Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7200dfa9-d36f-44de-852a-1adda1bbb99c.roa
File:                     7200dfa9-d36f-44de-852a-1adda1bbb99c.roa (raw, json)
Hash identifier:          pwgDehfLrwfw+1/7L6j55rGjuR8Km6NHvNsHRSjbJug=
Subject key identifier:   65:0D:FE:9E:AE:BD:18:62:4A:C6:BD:4F:F2:85:5B:AE:D8:70:9F:41
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4700BD2B72B1B5F1911D850B5B0F170B2F8F0197
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7200dfa9-d36f-44de-852a-1adda1bbb99c.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:1000::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Feb 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:00:bd:2b:72:b1:b5:f1:91:1d:85:0b:5b:0f:17:0b:2f:8f:01:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bd:32:98:9f:bc:49:68:09:37:12:af:e5:24:
                    e7:2e:10:18:8e:72:ca:e9:fa:f0:60:3e:58:04:d5:
                    3e:ae:c5:27:55:c4:53:7a:ca:19:b3:71:44:36:23:
                    88:65:a7:8e:5c:8c:ca:8d:fb:63:2d:3c:ae:a8:c0:
                    e5:7e:8f:4b:9c:cf:5d:68:44:b6:bf:fa:83:54:01:
                    df:1e:7b:18:f9:81:cc:44:e8:9a:4b:0b:f2:bd:02:
                    ac:b6:77:b9:40:57:66:51:c7:6b:46:b4:c3:9d:07:
                    10:ae:d1:65:03:77:98:48:f3:7a:81:5e:1f:87:49:
                    59:88:3d:2a:93:74:74:86:55:3c:7c:eb:c4:f9:e4:
                    60:75:6e:5e:58:81:b8:63:81:ef:a1:d5:81:81:e2:
                    13:fd:fd:2d:51:b8:c8:d5:99:54:a3:4c:a0:97:2a:
                    e0:9d:7f:8e:2f:93:5b:cd:96:3c:76:11:89:40:15:
                    e0:d5:bc:01:0f:8c:18:c9:89:27:01:72:80:53:95:
                    25:cb:73:8f:bb:eb:a4:4f:90:f1:c8:33:89:5e:5e:
                    14:c1:db:0d:a4:f9:23:4b:03:0a:7e:cc:d5:4b:7a:
                    a8:a9:54:8b:05:dc:c5:b2:06:52:da:93:34:e5:1e:
                    31:6b:9b:6c:b6:6e:c8:ee:03:42:df:a3:1f:04:95:
                    80:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:0D:FE:9E:AE:BD:18:62:4A:C6:BD:4F:F2:85:5B:AE:D8:70:9F:41
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7200dfa9-d36f-44de-852a-1adda1bbb99c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:1000::/44

    Signature Algorithm: sha256WithRSAEncryption
         20:7a:36:3f:84:3c:aa:7f:ea:92:88:8a:c9:b9:fb:25:e0:23:
         22:47:f4:4e:dc:f9:39:b2:78:c3:28:a4:bc:95:e5:94:5a:9e:
         a6:88:0d:55:72:51:d1:b2:75:5a:79:81:a2:4c:45:17:09:9b:
         3d:1b:7a:4c:bc:c0:a5:62:68:4d:e5:59:f1:53:a9:d8:54:fb:
         ff:be:d6:de:1b:ac:1a:41:31:11:9d:93:da:e4:1b:2b:5d:d6:
         bb:2e:80:7e:e9:8e:bd:75:84:4d:e0:fe:bc:78:33:5c:14:a1:
         3d:7a:8c:86:63:83:6b:39:a6:17:26:62:22:ba:70:79:68:1d:
         8d:b8:1d:64:81:9e:2e:ee:24:03:59:36:60:d9:2d:30:2d:db:
         cc:23:2f:87:0f:44:36:ba:7a:e2:5c:7e:b1:4f:a6:9b:73:69:
         98:0d:3a:b0:23:86:59:78:06:0b:88:3e:0d:56:53:f7:f5:ed:
         36:3a:51:24:3c:68:34:69:ac:90:9b:d2:39:16:e2:5a:24:c5:
         74:d2:1c:ec:00:8c:ab:5e:04:fb:1f:86:38:9b:68:2b:e3:49:
         6b:50:f0:86:f5:6b:97:80:14:c5:b3:24:0f:88:df:9a:39:18:
         f5:ab:7f:f3:eb:3a:07:9d:58:68:9c:17:73:37:a8:e9:65:01:
         c4:85:03:95
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIURwC9K3KxtfGRHYULWw8XCy+PAZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmI1Mzc2NTBmNTYwY2VmZTkzYmRmYWUyNjk3ZWU3NzE2
YmE0ZjMzYWVhZmM4N2FjMDdjY2RlNWMzN2RhMGY2MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1vTKYn7xJaAk3Eq/lJOcuEBiOcsrp+vBgPlgE1T6uxSdV
xFN6yhmzcUQ2I4hlp45cjMqN+2MtPK6owOV+j0ucz11oRLa/+oNUAd8eexj5gcxE
6JpLC/K9Aqy2d7lAV2ZRx2tGtMOdBxCu0WUDd5hI83qBXh+HSVmIPSqTdHSGVTx8
68T55GB1bl5Ygbhjge+h1YGB4hP9/S1RuMjVmVSjTKCXKuCdf44vk1vNljx2EYlA
FeDVvAEPjBjJiScBcoBTlSXLc4+766RPkPHIM4leXhTB2w2k+SNLAwp+zNVLeqip
VIsF3MWyBlLakzTlHjFrm2y2bsjuA0Lfox8ElYCLAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZQ3+nq69GGJKxr1P8oVbrthwn0EwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzcyMDBkZmE5LWQzNmYtNDRkZS04NTJhLTFhZGRhMWJiYjk5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDwEAAwDQYJKoZIhvcNAQELBQADggEBACB6Nj+EPKp/6pKIism5+yXg
IyJH9E7c+TmyeMMopLyV5ZRanqaIDVVyUdGydVp5gaJMRRcJmz0beky8wKViaE3l
WfFTqdhU+/++1t4brBpBMRGdk9rkGytd1rsugH7pjr11hE3g/rx4M1wUoT16jIZj
g2s5phcmYiK6cHloHY24HWSBni7uJANZNmDZLTAt28wjL4cPRDa6euJcfrFPpptz
aZgNOrAjhll4BguIPg1WU/f17TY6USQ8aDRprJCb0jkW4lokxXTSHOwAjKteBPsf
hjibaCvjSWtQ8Ib1a5eAFMWzJA+I35o5GPWrf/PrOgedWGicF3M3qOllAcSFA5U=
-----END CERTIFICATE-----