Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c288c187-a311-482f-a404-3061061e705c.roa
File:                     c288c187-a311-482f-a404-3061061e705c.roa (raw, json)
Hash identifier:          uLQKCG/Oov47OmwD9OxzaTBNiraxfVjgdszD0i1je3g=
Subject key identifier:   47:8C:9D:A1:DC:F3:F9:E2:26:AD:CC:82:09:53:F5:78:6F:54:81:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       50827BD576105F12AA11A7252F946F7F70DA95D2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c288c187-a311-482f-a404-3061061e705c.roa
Signing time:             Fri 28 Mar 2025 16:50:18 +0000
ROA not before:           Fri 28 Mar 2025 16:50:18 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f12:400::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:82:7b:d5:76:10:5f:12:aa:11:a7:25:2f:94:6f:7f:70:da:95:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:50:18 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=a9a5d5933b2159bccd995b491995ce4f09d67db1ad055805fd0c070522540d56, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c6:d7:70:f1:41:b0:cd:fb:a4:23:db:ca:17:
                    29:a7:33:9d:71:1c:5b:03:9c:80:1e:93:08:96:07:
                    5e:b2:ff:f3:74:a9:a5:95:6b:01:bf:09:03:ff:d0:
                    18:aa:09:df:fe:75:5e:89:c6:7f:46:1e:6c:b3:61:
                    39:ea:77:51:2e:b4:b9:59:8f:be:a8:e0:cc:8c:ba:
                    6c:96:a5:9f:10:ce:c9:a9:d3:20:1b:d2:fa:60:67:
                    bc:97:28:10:c6:5b:31:b0:98:32:5f:a8:05:e9:81:
                    71:bb:bd:03:36:dc:5e:de:71:0e:db:5b:1c:4b:21:
                    f1:86:21:eb:c2:e7:34:3f:2a:07:b3:b2:b1:30:6a:
                    10:6d:88:53:eb:a9:dd:7e:b7:5c:20:b5:f3:10:6e:
                    e2:31:be:82:f7:0b:3a:fc:b1:5c:d0:73:a9:72:1f:
                    cc:1d:82:e5:70:48:05:04:a4:a7:3e:8f:40:0d:9c:
                    7c:2d:49:84:f1:d2:8c:fe:42:0f:ca:e5:ce:55:16:
                    7f:6f:90:17:60:9d:48:29:75:e1:5a:51:dd:fa:b3:
                    22:97:a3:2c:17:c7:84:30:d1:25:ab:94:f6:89:f9:
                    c9:18:33:4e:6d:97:81:e4:97:6d:fb:7a:67:a8:7b:
                    ac:a6:0d:1e:49:b3:db:01:f6:80:bb:63:e6:85:fb:
                    95:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:8C:9D:A1:DC:F3:F9:E2:26:AD:CC:82:09:53:F5:78:6F:54:81:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c288c187-a311-482f-a404-3061061e705c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f12:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         56:68:2e:fc:9a:9f:6c:e7:9d:6b:cc:cd:81:98:62:0e:6d:b9:
         7a:db:96:b2:a8:c9:04:99:bc:c3:2a:ca:b5:17:57:5a:9c:c8:
         9f:21:4e:52:7d:03:92:1a:5f:a5:48:4d:c2:4d:0b:27:0d:59:
         8c:e0:55:f5:4d:3e:67:3a:2d:21:f5:df:ca:0d:b9:60:bc:f4:
         61:75:ad:56:bc:58:58:3c:14:2d:66:b4:06:f6:b6:03:47:be:
         7f:53:5b:51:0d:3a:be:96:a2:91:13:9b:f6:34:82:de:da:e3:
         2b:46:c1:51:66:70:64:1d:3d:3e:bd:77:8c:ac:d8:97:c1:46:
         7e:83:81:c0:2e:ad:c8:ed:29:c3:a8:cd:47:13:76:66:56:a4:
         61:1d:b1:a7:59:22:32:ae:51:bb:21:68:e3:73:34:07:c9:db:
         f0:4b:aa:1e:84:2f:4f:00:00:90:c6:b8:6a:6f:41:9c:ca:51:
         f2:3c:88:99:8b:aa:2b:16:bc:90:36:b6:49:f1:38:ba:5c:95:
         0a:63:30:77:ac:ed:b4:17:91:96:a8:08:94:84:f1:34:2e:f5:
         c2:80:e8:4b:68:78:33:6c:13:70:b8:a1:75:e2:f1:83:15:5f:
         c4:09:ee:7e:77:32:b1:fe:0b:e2:ab:5f:8d:bd:ec:4a:75:2c:
         08:cd:8a:bc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUUIJ71XYQXxKqEaclL5Rvf3DaldIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTY1MDE4WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWE1ZDU5MzNiMjE1OWJjY2Q5OTViNDkxOTk1Y2U0ZjA5
ZDY3ZGIxYWQwNTU4MDVmZDBjMDcwNTIyNTQwZDU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSxtdw8UGwzfukI9vKFymnM51xHFsDnIAekwiWB16y//N0
qaWVawG/CQP/0BiqCd/+dV6Jxn9GHmyzYTnqd1EutLlZj76o4MyMumyWpZ8Qzsmp
0yAb0vpgZ7yXKBDGWzGwmDJfqAXpgXG7vQM23F7ecQ7bWxxLIfGGIevC5zQ/Kgez
srEwahBtiFPrqd1+t1wgtfMQbuIxvoL3Czr8sVzQc6lyH8wdguVwSAUEpKc+j0AN
nHwtSYTx0oz+Qg/K5c5VFn9vkBdgnUgpdeFaUd36syKXoywXx4Qw0SWrlPaJ+ckY
M05tl4Hkl237emeoe6ymDR5Js9sB9oC7Y+aF+5V1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUR4ydodzz+eImrcyCCVP1eG9UgUMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyODhjMTg3LWEzMTEtNDgyZi1hNDA0LTMwNjEwNjFlNzA1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgImAB8SBDANBgkqhkiG9w0BAQsFAAOCAQEAVmgu/JqfbOeda8zNgZhiDm25
etuWsqjJBJm8wyrKtRdXWpzInyFOUn0DkhpfpUhNwk0LJw1ZjOBV9U0+ZzotIfXf
yg25YLz0YXWtVrxYWDwULWa0Bva2A0e+f1NbUQ06vpaikROb9jSC3trjK0bBUWZw
ZB09Pr13jKzYl8FGfoOBwC6tyO0pw6jNRxN2ZlakYR2xp1kiMq5RuyFo43M0B8nb
8EuqHoQvTwAAkMa4am9BnMpR8jyImYuqKxa8kDa2SfE4ulyVCmMwd6zttBeRlqgI
lITxNC71woDoS2h4M2wTcLihdeLxgxVfxAnufncysf4L4qtfjb3sSnUsCM2KvA==
-----END CERTIFICATE-----