Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3784a13-962b-4401-a647-8c2b62b7dadb.roa
File:                     b3784a13-962b-4401-a647-8c2b62b7dadb.roa (raw, json)
Hash identifier:          9bWQYUhfZc3ML9XWWy/pxaNDxO+4fxOhXCc3AHLZsMU=
Subject key identifier:   D3:B8:7C:39:10:32:3D:28:4B:86:3D:F0:06:53:A8:74:81:50:A4:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       190A0B9B20C99CE148D7E5B16289212AF775DC2C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3784a13-962b-4401-a647-8c2b62b7dadb.roa
Signing time:             Mon 19 May 2025 15:10:23 +0000
ROA not before:           Mon 19 May 2025 15:10:23 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ffb:2080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:0a:0b:9b:20:c9:9c:e1:48:d7:e5:b1:62:89:21:2a:f7:75:dc:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 15:10:23 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=693a3a713998036332334b300bbdfd9bdaa1676f6e27bc0ebf437843c3fa5eb6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:52:d3:63:1d:8a:96:94:1a:3f:2e:82:3b:0c:
                    19:b7:6b:33:d6:b9:04:f6:6c:c9:2e:5c:65:40:d6:
                    3f:86:c8:5f:cd:fd:7d:0f:aa:55:27:8a:dc:6a:54:
                    c4:ee:c2:47:b9:10:c4:00:de:32:75:20:d0:18:16:
                    aa:48:67:8d:10:3d:cc:b2:65:86:cb:04:71:10:b9:
                    ed:e2:5f:df:26:a1:f3:2d:e0:fa:26:e4:38:9e:c1:
                    4d:63:17:4f:17:53:cd:53:3f:26:7b:42:d2:e1:59:
                    93:75:b7:60:37:15:42:a5:1e:46:c8:27:fa:bf:73:
                    95:2e:4b:20:7f:5a:c1:bf:c1:38:68:d7:a1:84:b2:
                    eb:ed:6c:03:d1:31:ab:20:c0:08:3f:1a:f6:51:24:
                    6f:3b:4e:f1:49:82:18:26:d3:83:14:32:50:bd:15:
                    4c:83:2a:37:e5:95:b7:e3:1d:12:61:0a:53:56:0d:
                    6d:dd:a9:56:0e:4a:6a:6a:ce:77:98:9f:32:d9:f1:
                    f7:f5:7f:bc:3a:e2:38:15:c5:81:a8:c9:48:f9:3e:
                    49:c7:c0:49:97:d2:c6:8b:88:0f:b6:d9:55:a0:86:
                    ca:d8:8a:f4:e5:b7:a7:71:db:04:ed:34:d8:8e:50:
                    6a:50:18:09:14:b3:22:8e:f9:ec:5c:99:11:f2:b5:
                    1c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B8:7C:39:10:32:3D:28:4B:86:3D:F0:06:53:A8:74:81:50:A4:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3784a13-962b-4401-a647-8c2b62b7dadb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:2080::/46

    Signature Algorithm: sha256WithRSAEncryption
         14:e7:b7:e2:9b:13:f0:a5:36:f5:91:8a:94:6c:e5:9d:f3:ae:
         a8:0a:b2:ff:9b:19:a3:42:ae:dc:2d:80:e6:dd:8f:32:d4:12:
         48:fe:4b:a9:d1:0a:9a:6e:6d:b1:1c:13:8b:4e:e2:b7:4b:f2:
         20:41:8b:c3:ec:01:e2:2e:8b:5e:6f:84:18:b4:10:20:0d:c9:
         42:54:f2:64:4c:51:33:44:7c:ec:20:40:d7:33:43:f6:45:ac:
         0c:64:70:91:ac:82:bb:52:9f:80:3e:d0:f6:9a:a4:5b:f6:b5:
         74:2c:30:22:1c:97:be:d9:a4:33:25:28:57:16:c5:33:8f:ad:
         d8:b4:9f:0a:33:e5:c6:a5:8d:66:6a:4e:70:f9:45:a9:d0:03:
         9b:6c:a4:cd:f6:6b:a7:8b:31:d4:06:34:fe:db:93:64:03:0d:
         97:2e:7e:b4:c3:37:59:a3:ee:99:79:0b:bf:d2:18:c6:7c:06:
         4a:e0:a7:8c:40:92:36:a4:e2:6b:d7:0d:da:8e:79:ce:16:42:
         c0:b3:32:05:ae:42:8f:b6:13:48:2f:d8:23:23:bc:03:7d:b8:
         e6:c8:33:f3:9d:a6:0c:6f:d5:b7:37:6e:79:6f:cd:8b:ab:12:
         a1:4b:01:9b:aa:a0:9d:4a:76:e1:af:a4:f4:d8:86:8b:f5:a2:
         90:21:6a:d0
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUGQoLmyDJnOFI1+WxYokhKvd13CwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTUxMDIzWhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTNhM2E3MTM5OTgwMzYzMzIzMzRiMzAwYmJkZmQ5YmRh
YTE2NzZmNmUyN2JjMGViZjQzNzg0M2MzZmE1ZWI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqUtNjHYqWlBo/LoI7DBm3azPWuQT2bMkuXGVA1j+GyF/N
/X0PqlUnitxqVMTuwke5EMQA3jJ1INAYFqpIZ40QPcyyZYbLBHEQue3iX98mofMt
4Pom5DiewU1jF08XU81TPyZ7QtLhWZN1t2A3FUKlHkbIJ/q/c5UuSyB/WsG/wTho
16GEsuvtbAPRMasgwAg/GvZRJG87TvFJghgm04MUMlC9FUyDKjfllbfjHRJhClNW
DW3dqVYOSmpqzneYnzLZ8ff1f7w64jgVxYGoyUj5PknHwEmX0saLiA+22VWghsrY
ivTlt6dx2wTtNNiOUGpQGAkUsyKO+excmRHytRxfAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU07h8ORAyPShLhj3wBlOodIFQpKQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzNzg0YTEzLTk2MmItNDQwMS1hNjQ3LThjMmI2MmI3ZGFkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/7IIAwDQYJKoZIhvcNAQELBQADggEBABTnt+KbE/ClNvWRipRs5Z3z
rqgKsv+bGaNCrtwtgObdjzLUEkj+S6nRCppubbEcE4tO4rdL8iBBi8PsAeIui15v
hBi0ECANyUJU8mRMUTNEfOwgQNczQ/ZFrAxkcJGsgrtSn4A+0PaapFv2tXQsMCIc
l77ZpDMlKFcWxTOPrdi0nwoz5caljWZqTnD5RanQA5tspM32a6eLMdQGNP7bk2QD
DZcufrTDN1mj7pl5C7/SGMZ8Bkrgp4xAkjak4mvXDdqOec4WQsCzMgWuQo+2E0gv
2CMjvAN9uObIM/Odpgxv1bc3bnlvzYurEqFLAZuqoJ1KduGvpPTYhov1opAhatA=
-----END CERTIFICATE-----