Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b5c9a22-1899-402f-bd9a-ace762a1037b.roa
File:                     9b5c9a22-1899-402f-bd9a-ace762a1037b.roa (raw, json)
Hash identifier:          2yOwg/lyBwjD7BKYSqN+qPThPEnF6avwjSRy+RAH9OU=
Subject key identifier:   43:8A:D5:25:67:F2:B1:07:65:BD:18:48:E2:31:AE:31:CA:F3:43:F9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       12417DD92FAD5B07F4FEA7D131ED8BB85CC4F487
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b5c9a22-1899-402f-bd9a-ace762a1037b.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff8:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:41:7d:d9:2f:ad:5b:07:f4:fe:a7:d1:31:ed:8b:b8:5c:c4:f4:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ea:fe:0b:20:42:0d:bd:be:a1:1a:1b:59:d0:
                    3f:73:37:a5:48:50:d4:f2:e5:60:36:a8:dc:9d:a8:
                    6d:49:bd:9e:08:f0:e3:09:1a:6d:5d:74:44:18:e5:
                    62:f8:a8:73:05:bb:ba:65:0f:c6:f9:62:28:e8:b6:
                    67:51:51:1b:35:d3:3b:58:76:92:a7:d0:9c:c0:01:
                    9a:a4:a6:2d:d7:c3:f5:22:30:f2:1f:a2:37:40:c0:
                    03:11:0a:37:18:cb:95:70:66:23:3a:7c:76:65:84:
                    10:f7:a9:42:d7:a6:3e:bf:ca:cb:3d:bd:65:d7:2e:
                    58:ee:f5:5e:6d:4d:d5:01:7a:27:66:12:55:6f:98:
                    97:44:3b:fe:a0:45:11:4a:6c:c3:bc:6a:b1:23:45:
                    a1:75:40:72:36:db:df:7b:08:32:dc:f6:1b:dd:93:
                    84:8f:18:3a:0c:49:eb:d6:99:26:f0:af:43:9b:38:
                    2f:a2:96:cb:4f:29:5d:a7:0f:3e:b6:49:90:3a:e5:
                    f0:7e:0a:c2:61:4a:94:ed:30:70:1a:a9:0b:c9:7e:
                    51:d2:56:2c:d9:ed:97:bc:56:83:b2:44:e7:cb:b4:
                    db:9f:9b:e4:ac:37:1a:2d:13:fa:e3:dc:16:51:15:
                    2e:d3:3a:3d:15:0f:2b:e3:f1:66:9d:39:7f:bb:43:
                    10:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8A:D5:25:67:F2:B1:07:65:BD:18:48:E2:31:AE:31:CA:F3:43:F9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b5c9a22-1899-402f-bd9a-ace762a1037b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff8:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         13:88:ef:71:93:f2:8c:cf:09:51:6f:c4:22:1b:9a:a0:d3:04:
         47:cf:d3:0b:70:89:89:1d:f9:90:75:2b:b9:64:a9:b0:f6:92:
         ac:cc:4b:4a:bb:ce:5f:b1:91:6b:f3:02:00:20:bd:8e:6b:f6:
         df:ba:43:8b:7b:f4:b1:6d:82:7b:28:bb:c4:66:49:9e:c1:91:
         33:29:ac:ed:42:59:ba:84:e9:b3:94:10:ec:8a:be:e3:c6:2e:
         ea:ca:24:7b:a6:2d:47:1c:8c:4a:49:71:9e:7c:17:bd:f9:74:
         7f:e2:cd:16:9d:cd:f9:73:7d:ae:10:a4:d1:71:35:bf:ed:3f:
         e1:c6:73:ce:eb:53:fd:2b:5f:ab:10:41:c9:69:9b:a5:3c:8a:
         ee:fc:a3:a8:c2:1c:c0:54:4f:a1:9b:f0:b3:a8:8d:a1:e9:06:
         86:24:38:05:fc:57:42:cc:a1:cc:10:83:1e:eb:b8:02:2d:62:
         13:a3:4b:9b:39:9e:b4:9f:a5:b4:6f:75:04:3a:0e:36:bb:79:
         79:bc:58:93:fb:97:6b:35:32:05:06:fd:0d:13:7a:d8:bb:8a:
         43:cf:b5:88:d2:46:ff:77:00:f9:08:3b:0a:76:61:de:d5:ca:
         a6:25:ff:9a:91:65:da:ff:8d:db:bc:6d:81:1f:b1:2d:0d:f9:
         2a:c0:93:78
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUEkF92S+tWwf0/qfRMe2LuFzE9IcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWQzZDkxMzkwYWUyNzk4OTEwNThmZDk2YWQ3YTgxNjBl
MWFlYTU0MmQyZmFhYWIxMzAwZTEwZmIwMzJkZWU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDY6v4LIEINvb6hGhtZ0D9zN6VIUNTy5WA2qNydqG1JvZ4I
8OMJGm1ddEQY5WL4qHMFu7plD8b5YijotmdRURs10ztYdpKn0JzAAZqkpi3Xw/Ui
MPIfojdAwAMRCjcYy5VwZiM6fHZlhBD3qULXpj6/yss9vWXXLlju9V5tTdUBeidm
ElVvmJdEO/6gRRFKbMO8arEjRaF1QHI22997CDLc9hvdk4SPGDoMSevWmSbwr0Ob
OC+ilstPKV2nDz62SZA65fB+CsJhSpTtMHAaqQvJflHSVizZ7Ze8VoOyROfLtNuf
m+SsNxotE/rj3BZRFS7TOj0VDyvj8WadOX+7QxAnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUQ4rVJWfysQdlvRhI4jGuMcrzQ/kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliNWM5YTIyLTE4OTktNDAyZi1iZDlhLWFjZTc2MmExMDM3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/4YDANBgkqhkiG9w0BAQsFAAOCAQEAE4jvcZPyjM8JUW/EIhuaoNME
R8/TC3CJiR35kHUruWSpsPaSrMxLSrvOX7GRa/MCACC9jmv237pDi3v0sW2Ceyi7
xGZJnsGRMyms7UJZuoTps5QQ7Iq+48Yu6soke6YtRxyMSklxnnwXvfl0f+LNFp3N
+XN9rhCk0XE1v+0/4cZzzutT/StfqxBByWmbpTyK7vyjqMIcwFRPoZvws6iNoekG
hiQ4BfxXQsyhzBCDHuu4Ai1iE6NLmzmetJ+ltG91BDoONrt5ebxYk/uXazUyBQb9
DRN62LuKQ8+1iNJG/3cA+Qg7CnZh3tXKpiX/mpFl2v+N27xtgR+xLQ35KsCTeA==
-----END CERTIFICATE-----