Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0b0acdef-c848-447c-9624-6a4634464aaa.roa
File:                     0b0acdef-c848-447c-9624-6a4634464aaa.roa (raw, json)
Hash identifier:          JI4RUkAdyEGWCgNESDhIgCkO9t/axpVYJgDJWwM9JEg=
Subject key identifier:   8E:86:28:2E:6D:7E:02:7B:30:6A:40:1E:94:69:2A:A4:AF:FD:35:FA
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       100015CCB4CECA8B408003F67BD9708B9582F68B
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0b0acdef-c848-447c-9624-6a4634464aaa.roa
Signing time:             Tue 20 May 2025 18:10:12 +0000
ROA not before:           Tue 20 May 2025 18:10:12 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e800::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 05 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:00:15:cc:b4:ce:ca:8b:40:80:03:f6:7b:d9:70:8b:95:82:f6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:10:12 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=9433d6e28dd39290712f3738593834f19c4ab002d176932b32350fc5e86fdd08, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fb:29:3b:2f:8d:b8:35:d2:67:d3:04:00:eb:
                    51:d9:1a:01:dd:7f:40:99:f6:ce:b3:7d:dc:6e:42:
                    fb:e0:25:06:8f:18:9e:8a:ea:61:12:c4:72:25:aa:
                    da:5c:e1:d8:4c:9e:13:3a:15:a5:15:4e:90:f4:1a:
                    89:8c:07:c6:7d:53:95:94:87:e9:cb:53:6b:5b:31:
                    77:1c:fe:28:3c:49:40:cd:14:33:7d:39:e5:33:83:
                    3a:b2:32:ce:f3:87:d6:62:1c:a3:1b:df:0d:8f:61:
                    7b:7e:f6:89:65:97:8c:a5:ae:90:94:bc:68:77:83:
                    e0:9b:68:e7:a8:cd:c4:70:b4:0b:7d:46:56:ca:52:
                    2c:e8:ff:ad:5a:fc:1f:01:27:e8:2b:fa:02:91:46:
                    ec:d0:47:0d:7e:ae:ec:40:b2:1a:5c:5b:e3:dc:7f:
                    1c:16:c9:27:67:e4:37:32:12:5e:39:38:8a:e0:18:
                    d1:33:2e:87:c9:28:a4:5d:df:8d:14:8a:69:56:cd:
                    24:b0:b7:e9:97:9a:31:47:07:e5:3f:a9:6b:74:33:
                    3f:06:ce:50:c1:5f:e0:3e:81:a2:56:94:7b:eb:be:
                    e1:f0:a2:db:c5:f9:f3:43:84:ad:ec:2e:7d:1c:0b:
                    44:96:08:a2:de:cf:78:9f:3e:7a:3a:7a:8d:98:42:
                    f6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:86:28:2E:6D:7E:02:7B:30:6A:40:1E:94:69:2A:A4:AF:FD:35:FA
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0b0acdef-c848-447c-9624-6a4634464aaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e800::/42

    Signature Algorithm: sha256WithRSAEncryption
         26:64:1d:1c:de:a4:69:e3:fe:8e:cd:b8:04:b6:85:d7:e1:3e:
         b1:b1:d2:82:a5:dc:8d:1d:68:c8:45:4b:2f:f9:50:af:a2:2f:
         aa:70:ca:da:d1:38:69:b5:e4:75:c3:31:ea:1a:06:c8:8e:cd:
         08:07:0a:08:5e:c2:50:9d:1c:32:c2:e1:69:05:6a:c6:23:8a:
         28:fe:61:8d:36:8f:ac:a2:77:76:ab:86:09:e3:3c:9a:b9:af:
         64:0e:1d:1d:65:6f:c5:6f:c8:c5:4b:c6:c7:39:6c:4f:5c:11:
         44:ae:84:67:f6:77:eb:99:4b:48:65:a4:01:46:f8:86:65:69:
         31:a2:cc:a6:13:f3:4d:c6:e3:58:f1:0e:b7:e0:60:8e:19:c8:
         7c:51:a0:c3:f8:97:be:1d:5d:96:d2:7d:8b:a9:4d:bb:12:9a:
         68:d0:57:b2:f7:9e:5b:c1:0a:8e:a3:2e:38:05:ca:86:f9:1f:
         5d:7b:b3:8d:98:ff:63:89:d4:dc:b2:d0:c2:91:98:a3:8c:96:
         bb:34:92:cf:36:cd:78:f4:c2:fc:01:0e:58:e9:2e:f5:37:43:
         02:5d:de:c7:2d:5a:13:4e:a8:16:23:d2:c5:ad:56:9e:c4:88:
         49:6b:1e:e9:3d:a2:3a:e2:b4:2f:75:d1:fe:c7:47:12:bd:ae:
         77:34:07:f9
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUEAAVzLTOyotAgAP2e9lwi5WC9oswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgxMDEyWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDMzZDZlMjhkZDM5MjkwNzEyZjM3Mzg1OTM4MzRmMTlj
NGFiMDAyZDE3NjkzMmIzMjM1MGZjNWU4NmZkZDA4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP+yk7L424NdJn0wQA61HZGgHdf0CZ9s6zfdxuQvvgJQaP
GJ6K6mESxHIlqtpc4dhMnhM6FaUVTpD0GomMB8Z9U5WUh+nLU2tbMXcc/ig8SUDN
FDN9OeUzgzqyMs7zh9ZiHKMb3w2PYXt+9olll4ylrpCUvGh3g+CbaOeozcRwtAt9
RlbKUizo/61a/B8BJ+gr+gKRRuzQRw1+ruxAshpcW+PcfxwWySdn5DcyEl45OIrg
GNEzLofJKKRd340UimlWzSSwt+mXmjFHB+U/qWt0Mz8GzlDBX+A+gaJWlHvrvuHw
otvF+fNDhK3sLn0cC0SWCKLez3ifPno6eo2YQva/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUjoYoLm1+AnswakAelGkqpK/9NfowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzBiMGFjZGVmLWM4NDgtNDQ3Yy05NjI0LTZhNDYzNDQ2NGFhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD76AAwDQYJKoZIhvcNAQELBQADggEBACZkHRzepGnj/o7NuAS2hdfh
PrGx0oKl3I0daMhFSy/5UK+iL6pwytrROGm15HXDMeoaBsiOzQgHCghewlCdHDLC
4WkFasYjiij+YY02j6yid3arhgnjPJq5r2QOHR1lb8VvyMVLxsc5bE9cEUSuhGf2
d+uZS0hlpAFG+IZlaTGizKYT803G41jxDrfgYI4ZyHxRoMP4l74dXZbSfYupTbsS
mmjQV7L3nlvBCo6jLjgFyob5H117s42Y/2OJ1Nyy0MKRmKOMlrs0ks82zXj0wvwB
DljpLvU3QwJd3sctWhNOqBYj0sWtVp7EiElrHuk9ojritC910f7HRxK9rnc0B/k=
-----END CERTIFICATE-----