Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e07b009f-7b48-43a4-a98e-2a14c194afe8.roa
File:                     e07b009f-7b48-43a4-a98e-2a14c194afe8.roa (raw, json)
Hash identifier:          bWQcrkPUEe5IOLTS7bS+83KrjqkXH3TNifPcZZrvh8Y=
Subject key identifier:   F0:AA:4C:BE:0A:E0:53:AB:04:46:3B:E6:55:62:9A:02:ED:65:08:0E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B1F61784C482AB3932B009344673C5C977A928F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e07b009f-7b48-43a4-a98e-2a14c194afe8.roa
Signing time:             Wed 13 Aug 2025 00:20:59 +0000
ROA not before:           Wed 13 Aug 2025 00:20:59 +0000
ROA not after:            Wed 17 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2620:107:4003::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:1f:61:78:4c:48:2a:b3:93:2b:00:93:44:67:3c:5c:97:7a:92:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 13 00:20:59 2025 GMT
            Not After : Sep 17 23:59:59 2025 GMT
        Subject: serialNumber=9d574565b858748d59bc3c931e99ba47b038bc61509ab8ac6eb74a5ed425031a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:4f:c3:b2:aa:d6:bc:66:90:22:a3:c3:e7:14:
                    88:70:ea:01:4e:1c:61:ee:a2:5e:08:cb:6c:64:90:
                    1a:13:a6:e5:c7:d8:61:b3:1a:c1:82:9a:0d:d0:70:
                    23:25:5c:b8:fe:fa:d7:ba:6e:0d:82:02:b4:25:37:
                    02:36:90:64:fb:76:a3:0f:d8:9e:42:52:2c:55:7a:
                    31:54:b2:a9:72:1e:a7:24:c4:98:aa:0a:b8:4f:70:
                    c8:95:63:20:05:52:75:8c:d2:f6:c2:f6:5a:18:35:
                    26:b3:4d:0a:98:ac:1d:e2:8f:f6:13:c9:46:24:c5:
                    88:71:7e:a3:04:d3:d3:ce:aa:ca:04:a6:98:56:b4:
                    06:48:52:ed:df:c4:56:ad:71:63:bc:10:0c:a0:73:
                    d4:0e:1b:0a:73:48:c2:1f:e8:5e:90:65:ed:91:05:
                    0f:b5:1e:13:b3:81:0a:b1:19:1e:8f:ec:92:a3:3e:
                    65:3c:1f:4f:19:09:cb:7f:e6:9d:da:71:00:29:44:
                    df:f3:86:63:b3:0e:6c:34:55:cd:c5:3e:71:7b:61:
                    c2:ad:99:7b:ab:10:1e:ce:b4:9d:3d:7c:da:e0:5e:
                    0a:22:80:23:29:21:85:f8:9d:d0:69:90:19:a7:b1:
                    79:51:72:27:2b:e6:be:44:ff:a0:b6:39:49:ee:16:
                    07:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:AA:4C:BE:0A:E0:53:AB:04:46:3B:E6:55:62:9A:02:ED:65:08:0E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e07b009f-7b48-43a4-a98e-2a14c194afe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:107:4003::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:22:6c:90:b7:ee:19:3b:bb:cf:18:45:62:5b:5e:6a:26:eb:
         cc:28:b8:19:5d:bc:3f:0c:df:15:eb:64:da:a7:45:32:5b:ff:
         f7:74:2a:16:4a:48:3b:b6:aa:a0:da:7c:6d:18:3a:cb:cc:07:
         44:a4:4d:38:2b:76:24:ed:5e:d2:85:4a:61:5d:0a:fb:bc:63:
         ff:bd:c5:0c:77:1a:75:93:8a:2c:a4:58:55:dc:99:1b:73:ca:
         8c:02:5a:e9:e5:5e:0f:7b:16:c0:59:1d:b1:06:8e:af:e2:35:
         7b:c2:2a:a5:18:33:f6:c9:9e:26:98:f4:d8:7e:5e:8f:f4:73:
         3d:9d:ab:89:7e:c0:df:e0:3c:c3:fc:52:3c:fb:5e:53:82:aa:
         6d:ff:50:61:93:3c:0b:fb:2f:35:f0:86:11:4d:7e:2a:08:94:
         8b:9e:cf:41:dd:23:27:34:67:bb:a6:65:47:ac:5c:3c:21:4d:
         a1:19:eb:fb:72:12:a6:5e:cc:18:e0:8e:36:f6:e2:22:7c:04:
         fa:e6:da:38:ad:e3:68:93:93:48:d7:f3:96:46:50:d6:cf:be:
         8d:59:a2:fc:f1:c0:c4:eb:df:98:fd:61:14:a6:4e:37:e8:dc:
         bc:fb:a1:7c:f9:a7:24:8f:53:6d:56:22:39:59:cb:f7:b4:27:
         4c:ec:ee:79
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUax9heExIKrOTKwCTRGc8XJd6ko8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEzMDAyMDU5WhcNMjUwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDU3NDU2NWI4NTg3NDhkNTliYzNjOTMxZTk5YmE0N2Iw
MzhiYzYxNTA5YWI4YWM2ZWI3NGE1ZWQ0MjUwMzFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgT8Oyqta8ZpAio8PnFIhw6gFOHGHuol4Iy2xkkBoTpuXH
2GGzGsGCmg3QcCMlXLj++te6bg2CArQlNwI2kGT7dqMP2J5CUixVejFUsqlyHqck
xJiqCrhPcMiVYyAFUnWM0vbC9loYNSazTQqYrB3ij/YTyUYkxYhxfqME09POqsoE
pphWtAZIUu3fxFatcWO8EAygc9QOGwpzSMIf6F6QZe2RBQ+1HhOzgQqxGR6P7JKj
PmU8H08ZCct/5p3acQApRN/zhmOzDmw0Vc3FPnF7YcKtmXurEB7OtJ09fNrgXgoi
gCMpIYX4ndBpkBmnsXlRcicr5r5E/6C2OUnuFgcHAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU8KpMvgrgU6sERjvmVWKaAu1lCA4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwN2IwMDlmLTdiNDgtNDNhNC1hOThlLTJhMTRjMTk0YWZlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmIAEHQAMwDQYJKoZIhvcNAQELBQADggEBABgibJC37hk7u88YRWJbXmom
68wouBldvD8M3xXrZNqnRTJb//d0KhZKSDu2qqDafG0YOsvMB0SkTTgrdiTtXtKF
SmFdCvu8Y/+9xQx3GnWTiiykWFXcmRtzyowCWunlXg97FsBZHbEGjq/iNXvCKqUY
M/bJniaY9Nh+Xo/0cz2dq4l+wN/gPMP8Ujz7XlOCqm3/UGGTPAv7LzXwhhFNfioI
lIuez0HdIyc0Z7umZUesXDwhTaEZ6/tyEqZezBjgjjb24iJ8BPrm2jit42iTk0jX
85ZGUNbPvo1ZovzxwMTr35j9YRSmTjfo3Lz7oXz5pySPU21WIjlZy/e0J0zs7nk=
-----END CERTIFICATE-----