Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a34758e6-cd19-4c81-ab46-f786f49483b3.roa
File:                     a34758e6-cd19-4c81-ab46-f786f49483b3.roa (raw, json)
Hash identifier:          bQT36/I1Vp3cVQWDhcDy4Pq/EUGN+57yw4hNQ8to+gc=
Subject key identifier:   47:68:7D:69:B3:84:70:92:F9:CD:E1:A9:8E:D7:BA:78:DD:AA:BC:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3AD1107FC4030665B80F7D4DB9C9261E88C6E503
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a34758e6-cd19-4c81-ab46-f786f49483b3.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ff7:20c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Feb 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:d1:10:7f:c4:03:06:65:b8:0f:7d:4d:b9:c9:26:1e:88:c6:e5:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:77:b3:ac:a2:c7:d3:25:94:9e:d1:46:c1:7c:
                    5e:65:fa:1a:e9:a6:52:cd:f1:31:ed:91:44:ef:a7:
                    d3:0e:c5:07:93:6c:b7:09:8d:5e:96:49:10:f4:ac:
                    2a:93:29:6a:d9:f7:d1:6d:10:3b:a1:4e:1d:ca:49:
                    aa:14:25:f9:63:13:5e:98:8f:89:74:34:50:e9:cd:
                    83:cf:48:6c:34:fd:32:6e:10:6b:47:f0:2f:e1:d5:
                    51:bf:5e:b2:22:72:fc:4f:1b:fa:ce:73:2f:97:14:
                    d4:3d:bd:cb:69:96:d5:90:3d:c9:c2:02:c2:d6:95:
                    8b:86:05:f8:39:28:3c:41:31:4d:1b:bd:cf:3d:8c:
                    ac:61:a1:e4:ce:62:19:1b:a2:e8:c3:a5:41:33:16:
                    73:60:88:57:84:60:49:69:42:0d:8b:5a:eb:f8:a2:
                    8a:0d:46:17:2c:30:c2:45:04:04:bf:81:06:4c:63:
                    6b:f2:24:6d:92:9b:30:ff:fe:2a:b9:f9:f9:43:51:
                    ea:d8:34:f1:98:ff:e0:7f:5a:95:18:e9:2e:bc:20:
                    2c:2b:f5:a3:e0:19:13:f5:40:5c:8e:63:89:87:3d:
                    8c:f0:a7:71:db:b2:01:8a:91:a3:a9:49:1b:be:e0:
                    93:7b:b3:d1:27:94:35:b6:69:92:cb:6a:5f:8e:6c:
                    a4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:68:7D:69:B3:84:70:92:F9:CD:E1:A9:8E:D7:BA:78:DD:AA:BC:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a34758e6-cd19-4c81-ab46-f786f49483b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:20c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         cf:1b:28:c4:d7:da:09:49:1c:03:f4:82:88:25:2d:21:a0:35:
         0a:9d:b6:bd:7d:17:23:80:9d:65:51:17:4a:e8:2e:de:72:96:
         3d:e9:1f:90:02:27:39:73:49:b2:d9:97:17:b1:8c:e6:09:52:
         51:aa:d5:4e:2a:c3:cf:3c:db:23:93:73:1c:94:f6:fb:21:1e:
         62:40:e2:c7:9d:9f:6c:fc:ae:30:01:ad:4d:9c:96:4d:34:c9:
         cd:4b:ff:b7:20:dc:cf:8e:e6:0f:29:cd:47:f1:b0:bb:7e:e9:
         4d:67:ec:4f:08:f6:d0:b3:30:72:ff:0d:8d:28:70:79:41:51:
         f0:1c:dd:7f:71:8f:4d:09:ec:3c:b5:62:93:1c:82:3b:2d:47:
         a6:86:dd:6c:8e:e6:06:6d:b8:13:00:83:93:22:b6:09:24:33:
         0d:cb:fd:bd:c3:19:c9:d7:75:aa:f0:28:92:0a:6b:2a:c5:27:
         79:95:ea:c8:4b:e4:ae:9c:ee:2d:be:47:4a:8b:29:f6:f5:13:
         c2:c5:3e:c2:f1:ff:98:cd:39:9e:b0:59:de:35:d4:73:4c:84:
         7a:ab:01:77:9b:a0:6a:c7:63:85:0b:c1:dd:5a:72:39:4b:0a:
         6f:c2:3f:50:95:a5:5e:69:09:dd:b8:57:97:71:22:10:08:d7:
         8c:e3:17:97
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUOtEQf8QDBmW4D31NuckmHojG5QMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNGNhMDZiZjliODAwMDYxODljM2Q3MzVlZjJhNTJmNjk4
NWE5ZWI5NzFmZGRhODU5OGRlZTAwYjAzM2MyMWJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVd7OsosfTJZSe0UbBfF5l+hrpplLN8THtkUTvp9MOxQeT
bLcJjV6WSRD0rCqTKWrZ99FtEDuhTh3KSaoUJfljE16Yj4l0NFDpzYPPSGw0/TJu
EGtH8C/h1VG/XrIicvxPG/rOcy+XFNQ9vctpltWQPcnCAsLWlYuGBfg5KDxBMU0b
vc89jKxhoeTOYhkboujDpUEzFnNgiFeEYElpQg2LWuv4oooNRhcsMMJFBAS/gQZM
Y2vyJG2SmzD//iq5+flDUerYNPGY/+B/WpUY6S68ICwr9aPgGRP1QFyOY4mHPYzw
p3HbsgGKkaOpSRu+4JN7s9EnlDW2aZLLal+ObKTFAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUR2h9abOEcJL5zeGpjte6eN2qvDYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzNDc1OGU2LWNkMTktNGM4MS1hYjQ2LWY3ODZmNDk0ODNiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/3IMAwDQYJKoZIhvcNAQELBQADggEBAM8bKMTX2glJHAP0goglLSGg
NQqdtr19FyOAnWVRF0roLt5ylj3pH5ACJzlzSbLZlxexjOYJUlGq1U4qw8882yOT
cxyU9vshHmJA4sedn2z8rjABrU2clk00yc1L/7cg3M+O5g8pzUfxsLt+6U1n7E8I
9tCzMHL/DY0ocHlBUfAc3X9xj00J7Dy1YpMcgjstR6aG3WyO5gZtuBMAg5Mitgkk
Mw3L/b3DGcnXdarwKJIKayrFJ3mV6shL5K6c7i2+R0qLKfb1E8LFPsLx/5jNOZ6w
Wd411HNMhHqrAXeboGrHY4ULwd1acjlLCm/CP1CVpV5pCd24V5dxIhAI14zjF5c=
-----END CERTIFICATE-----