Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7eb42415-da3f-4b69-b6a9-96f13453a708.roa
File:                     7eb42415-da3f-4b69-b6a9-96f13453a708.roa (raw, json)
Hash identifier:          OLV2I2UWyr/GGeNGctaevKWvl8nmsrlLK++ndHriKuU=
Subject key identifier:   FC:4E:84:36:FF:B8:32:FE:D6:F0:90:7C:97:08:21:6A:64:06:E2:08
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F8B6C7D66D89C1B504A837EA996195C0D7E3AC4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7eb42415-da3f-4b69-b6a9-96f13453a708.roa
Signing time:             Mon 19 May 2025 18:32:07 +0000
ROA not before:           Mon 19 May 2025 18:32:07 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f24:c000::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:8b:6c:7d:66:d8:9c:1b:50:4a:83:7e:a9:96:19:5c:0d:7e:3a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 18:32:07 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=01f101e66fe91f6ae8506eafb9270dd7a6cc4f5944f1b930465c10ce7ccddc54, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:64:c3:4a:d6:60:77:cb:f7:94:1b:3e:aa:96:
                    02:98:4a:6d:db:00:f1:0e:cf:17:b7:2b:00:df:03:
                    c1:d4:3d:d9:8a:c8:58:87:d6:94:8e:50:1c:6e:57:
                    c4:7f:3d:59:d7:ca:33:bc:b8:b6:c6:ea:c3:db:5f:
                    38:c4:22:05:50:2c:db:26:81:7f:95:e3:7c:a2:06:
                    c1:d7:c7:eb:02:85:35:b9:e5:3a:ee:0e:c3:db:bb:
                    89:2b:9b:8f:51:cd:79:7b:51:7a:a7:d1:44:67:7e:
                    49:0e:b6:ed:98:3b:e0:fc:fc:60:46:8f:b4:45:81:
                    e3:d4:e3:4e:9b:b2:69:6c:cc:17:72:cf:e0:9b:79:
                    04:1c:47:c1:eb:cd:7f:13:9c:88:ca:11:08:a7:ee:
                    f3:65:dd:36:3f:f3:36:91:3e:00:fb:52:44:47:47:
                    00:1f:4a:8a:87:02:9c:46:b6:e4:0d:91:08:05:27:
                    99:73:90:0a:7b:3c:26:76:c5:ff:ea:40:f6:32:a5:
                    db:19:e5:f9:10:ed:4f:dd:7e:7e:4f:ad:3c:d6:66:
                    73:28:b8:0f:ec:f6:e9:16:02:5a:a0:e5:30:12:30:
                    b3:01:c5:c0:0f:86:c7:70:50:f0:b7:50:c1:b5:dd:
                    43:86:d0:0d:2a:50:40:1f:f9:e1:c1:9f:0d:29:ca:
                    11:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:4E:84:36:FF:B8:32:FE:D6:F0:90:7C:97:08:21:6A:64:06:E2:08
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7eb42415-da3f-4b69-b6a9-96f13453a708.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f24:c000::/37

    Signature Algorithm: sha256WithRSAEncryption
         2a:d4:d4:2e:86:b5:fb:df:c0:92:3a:78:a9:a2:cf:b4:10:3b:
         b5:96:7e:ae:38:77:a0:72:1b:a3:1b:1f:ac:b9:bc:27:27:58:
         f0:47:29:f5:77:5a:8a:57:00:4d:3c:a5:db:fe:b0:0f:d1:50:
         ac:e8:29:6a:17:f7:14:fa:f0:13:2b:00:0d:33:6b:d4:d7:0e:
         41:81:d2:32:51:52:2c:d1:96:5f:7a:da:de:5b:af:a5:31:fa:
         2d:56:69:8f:53:db:f4:13:b6:61:8c:d6:b7:25:85:57:49:66:
         84:77:f8:fa:11:24:6b:fb:7e:85:b4:2c:6a:51:a6:02:a3:d0:
         84:49:02:ff:c8:db:2e:b2:4f:17:9e:ca:89:6e:fa:fc:6e:81:
         1b:61:91:41:18:8d:a5:e9:04:67:46:0d:11:ce:c3:fd:08:d6:
         d0:b6:2d:9a:2d:70:21:da:b5:55:2a:24:e2:2d:fe:b3:a9:7b:
         50:9f:bb:ec:21:4b:51:43:01:91:65:65:08:6a:4b:28:b3:33:
         17:66:df:23:34:06:5d:63:18:a3:d7:45:af:a1:a9:47:c3:df:
         ce:41:06:69:34:c9:5b:ed:c7:b6:11:2a:61:6b:71:46:95:11:
         9c:7e:27:05:40:70:0c:f1:d5:d6:1f:4e:28:c2:19:1b:b2:fc:
         5a:4b:ae:a7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUf4tsfWbYnBtQSoN+qZYZXA1+OsQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTgzMjA3WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWYxMDFlNjZmZTkxZjZhZTg1MDZlYWZiOTI3MGRkN2E2
Y2M0ZjU5NDRmMWI5MzA0NjVjMTBjZTdjY2RkYzU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqZMNK1mB3y/eUGz6qlgKYSm3bAPEOzxe3KwDfA8HUPdmK
yFiH1pSOUBxuV8R/PVnXyjO8uLbG6sPbXzjEIgVQLNsmgX+V43yiBsHXx+sChTW5
5TruDsPbu4krm49RzXl7UXqn0URnfkkOtu2YO+D8/GBGj7RFgePU406bsmlszBdy
z+CbeQQcR8HrzX8TnIjKEQin7vNl3TY/8zaRPgD7UkRHRwAfSoqHApxGtuQNkQgF
J5lzkAp7PCZ2xf/qQPYypdsZ5fkQ7U/dfn5PrTzWZnMouA/s9ukWAlqg5TASMLMB
xcAPhsdwUPC3UMG13UOG0A0qUEAf+eHBnw0pyhEHAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU/E6ENv+4Mv7W8JB8lwghamQG4ggwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdlYjQyNDE1LWRhM2YtNGI2OS1iNmE5LTk2ZjEzNDUzYTcwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8kwDANBgkqhkiG9w0BAQsFAAOCAQEAKtTULoa1+9/Akjp4qaLPtBA7
tZZ+rjh3oHIboxsfrLm8JydY8Ecp9XdailcATTyl2/6wD9FQrOgpahf3FPrwEysA
DTNr1NcOQYHSMlFSLNGWX3ra3luvpTH6LVZpj1Pb9BO2YYzWtyWFV0lmhHf4+hEk
a/t+hbQsalGmAqPQhEkC/8jbLrJPF57KiW76/G6BG2GRQRiNpekEZ0YNEc7D/QjW
0LYtmi1wIdq1VSok4i3+s6l7UJ+77CFLUUMBkWVlCGpLKLMzF2bfIzQGXWMYo9dF
r6GpR8PfzkEGaTTJW+3HthEqYWtxRpURnH4nBUBwDPHV1h9OKMIZG7L8Wkuupw==
-----END CERTIFICATE-----