Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1a99748-327b-4d2a-bf18-675114452386.roa
File:                     f1a99748-327b-4d2a-bf18-675114452386.roa (raw, json)
Hash identifier:          2zhrQCCfHj52gyVboNWr5Hy9OekVMhX3ogwcu3EuQCQ=
Subject key identifier:   7B:FC:B0:FB:CA:C6:93:9C:AE:F7:A6:C3:77:66:FF:C3:EA:79:57:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A4803C9AAF490A508F00859ED0D890495B12D83
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1a99748-327b-4d2a-bf18-675114452386.roa
Signing time:             Fri 15 Aug 2025 00:41:32 +0000
ROA not before:           Fri 15 Aug 2025 00:41:32 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff3:5000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:48:03:c9:aa:f4:90:a5:08:f0:08:59:ed:0d:89:04:95:b1:2d:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 15 00:41:32 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=e4b074c563ed0f1b7f596833cb46fd5a503b1d00f87d0a2f3f5a3e53af8d7ee1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1f:70:0a:d0:d7:2b:08:eb:35:d9:ca:78:3b:
                    19:ee:f4:6f:27:a1:82:24:98:e0:a6:45:72:c1:5f:
                    92:08:61:e9:12:0f:57:dd:65:e4:17:7e:9b:27:f9:
                    5a:7f:21:95:a3:21:58:47:ce:6a:c8:4e:76:3b:68:
                    96:f3:95:79:ec:93:d9:da:03:7c:16:6f:2c:85:48:
                    97:26:37:cf:25:62:d3:41:5b:56:af:c9:be:7e:5c:
                    ae:fa:59:17:9e:0d:ed:38:72:b8:65:1a:44:d8:0b:
                    19:cc:09:1e:09:c1:7d:00:0d:5b:92:0d:71:c2:d0:
                    92:37:42:a3:e2:59:88:ac:d4:c8:e2:a0:47:69:72:
                    cf:c0:41:c0:08:3f:b9:27:8b:2d:35:a8:0a:e7:cd:
                    ee:1f:89:87:f7:a1:93:b1:8a:51:f8:03:e3:a9:7d:
                    c8:3b:99:7c:f7:97:ec:6a:65:44:f5:f8:6c:81:46:
                    c3:7e:c3:35:88:cf:66:ac:e0:19:02:01:29:2d:90:
                    f2:db:2d:3d:0c:a6:d2:47:c2:95:02:2d:0d:1e:51:
                    9e:de:a0:d8:1a:b6:93:5c:d7:6d:ce:9a:a0:93:1e:
                    96:8f:37:4f:4a:19:32:3b:58:92:7b:b6:a9:56:96:
                    23:f8:6e:95:49:88:8d:2b:77:78:15:58:58:8a:81:
                    73:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FC:B0:FB:CA:C6:93:9C:AE:F7:A6:C3:77:66:FF:C3:EA:79:57:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1a99748-327b-4d2a-bf18-675114452386.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1d:33:73:21:ec:ce:ce:25:d8:10:51:b8:d0:b7:71:34:f6:4f:
         a0:2c:fd:4a:f5:ea:8b:23:03:77:2c:04:ee:60:d3:db:c5:f6:
         17:54:49:63:c8:99:09:a5:ae:aa:95:bd:e5:3d:87:07:10:72:
         23:17:41:5d:f5:98:3a:99:fa:18:1d:81:ae:df:d0:66:c1:28:
         35:2d:60:86:7f:71:da:bf:b1:2f:54:a0:7e:61:5f:8e:8c:1a:
         fd:6e:23:35:fd:54:aa:37:56:09:f6:2b:67:a6:68:10:09:59:
         98:10:5e:87:e5:76:d7:eb:cd:31:91:3b:93:bf:4d:c5:8a:05:
         bf:51:eb:9d:21:be:d2:46:d3:da:20:06:18:20:8c:ff:0e:4d:
         4a:01:17:25:2f:d8:49:63:18:01:37:1f:fe:86:f9:41:24:98:
         48:a7:c5:89:47:ce:b4:ff:7e:ae:0b:24:4d:1c:7c:0d:b7:7e:
         2d:84:31:17:ff:11:dc:eb:1f:f0:ce:56:81:52:7a:f1:07:db:
         f3:1b:f2:a2:cf:2e:81:51:c8:76:44:a9:87:33:4a:d1:d6:bd:
         7b:81:41:fa:80:7b:d4:d4:1d:64:ed:93:da:a1:20:45:76:7a:
         1d:36:20:8c:c7:b3:c5:b4:72:9a:14:c3:c7:1c:05:61:b3:14:
         77:12:13:76
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWkgDyar0kKUI8AhZ7Q2JBJWxLYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE1MDA0MTMyWhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNGIwNzRjNTYzZWQwZjFiN2Y1OTY4MzNjYjQ2ZmQ1YTUw
M2IxZDAwZjg3ZDBhMmYzZjVhM2U1M2FmOGQ3ZWUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbH3AK0NcrCOs12cp4Oxnu9G8noYIkmOCmRXLBX5IIYekS
D1fdZeQXfpsn+Vp/IZWjIVhHzmrITnY7aJbzlXnsk9naA3wWbyyFSJcmN88lYtNB
W1avyb5+XK76WReeDe04crhlGkTYCxnMCR4JwX0ADVuSDXHC0JI3QqPiWYis1Mji
oEdpcs/AQcAIP7kniy01qArnze4fiYf3oZOxilH4A+Opfcg7mXz3l+xqZUT1+GyB
RsN+wzWIz2as4BkCASktkPLbLT0MptJHwpUCLQ0eUZ7eoNgatpNc123OmqCTHpaP
N09KGTI7WJJ7tqlWliP4bpVJiI0rd3gVWFiKgXN3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUe/yw+8rGk5yu96bDd2b/w+p5V+wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YxYTk5NzQ4LTMyN2ItNGQyYS1iZjE4LTY3NTExNDQ1MjM4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/zUDANBgkqhkiG9w0BAQsFAAOCAQEAHTNzIezOziXYEFG40LdxNPZP
oCz9SvXqiyMDdywE7mDT28X2F1RJY8iZCaWuqpW95T2HBxByIxdBXfWYOpn6GB2B
rt/QZsEoNS1ghn9x2r+xL1SgfmFfjowa/W4jNf1UqjdWCfYrZ6ZoEAlZmBBeh+V2
1+vNMZE7k79NxYoFv1HrnSG+0kbT2iAGGCCM/w5NSgEXJS/YSWMYATcf/ob5QSSY
SKfFiUfOtP9+rgskTRx8Dbd+LYQxF/8R3Osf8M5WgVJ68Qfb8xvyos8ugVHIdkSp
hzNK0da9e4FB+oB71NQdZO2T2qEgRXZ6HTYgjMezxbRymhTDxxwFYbMUdxITdg==
-----END CERTIFICATE-----