Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf389316-90b4-4557-83e8-b14137f39908.roa
File:                     bf389316-90b4-4557-83e8-b14137f39908.roa (raw, json)
Hash identifier:          99WATsQnZnBHJqm9gZ6vQwIyK7lgY/YOGbEW/aDlz/0=
Subject key identifier:   BC:9A:A7:EE:35:C9:BD:C6:70:9E:D1:B1:9E:9C:ED:9A:16:92:AD:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0FFE43B3E5669063E5162BF740000F0766C15484
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf389316-90b4-4557-83e8-b14137f39908.roa
Signing time:             Mon 19 May 2025 18:30:28 +0000
ROA not before:           Mon 19 May 2025 18:30:28 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f13:8000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 05 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:fe:43:b3:e5:66:90:63:e5:16:2b:f7:40:00:0f:07:66:c1:54:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 18:30:28 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=43985c1fab019d1b7b1f94b380d13f9c2746045bd059487661c2b1c97b34fd5a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:04:e7:e6:ca:14:b5:84:83:cf:e0:39:9a:17:
                    76:1f:77:ab:6e:cc:74:ff:3f:b8:ee:ee:7c:35:ef:
                    18:30:8b:7a:45:58:ca:ba:e0:46:61:93:14:97:53:
                    8b:22:07:22:a5:c3:1e:8a:f0:99:49:10:a9:ac:79:
                    fe:3c:6f:76:0a:f2:77:b8:6d:c0:6b:67:4d:73:83:
                    01:37:d5:68:7b:e0:ff:f2:4d:e1:9f:73:29:33:e7:
                    3d:2e:16:c6:ba:90:c4:d4:ab:82:38:d7:12:83:0c:
                    b7:e9:8e:34:b2:55:c7:6f:a8:1b:f8:2e:12:75:a7:
                    4e:48:cf:54:bf:c0:f9:4b:72:24:9c:72:8b:88:bc:
                    f1:f1:01:fe:fe:49:d5:87:ed:a4:06:ba:64:38:61:
                    3f:61:b9:be:a8:3b:6e:44:1d:30:0e:c4:99:d4:fb:
                    a9:bd:18:f7:11:b8:4d:cd:08:8b:2e:ed:2e:d8:e5:
                    ce:63:4e:d6:0b:76:0e:a8:57:ae:63:58:7f:76:ec:
                    89:f1:92:48:aa:29:a0:1a:92:06:87:20:90:45:05:
                    5e:f4:ac:2a:a9:5d:89:c0:40:b9:b3:6b:4d:80:b7:
                    f6:d3:76:5a:97:b0:3e:05:41:e8:7d:ab:13:1e:46:
                    20:1f:06:09:c8:ac:93:b7:32:80:6c:dc:88:e3:22:
                    8b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9A:A7:EE:35:C9:BD:C6:70:9E:D1:B1:9E:9C:ED:9A:16:92:AD:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf389316-90b4-4557-83e8-b14137f39908.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f13:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         24:e5:9f:0a:7c:69:3c:46:00:30:68:ef:49:86:31:a8:87:fa:
         dc:cc:6c:0e:9d:b8:cf:96:3a:5d:61:3f:0b:c3:00:2f:35:3e:
         dc:52:14:e2:4f:79:80:50:54:d5:19:5a:21:f8:95:93:01:0a:
         f1:34:a1:cc:84:b1:ed:1c:b6:1c:78:4f:23:0a:d0:59:83:95:
         31:fa:ce:91:26:45:ba:c5:04:9f:38:7f:10:a7:c4:62:69:cd:
         37:fb:1d:a9:13:5a:a6:e2:08:7a:0d:c9:e0:d1:5c:94:af:e1:
         03:d5:5b:72:6d:a7:03:84:4d:19:cf:b0:c4:18:84:af:d4:42:
         63:b9:48:3b:a1:43:ee:24:ee:da:15:b3:95:40:32:77:ee:ee:
         2d:cd:44:c2:72:26:3e:67:58:c3:d4:82:e5:41:38:06:16:b9:
         74:a0:c3:d2:01:eb:96:ca:be:48:35:3f:2d:a2:07:5b:9d:73:
         5e:c3:d9:9e:c4:98:8c:9f:48:9a:5a:c8:33:4a:ec:41:d3:f1:
         c3:15:12:4c:1c:f8:3c:40:07:b8:60:c4:04:98:62:11:6e:f3:
         b3:73:ab:75:b6:33:b4:33:b8:1c:f5:bf:f5:3f:28:52:bd:7a:
         79:fd:f5:7f:85:d3:d0:40:f1:12:c3:44:a9:67:6a:10:89:12:
         d6:9c:2a:a4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUD/5Ds+VmkGPlFiv3QAAPB2bBVIQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTgzMDI4WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0Mzk4NWMxZmFiMDE5ZDFiN2IxZjk0YjM4MGQxM2Y5YzI3
NDYwNDViZDA1OTQ4NzY2MWMyYjFjOTdiMzRmZDVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfBOfmyhS1hIPP4DmaF3Yfd6tuzHT/P7ju7nw17xgwi3pF
WMq64EZhkxSXU4siByKlwx6K8JlJEKmsef48b3YK8ne4bcBrZ01zgwE31Wh74P/y
TeGfcykz5z0uFsa6kMTUq4I41xKDDLfpjjSyVcdvqBv4LhJ1p05Iz1S/wPlLciSc
couIvPHxAf7+SdWH7aQGumQ4YT9hub6oO25EHTAOxJnU+6m9GPcRuE3NCIsu7S7Y
5c5jTtYLdg6oV65jWH927InxkkiqKaAakgaHIJBFBV70rCqpXYnAQLmza02At/bT
dlqXsD4FQeh9qxMeRiAfBgnIrJO3MoBs3IjjIouvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUvJqn7jXJvcZwntGxnpztmhaSrVQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmMzg5MzE2LTkwYjQtNDU1Ny04M2U4LWIxNDEzN2YzOTkwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8TgDANBgkqhkiG9w0BAQsFAAOCAQEAJOWfCnxpPEYAMGjvSYYxqIf6
3MxsDp24z5Y6XWE/C8MALzU+3FIU4k95gFBU1RlaIfiVkwEK8TShzISx7Ry2HHhP
IwrQWYOVMfrOkSZFusUEnzh/EKfEYmnNN/sdqRNapuIIeg3J4NFclK/hA9Vbcm2n
A4RNGc+wxBiEr9RCY7lIO6FD7iTu2hWzlUAyd+7uLc1EwnImPmdYw9SC5UE4Bha5
dKDD0gHrlsq+SDU/LaIHW51zXsPZnsSYjJ9ImlrIM0rsQdPxwxUSTBz4PEAHuGDE
BJhiEW7zs3OrdbYztDO4HPW/9T8oUr16ef31f4XT0EDxEsNEqWdqEIkS1pwqpA==
-----END CERTIFICATE-----