Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba0d353d-c483-4a75-8b4d-9310ac524acd.roa
File:                     ba0d353d-c483-4a75-8b4d-9310ac524acd.roa (raw, json)
Hash identifier:          cWVobS7Ux2jIbDSGGqoHF2qBlyE+3iaxI19GRagGBRM=
Subject key identifier:   72:7F:EA:1E:CA:AC:EA:99:66:36:DA:AB:FE:7F:72:54:53:AC:10:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D948F45E97522B8F537EEF4907079BA0A74B4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba0d353d-c483-4a75-8b4d-9310ac524acd.roa
Signing time:             Fri 16 May 2025 16:41:21 +0000
ROA not before:           Fri 16 May 2025 16:41:21 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:2040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:94:8f:45:e9:75:22:b8:f5:37:ee:f4:90:70:79:ba:0a:74:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 16 16:41:21 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=2fee09b010fc334758da61f06f86c7abfd6249c651b0e7f5d6c20bec6ceb3925, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5c:72:c8:91:35:f4:f3:e7:56:38:54:7f:c8:
                    32:19:bf:32:6c:42:0c:e3:4c:54:f7:a0:3b:26:61:
                    d0:0f:0c:8e:93:fa:d6:99:9b:03:0f:dd:5f:5b:3f:
                    be:49:c7:96:be:7e:ed:7b:85:93:31:75:aa:f1:e7:
                    13:54:f5:6d:b3:c9:f0:d3:11:b9:b3:61:8b:be:ad:
                    68:01:5a:b4:18:22:56:b5:8a:72:bb:83:2e:cc:4d:
                    69:c8:99:1a:0c:61:cc:49:07:dc:5e:a4:61:c5:37:
                    71:96:eb:f3:cd:6a:21:25:5d:c7:44:9d:8e:81:dc:
                    f7:3a:be:c3:b8:40:4b:a9:af:7b:73:d3:ef:80:f9:
                    2f:5d:a8:79:6f:70:00:57:cb:4f:5c:4f:92:6e:5a:
                    7d:39:4b:2b:0c:81:1d:d7:af:d2:c9:93:23:83:f6:
                    0a:51:a2:ae:80:8a:34:14:b4:60:8f:4b:77:8f:f3:
                    e1:f7:57:ca:0c:1c:2c:63:c6:23:95:9d:1d:0c:d3:
                    b9:61:91:ff:47:18:2e:38:8b:65:af:24:df:45:d6:
                    ad:88:41:42:16:4f:7c:ea:7a:32:77:c6:e7:63:a1:
                    dc:f9:4f:01:28:2b:e8:94:86:1a:28:70:93:fe:45:
                    70:5d:36:c4:9a:55:16:64:5c:a2:e1:60:7c:fc:bd:
                    2a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:7F:EA:1E:CA:AC:EA:99:66:36:DA:AB:FE:7F:72:54:53:AC:10:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba0d353d-c483-4a75-8b4d-9310ac524acd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:69:71:ab:f9:ca:a2:8b:f6:f5:fe:87:74:da:1b:c3:31:cd:
         1c:38:c5:3a:8d:1b:2d:ec:15:82:f6:ae:3a:fa:e0:29:80:13:
         a0:09:04:01:52:d8:ab:f4:0b:16:e0:27:0a:77:de:4e:95:a3:
         ec:bf:ec:a6:f2:d0:2f:68:c9:25:29:0b:e0:8c:ac:fa:74:14:
         82:01:16:48:aa:f2:c4:66:8f:77:19:91:16:d9:5b:47:db:bc:
         5b:1d:a8:1e:7f:f8:22:96:a0:f4:ec:98:e3:92:19:6d:e5:b1:
         61:f3:bb:d4:5c:ad:5f:20:36:c5:ff:4c:96:77:e0:95:39:7a:
         1b:b7:da:e7:f5:d8:7e:72:24:b6:af:01:1b:86:ae:5b:c0:e8:
         e4:6d:29:89:ff:25:17:2b:87:94:a1:8a:f5:0e:49:cb:58:77:
         bf:9d:cb:78:b6:5d:76:ee:1d:d3:2a:63:0b:c5:c9:50:d3:9e:
         3e:3d:97:25:a3:de:87:cf:3e:69:95:51:5c:1f:54:5e:4e:e8:
         56:e8:f2:3d:b4:7c:5b:4b:5b:4f:92:72:f4:bb:8c:fc:0d:0f:
         c7:19:3b:2f:11:e1:57:04:d3:64:be:3f:2e:d3:a0:e8:c9:f7:
         f3:f7:8d:bd:7f:cd:ae:db:60:9e:74:a9:f1:41:32:7b:f6:92:
         3d:05:62:76
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgITbZSPRel1Irj1N+70kHB5ugp0tDANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTA1MTYxNjQxMjFaFw0yNTA2MjAyMzU5NTla
MHoxSTBHBgNVBAUTQDJmZWUwOWIwMTBmYzMzNDc1OGRhNjFmMDZmODZjN2FiZmQ2
MjQ5YzY1MWIwZTdmNWQ2YzIwYmVjNmNlYjM5MjUxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZccsiRNfTz51Y4VH/IMhm/MmxCDONMVPegOyZh0A8MjpP6
1pmbAw/dX1s/vknHlr5+7XuFkzF1qvHnE1T1bbPJ8NMRubNhi76taAFatBgiVrWK
cruDLsxNaciZGgxhzEkH3F6kYcU3cZbr881qISVdx0SdjoHc9zq+w7hAS6mve3PT
74D5L12oeW9wAFfLT1xPkm5afTlLKwyBHdev0smTI4P2ClGiroCKNBS0YI9Ld4/z
4fdXygwcLGPGI5WdHQzTuWGR/0cYLjiLZa8k30XWrYhBQhZPfOp6MnfG52Oh3PlP
ASgr6JSGGihwk/5FcF02xJpVFmRcouFgfPy9Kl0CAwEAAaOCArQwggKwMB0GA1Ud
DgQWBBRyf+oeyqzqmWY22qv+f3JUU6wQQTAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvYmEwZDM1M2QtYzQ4My00YTc1LThiNGQtOTMxMGFjNTI0YWNkLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACYAH2EgQDANBgkqhkiG9w0BAQsFAAOCAQEALWlxq/nKoov29f6HdNobwzHN
HDjFOo0bLewVgvauOvrgKYAToAkEAVLYq/QLFuAnCnfeTpWj7L/spvLQL2jJJSkL
4Iys+nQUggEWSKryxGaPdxmRFtlbR9u8Wx2oHn/4Ipag9OyY45IZbeWxYfO71Fyt
XyA2xf9MlnfglTl6G7fa5/XYfnIktq8BG4auW8Do5G0pif8lFyuHlKGK9Q5Jy1h3
v53LeLZddu4d0ypjC8XJUNOePj2XJaPeh88+aZVRXB9UXk7oVujyPbR8W0tbT5Jy
9LuM/A0Pxxk7LxHhVwTTZL4/LtOg6Mn38/eNvX/NrttgnnSp8UEye/aSPQVidg==
-----END CERTIFICATE-----