Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffa297f8-dbee-4db9-969e-7a8c2685dc09.roa
File:                     ffa297f8-dbee-4db9-969e-7a8c2685dc09.roa (raw, json)
Hash identifier:          UU6Nrh5lUFPjC/Xpou2Ej/YGTrZOibLNKdTSrJWUEM0=
Subject key identifier:   98:13:04:A0:DE:9C:2F:A4:19:47:12:D3:DD:26:C3:0B:3E:6C:FB:E9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B4CC6F37FC02E9B0DD632E5233B968539200787
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffa297f8-dbee-4db9-969e-7a8c2685dc09.roa
Signing time:             Mon 19 May 2025 17:31:21 +0000
ROA not before:           Mon 19 May 2025 17:31:21 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f36:a400::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:4c:c6:f3:7f:c0:2e:9b:0d:d6:32:e5:23:3b:96:85:39:20:07:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 17:31:21 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=3fa733947d20d774e50a33a7a929ed11964494162210045792bf15be6b1a96b0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9d:88:32:05:78:59:60:f5:aa:dc:83:77:30:
                    00:3e:ac:9f:65:cb:e9:5a:11:f5:18:4c:74:ce:7e:
                    8c:9a:66:7b:38:6e:de:a1:65:4d:fe:0e:ec:61:96:
                    6c:47:e6:62:09:d5:9c:d1:b0:cb:e9:72:04:10:92:
                    c4:37:ee:a7:5c:13:24:3f:bb:8f:2e:9c:e3:57:4e:
                    dd:6f:7b:76:54:da:3a:63:28:90:a1:31:31:63:f7:
                    6f:e9:98:ec:b2:ba:fe:ed:f5:0a:4d:f4:36:0e:a3:
                    c5:be:c0:4a:ea:cd:2a:52:a1:20:70:3c:b9:48:c6:
                    97:32:f0:20:0f:ac:3a:f4:21:14:a5:4d:42:aa:17:
                    0b:7c:50:7e:65:a6:d9:a2:85:05:10:d8:5b:0d:ad:
                    51:3e:49:b2:03:97:a7:60:b3:58:89:62:8a:55:c3:
                    89:10:b3:f7:3d:96:bc:11:95:39:df:89:5b:f3:74:
                    80:56:fa:2d:e9:cc:ef:a4:b3:a6:ee:8d:40:fc:c9:
                    0c:e2:f5:f4:91:a8:12:f0:c8:b0:06:f8:50:43:63:
                    24:64:61:f7:06:a0:11:23:87:71:ab:8b:eb:c4:2b:
                    b0:98:c9:15:0a:ce:8d:45:19:49:d2:65:a4:33:df:
                    4a:75:40:f9:a8:5f:2d:25:7e:f0:22:bf:3a:01:1e:
                    91:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:13:04:A0:DE:9C:2F:A4:19:47:12:D3:DD:26:C3:0B:3E:6C:FB:E9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffa297f8-dbee-4db9-969e-7a8c2685dc09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f36:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         46:17:49:3a:30:c4:f4:03:42:c8:b2:25:0b:89:ea:ea:0a:8c:
         72:33:96:b6:8b:d5:fb:fc:71:79:7c:f6:d1:b9:e9:77:f4:6d:
         96:3b:74:32:2f:b1:44:2c:a5:a1:58:80:7c:0e:25:f2:74:dd:
         79:35:71:b0:8a:55:2f:dd:3a:0c:1b:1d:21:f8:cd:5c:f3:c5:
         45:82:e4:4d:e5:df:d0:11:84:3f:32:ba:0f:23:01:6c:3f:92:
         8e:ed:c9:05:3b:a7:2b:3d:b4:1f:ce:61:ce:94:5b:3a:c3:15:
         86:ea:dc:58:33:de:2f:2c:1c:14:8e:6c:20:3c:52:ba:bb:6f:
         ca:d2:20:d5:a3:02:32:58:39:cf:d4:b1:51:0a:e0:fc:29:81:
         e9:54:d1:8f:46:8b:8b:48:e1:43:d3:03:92:86:1c:ab:ae:df:
         95:10:7b:d3:24:94:a1:78:fd:fd:12:90:3b:54:d0:9b:9e:b7:
         55:c2:72:00:af:77:c1:db:f3:f3:b9:86:b2:a0:d8:f2:60:d5:
         c1:d3:f6:5e:c3:3a:25:5e:ca:b3:66:bb:6f:8b:19:dd:f7:0d:
         1d:d1:0d:ec:81:e5:a1:20:67:9a:fc:fa:a6:c7:75:92:0c:6a:
         95:11:cf:f9:a4:09:40:21:8d:92:35:44:8f:32:11:e9:9d:83:
         5f:3e:67:d1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUa0zG83/ALpsN1jLlIzuWhTkgB4cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTczMTIxWhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmE3MzM5NDdkMjBkNzc0ZTUwYTMzYTdhOTI5ZWQxMTk2
NDQ5NDE2MjIxMDA0NTc5MmJmMTViZTZiMWE5NmIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqnYgyBXhZYPWq3IN3MAA+rJ9ly+laEfUYTHTOfoyaZns4
bt6hZU3+DuxhlmxH5mIJ1ZzRsMvpcgQQksQ37qdcEyQ/u48unONXTt1ve3ZU2jpj
KJChMTFj92/pmOyyuv7t9QpN9DYOo8W+wErqzSpSoSBwPLlIxpcy8CAPrDr0IRSl
TUKqFwt8UH5lptmihQUQ2FsNrVE+SbIDl6dgs1iJYopVw4kQs/c9lrwRlTnfiVvz
dIBW+i3pzO+ks6bujUD8yQzi9fSRqBLwyLAG+FBDYyRkYfcGoBEjh3Gri+vEK7CY
yRUKzo1FGUnSZaQz30p1QPmoXy0lfvAivzoBHpGjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUmBMEoN6cL6QZRxLT3SbDCz5s++kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZmYTI5N2Y4LWRiZWUtNGRiOS05NjllLTdhOGMyNjg1ZGMwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB82pDANBgkqhkiG9w0BAQsFAAOCAQEARhdJOjDE9ANCyLIlC4nq6gqM
cjOWtovV+/xxeXz20bnpd/Rtljt0Mi+xRCyloViAfA4l8nTdeTVxsIpVL906DBsd
IfjNXPPFRYLkTeXf0BGEPzK6DyMBbD+Sju3JBTunKz20H85hzpRbOsMVhurcWDPe
LywcFI5sIDxSurtvytIg1aMCMlg5z9SxUQrg/CmB6VTRj0aLi0jhQ9MDkoYcq67f
lRB70ySUoXj9/RKQO1TQm563VcJyAK93wdvz87mGsqDY8mDVwdP2XsM6JV7Ks2a7
b4sZ3fcNHdEN7IHloSBnmvz6psd1kgxqlRHP+aQJQCGNkjVEjzIR6Z2DXz5n0Q==
-----END CERTIFICATE-----