Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecb777e6-e596-438b-aa6c-8dc3055af2de.roa
File:                     ecb777e6-e596-438b-aa6c-8dc3055af2de.roa (raw, json)
Hash identifier:          U5oTnuztthQ/eatgGL6WVkk7przn0nAf3WbsSCZZcAA=
Subject key identifier:   AC:17:0F:FF:DE:9E:DF:A5:B6:8A:32:9D:95:1F:6D:FC:63:41:D6:DA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FFF622362E6839BDBBD4AFE46969E72E6FD5F54
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecb777e6-e596-438b-aa6c-8dc3055af2de.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff7:4000::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:ff:62:23:62:e6:83:9b:db:bd:4a:fe:46:96:9e:72:e6:fd:5f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:70:56:da:59:f0:1f:15:74:7a:af:b3:09:51:
                    d4:d3:88:81:d5:1a:b8:1a:52:d1:70:7b:ed:50:35:
                    58:a8:65:24:21:a0:e5:fe:d6:ee:98:d0:74:d3:5d:
                    17:66:b2:b1:a9:91:94:2e:64:9f:cd:c4:b4:f1:9d:
                    7b:9c:14:d5:90:4e:c8:ee:40:ee:7f:2c:12:18:f3:
                    95:d9:e7:5a:61:12:fc:4d:5a:41:61:12:cc:be:e9:
                    98:e6:a6:cd:54:8b:00:2e:86:18:3d:15:ca:99:c1:
                    9b:4a:5e:e9:2f:a2:51:38:d8:7f:1b:0f:95:f5:3e:
                    0c:cf:ac:a0:f2:48:e3:19:ba:71:10:2b:d2:1f:ad:
                    a5:45:61:7d:d3:44:7f:6d:39:c7:9b:f8:b5:65:84:
                    cb:bd:d4:4d:cc:9c:74:a0:dc:5c:87:38:99:43:20:
                    b0:3c:75:3c:6d:af:60:7a:ff:d3:ca:19:f2:98:88:
                    fa:85:2c:c8:4b:81:83:ed:ed:45:51:a3:db:1e:ad:
                    0e:7a:ae:60:6e:9c:b1:1d:3d:0d:4c:3e:2e:bf:ba:
                    ae:a4:e9:7c:a2:62:8f:aa:9b:74:dd:f8:ce:17:5d:
                    29:08:a1:1d:22:4c:37:22:6a:fd:83:3b:fa:f0:8e:
                    d1:bd:41:e6:d2:d8:96:3b:2a:d8:42:ef:ee:48:7b:
                    43:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:17:0F:FF:DE:9E:DF:A5:B6:8A:32:9D:95:1F:6D:FC:63:41:D6:DA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecb777e6-e596-438b-aa6c-8dc3055af2de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         54:5d:0e:c5:e4:03:56:3f:9a:0e:21:d0:f7:c3:a7:a9:26:f8:
         23:c5:29:5b:1d:6f:e4:3e:65:9a:50:14:bc:00:c1:6b:9b:65:
         28:c4:50:66:69:2f:f9:83:cd:80:a0:e1:14:2e:1c:38:d3:5c:
         05:eb:d4:c1:69:32:42:0b:95:2e:d4:96:4e:fe:56:38:ee:c0:
         08:82:ee:fc:6d:ba:0a:a7:1c:60:6f:95:90:e2:32:96:96:2f:
         c2:a1:51:f3:ca:c7:05:64:8c:ef:3d:e5:2d:0f:95:29:31:a3:
         ea:57:64:18:30:ac:65:6a:47:be:b3:df:19:8a:8b:cb:dd:a3:
         d8:75:1c:17:8a:46:4c:c8:58:d6:c2:0d:25:c0:55:5c:dc:ed:
         0b:1f:e9:b1:8b:9c:59:42:75:d4:87:49:37:f9:ff:e5:de:fa:
         d2:a2:33:f9:b8:bd:42:1e:ed:12:27:d0:ba:69:19:10:ca:03:
         13:2e:70:ce:94:ae:0d:f8:37:a6:d9:67:ed:b7:cb:2c:08:54:
         cf:33:0d:4b:93:25:b4:46:c2:f1:79:6e:4e:6c:14:0e:fb:27:
         e3:b9:b8:62:a9:41:25:0f:e4:de:b7:69:18:a2:01:24:4f:0e:
         42:c3:64:20:0b:6f:ac:18:aa:6f:60:a0:60:df:c2:2a:f2:e4:
         50:86:cb:7b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUL/9iI2Lmg5vbvUr+Rpaecub9X1QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTViMmU5OGNmYTU3MzM4ZGJjOWE4MTA5ZDcyYjUzZDYx
NjZmNTNjMmEwMTU4ZGFmZWUyYzUxMWU0MGQ5MzlkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjcFbaWfAfFXR6r7MJUdTTiIHVGrgaUtFwe+1QNVioZSQh
oOX+1u6Y0HTTXRdmsrGpkZQuZJ/NxLTxnXucFNWQTsjuQO5/LBIY85XZ51phEvxN
WkFhEsy+6Zjmps1UiwAuhhg9FcqZwZtKXukvolE42H8bD5X1PgzPrKDySOMZunEQ
K9IfraVFYX3TRH9tOceb+LVlhMu91E3MnHSg3FyHOJlDILA8dTxtr2B6/9PKGfKY
iPqFLMhLgYPt7UVRo9serQ56rmBunLEdPQ1MPi6/uq6k6XyiYo+qm3Td+M4XXSkI
oR0iTDciav2DO/rwjtG9QebS2JY7KthC7+5Ie0MvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUrBcP/96e36W2ijKdlR9t/GNB1towHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjYjc3N2U2LWU1OTYtNDM4Yi1hYTZjLThkYzMwNTVhZjJkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/3QDANBgkqhkiG9w0BAQsFAAOCAQEAVF0OxeQDVj+aDiHQ98OnqSb4
I8UpWx1v5D5lmlAUvADBa5tlKMRQZmkv+YPNgKDhFC4cONNcBevUwWkyQguVLtSW
Tv5WOO7ACILu/G26CqccYG+VkOIylpYvwqFR88rHBWSM7z3lLQ+VKTGj6ldkGDCs
ZWpHvrPfGYqLy92j2HUcF4pGTMhY1sINJcBVXNztCx/psYucWUJ11IdJN/n/5d76
0qIz+bi9Qh7tEifQumkZEMoDEy5wzpSuDfg3ptln7bfLLAhUzzMNS5MltEbC8Xlu
TmwUDvsn47m4YqlBJQ/k3rdpGKIBJE8OQsNkIAtvrBiqb2CgYN/CKvLkUIbLew==
-----END CERTIFICATE-----