Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8df2c2c-dc4e-4de0-921f-473e414af165.roa
File:                     b8df2c2c-dc4e-4de0-921f-473e414af165.roa (raw, json)
Hash identifier:          7XwEIoE1f4L2xZWB00bR02HJcKmLLm8vY8iNURsxtgA=
Subject key identifier:   24:EA:00:34:A9:C5:53:9D:5D:51:83:07:D8:B1:31:FD:6D:EF:6B:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3D3E6CF122381596520391A3451E8D7AFA52C6EC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8df2c2c-dc4e-4de0-921f-473e414af165.roa
Signing time:             Tue 26 Aug 2025 16:11:39 +0000
ROA not before:           Tue 26 Aug 2025 16:11:39 +0000
ROA not after:            Tue 30 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:40c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 07 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:3e:6c:f1:22:38:15:96:52:03:91:a3:45:1e:8d:7a:fa:52:c6:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 26 16:11:39 2025 GMT
            Not After : Sep 30 23:59:59 2025 GMT
        Subject: serialNumber=f74aa6cf0654b783f2010133fdc9686f47559bc73556b9ab22b6923fd1fa89cf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b7:da:b2:d3:26:38:9a:a9:9e:2a:e8:a0:d8:
                    5f:05:d3:f8:68:45:4f:f5:41:e0:03:8d:cd:93:1c:
                    ae:15:ba:ea:f1:76:b0:fe:20:69:f0:6a:ff:78:4b:
                    f9:29:e9:ee:89:12:3c:3f:66:af:b0:49:c1:ac:55:
                    f8:c6:51:39:64:17:04:7f:41:8e:a2:dc:01:1b:70:
                    68:d6:13:87:98:36:54:61:36:dc:b9:47:b7:ef:e5:
                    ab:4f:fa:e6:53:3d:39:b3:d1:6d:03:d3:c4:9d:28:
                    70:56:09:cc:67:f8:9d:bd:50:4c:a6:ac:10:f5:b4:
                    fe:1e:5b:a9:e0:b9:4e:97:af:25:6f:3f:3f:06:b9:
                    c1:cd:3a:d1:47:cb:99:09:82:58:9d:dc:aa:24:ca:
                    bb:7c:0f:61:65:ba:d5:99:4f:4a:64:65:3e:a5:9d:
                    e9:18:f0:f7:68:e6:0d:3d:81:d2:3a:40:49:05:bf:
                    79:35:de:84:8c:86:f7:e2:6c:19:07:44:5c:94:ae:
                    74:a6:cc:0a:1b:57:62:0b:7b:dc:4d:27:3a:f8:db:
                    53:c6:2f:e6:6b:98:70:82:5b:3f:1f:08:d7:87:ba:
                    92:71:2e:f4:1c:aa:83:32:7a:e2:c0:64:c0:13:e6:
                    d5:0f:1e:2e:21:ad:ef:6e:63:0e:3f:4c:62:63:3f:
                    69:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:EA:00:34:A9:C5:53:9D:5D:51:83:07:D8:B1:31:FD:6D:EF:6B:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8df2c2c-dc4e-4de0-921f-473e414af165.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:40c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:32:78:bc:86:ad:0e:4d:23:26:1d:fc:e9:b4:50:f4:f5:63:
         b8:0b:32:24:6c:9b:b5:72:fb:a2:e9:e0:3b:ab:bc:47:d8:43:
         0f:f8:82:8f:5b:fb:73:c4:78:81:a4:22:56:d2:ea:08:97:46:
         fc:ff:32:50:c8:24:63:fc:9e:92:94:61:73:00:89:fd:b0:ad:
         a1:52:73:a0:9b:f8:4e:ee:00:1b:b2:87:de:9f:61:a6:cd:00:
         9d:2d:15:85:c6:9b:78:d1:4b:f7:88:bf:6e:a3:ec:94:c2:b1:
         3d:a0:be:ae:3c:7f:dc:d8:e1:5b:05:cf:b7:ed:c7:81:16:d1:
         2f:c0:b2:a8:6a:68:a9:0f:2a:03:29:c8:7b:3f:04:67:8b:04:
         6f:8a:4d:8a:2d:84:86:aa:3f:7a:f4:90:d3:8e:76:9c:b7:32:
         49:84:d0:a9:ae:75:7a:d4:ef:ce:6c:fb:da:a6:f9:02:94:85:
         1d:34:38:8e:d7:91:f5:ad:7d:a5:f2:e7:c9:17:5b:d2:85:b7:
         12:77:c7:db:fd:19:54:e8:00:c5:46:60:d3:bf:97:38:1c:7d:
         37:fd:de:75:e7:ab:dc:5b:7e:f2:09:d1:aa:03:bc:73:87:f0:
         d3:69:0f:71:c9:33:69:8e:48:06:f5:dd:02:40:b9:b4:06:41:
         f9:80:90:7d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPT5s8SI4FZZSA5GjRR6NevpSxuwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODI2MTYxMTM5WhcNMjUwOTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzRhYTZjZjA2NTRiNzgzZjIwMTAxMzNmZGM5Njg2ZjQ3
NTU5YmM3MzU1NmI5YWIyMmI2OTIzZmQxZmE4OWNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbt9qy0yY4mqmeKuig2F8F0/hoRU/1QeADjc2THK4Vuurx
drD+IGnwav94S/kp6e6JEjw/Zq+wScGsVfjGUTlkFwR/QY6i3AEbcGjWE4eYNlRh
Nty5R7fv5atP+uZTPTmz0W0D08SdKHBWCcxn+J29UEymrBD1tP4eW6nguU6XryVv
Pz8GucHNOtFHy5kJglid3Kokyrt8D2FlutWZT0pkZT6lnekY8Pdo5g09gdI6QEkF
v3k13oSMhvfibBkHRFyUrnSmzAobV2ILe9xNJzr421PGL+ZrmHCCWz8fCNeHupJx
LvQcqoMyeuLAZMAT5tUPHi4hre9uYw4/TGJjP2m/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJOoANKnFU51dUYMH2LEx/W3va3UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4ZGYyYzJjLWRjNGUtNGRlMC05MjFmLTQ3M2U0MTRhZjE2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AQMAwDQYJKoZIhvcNAQELBQADggEBAB8yeLyGrQ5NIyYd/Om0UPT1
Y7gLMiRsm7Vy+6Lp4DurvEfYQw/4go9b+3PEeIGkIlbS6giXRvz/MlDIJGP8npKU
YXMAif2wraFSc6Cb+E7uABuyh96fYabNAJ0tFYXGm3jRS/eIv26j7JTCsT2gvq48
f9zY4VsFz7ftx4EW0S/AsqhqaKkPKgMpyHs/BGeLBG+KTYothIaqP3r0kNOOdpy3
MkmE0KmudXrU785s+9qm+QKUhR00OI7XkfWtfaXy58kXW9KFtxJ3x9v9GVToAMVG
YNO/lzgcfTf93nXnq9xbfvIJ0aoDvHOH8NNpD3HJM2mOSAb13QJAubQGQfmAkH0=
-----END CERTIFICATE-----