c1:c8:1e:65:4a:aa:4c:5a:0d:8b:
         9c:23:a6:4b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTs0JpuMAmkIod7dqzeZyUQoBYMcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYyMTI0WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmE1ZGEzNzI4MDY4YTJhY2NhOTg0MDgxNWJmNWE1Njcz
Zjk0MWI5OTAxMmJjYmMxMjk0NDM5NmJkNWJmYmQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHo8MJCG++yJyjYh7WtY4TfrWaxjaknOizkzTtiaRHSSh1
AvDKr2dUtittUtvwRR6BX4eEFuKHrqiAYGlr4edGMsTLh2k+nkIH5+2TeO6xsHXe
ejXlKXOooWeJeKCtP/lrvyy5G1LjKu3cw08podsZH5ZNvUjzUseaF509tsmP6mQp
PtN8qb4Y5JR3z22J5f4LCa9o5lzz7mDcViIHSjY2xnszP3AAn7yWq1ZOfS7UFrkA
C+c4jtvkNcraAkk9Y8x5mVsoxhbjAQB3DARmhKc2g7K85Su24jgi6U8YUDsEnsiJ
K6umCVkTpoxTUu0FjLsPCkTLp+9PgCqjC+uXFXOtAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUpROpsj/sz10uqN1KV/etexr54hAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyNDkzOGE3LTdjNTUtNGEyYy04N2VhLTE5Mzk4MTUwMDZkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/xgDANBgkqhkiG9w0BAQsFAAOCAQEAoqq6gYeP9vxVCTu9HXawRAzq
K3JsZ0leDk7UlJ5I/LcJd4gQvfeufgrrfcyxkpKB+cp2AqaXZUcwD9stW/yOmkiK
VACvEygm34ZqSogs9a46cRDD5JxP/fW0VQNRvTsBY5V+vr5OFxYAmhKjPDHssQKB
GF+pHhfnoinccRggs1gnk5KNu2wtGkw7I3Bcmj6yZzJzpyPbe1mQ2Pv5mzHBQRZE
T7G8CBTUJh5zEH9khmXwV9ka77+b/PcbY1ch0B3nGt3zFKz1zeTURdxoTcBJ+2jX
cpFZmav2PIrLZv2c3ndItImI1BRl4WJU0ZjJMeiRS7zByB5lSqpMWg2LnCOmSw==
-----END CERTIFICATE-----