Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7c0c4811-7db0-4cc0-8fa1-6dbda4055b97.roa
File:                     7c0c4811-7db0-4cc0-8fa1-6dbda4055b97.roa (raw, json)
Hash identifier:          ywAwZvI60RNujw8mfeRORJKEfbjTY4361cheTsuqxr4=
Subject key identifier:   25:34:6E:3B:2C:1F:8B:F1:A9:BE:E9:E4:0C:73:BD:01:55:77:B3:CF
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       13CFB4087D1DA3ECC576C61640EAEB6F02309153
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7c0c4811-7db0-4cc0-8fa1-6dbda4055b97.roa
Signing time:             Tue 20 May 2025 18:11:19 +0000
ROA not before:           Tue 20 May 2025 18:11:19 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:eb00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 07 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:cf:b4:08:7d:1d:a3:ec:c5:76:c6:16:40:ea:eb:6f:02:30:91:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:11:19 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=95c14e31a3fc410c942d811721664e847075f3e5c61f626b2175895571d80a9a, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1f:79:5b:d7:39:32:93:a0:d6:8c:77:45:89:
                    f8:7b:60:74:b0:d6:f4:a1:80:fe:c9:19:df:c6:8d:
                    f1:b2:5f:09:88:3e:60:bc:84:e2:fe:78:1e:24:64:
                    61:87:56:1f:8d:4f:03:e4:84:aa:81:ee:ad:dd:d4:
                    7e:0d:69:92:45:6c:61:55:f6:8e:65:1a:1d:bc:1e:
                    9a:eb:9b:d9:be:2a:da:9c:f8:29:15:b0:bc:e4:7c:
                    b7:ea:57:8b:af:c4:a4:b3:bd:d3:27:e2:78:0c:a3:
                    7c:4f:c0:69:65:f3:f5:5c:a2:2a:c0:bd:25:77:f6:
                    9c:85:1d:a3:5a:c6:d9:3e:dd:d1:98:73:49:ae:53:
                    23:f8:af:43:2b:84:fc:a8:13:3b:22:71:f7:30:82:
                    5d:0a:81:70:61:fb:52:98:d0:07:a9:94:48:f8:ec:
                    e0:37:ca:67:cb:1f:92:73:ef:25:17:c9:41:e4:95:
                    7b:97:d0:bf:f6:17:03:a5:16:6a:f2:3b:df:2e:97:
                    9d:aa:3d:8d:ab:4a:1e:80:ab:68:26:e6:f1:87:91:
                    dc:62:f2:f3:93:56:2d:1b:33:b3:c6:a2:ee:1c:dd:
                    f0:20:fd:1d:0e:30:db:19:60:9e:e2:87:0a:db:26:
                    f5:a9:1e:45:b0:69:6c:4f:18:1d:8f:7a:f4:e5:3c:
                    a1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:34:6E:3B:2C:1F:8B:F1:A9:BE:E9:E4:0C:73:BD:01:55:77:B3:CF
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7c0c4811-7db0-4cc0-8fa1-6dbda4055b97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:eb00::/40

    Signature Algorithm: sha256WithRSAEncryption
         06:3d:77:4e:93:92:b7:be:51:4c:e5:13:31:a2:a4:72:7a:2f:
         9c:3b:eb:51:0b:0b:2d:79:63:1b:76:74:c9:e2:c1:98:1d:b7:
         a7:fe:7b:ea:f7:3f:8c:bd:c2:66:0f:05:84:a5:82:93:b4:ea:
         6f:35:a7:eb:37:6d:d2:00:7f:54:85:e5:d7:7c:7d:5c:84:2b:
         c8:8f:78:0a:e1:3d:fa:35:ef:42:65:ec:82:29:f0:c3:b1:9d:
         d8:eb:2d:ec:4b:3d:27:9b:b6:74:5d:09:c8:9a:49:24:98:0a:
         e1:b3:37:fc:8a:70:2e:ca:07:93:6f:df:71:8f:4f:f8:68:b0:
         71:6c:fb:fc:14:9a:a2:89:92:52:de:87:25:95:25:c1:05:27:
         46:2b:7d:28:78:9b:51:ca:23:b3:d1:19:9d:cd:83:e8:c8:14:
         22:aa:c1:66:ba:98:0b:d0:32:5a:15:0b:eb:db:f8:63:68:87:
         f9:18:bc:d7:58:c5:48:32:5d:a7:25:14:af:62:22:91:7d:06:
         22:c6:41:50:f0:fd:bd:83:1c:9b:80:99:84:12:55:2e:6d:c4:
         60:4b:af:dc:3f:ae:82:0f:ee:05:9d:de:60:52:9d:61:47:cf:
         2f:ec:d0:aa:99:cb:19:0d:75:ac:db:ff:df:37:a8:c9:c5:28:
         81:0a:4a:97
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUE8+0CH0do+zFdsYWQOrrbwIwkVMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgxMTE5WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWMxNGUzMWEzZmM0MTBjOTQyZDgxMTcyMTY2NGU4NDcw
NzVmM2U1YzYxZjYyNmIyMTc1ODk1NTcxZDgwYTlhMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJH3lb1zkyk6DWjHdFifh7YHSw1vShgP7JGd/GjfGyXwmI
PmC8hOL+eB4kZGGHVh+NTwPkhKqB7q3d1H4NaZJFbGFV9o5lGh28Hprrm9m+Ktqc
+CkVsLzkfLfqV4uvxKSzvdMn4ngMo3xPwGll8/VcoirAvSV39pyFHaNaxtk+3dGY
c0muUyP4r0MrhPyoEzsicfcwgl0KgXBh+1KY0AeplEj47OA3ymfLH5Jz7yUXyUHk
lXuX0L/2FwOlFmryO98ul52qPY2rSh6Aq2gm5vGHkdxi8vOTVi0bM7PGou4c3fAg
/R0OMNsZYJ7ihwrbJvWpHkWwaWxPGB2PevTlPKFRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUJTRuOywfi/GpvunkDHO9AVV3s88wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzdjMGM0ODExLTdkYjAtNGNjMC04ZmExLTZkYmRhNDA1NWI5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76zANBgkqhkiG9w0BAQsFAAOCAQEABj13TpOSt75RTOUTMaKkcnov
nDvrUQsLLXljG3Z0yeLBmB23p/576vc/jL3CZg8FhKWCk7TqbzWn6zdt0gB/VIXl
13x9XIQryI94CuE9+jXvQmXsginww7Gd2Ost7Es9J5u2dF0JyJpJJJgK4bM3/Ipw
LsoHk2/fcY9P+GiwcWz7/BSaoomSUt6HJZUlwQUnRit9KHibUcojs9EZnc2D6MgU
IqrBZrqYC9AyWhUL69v4Y2iH+Ri811jFSDJdpyUUr2IikX0GIsZBUPD9vYMcm4CZ
hBJVLm3EYEuv3D+ugg/uBZ3eYFKdYUfPL+zQqpnLGQ11rNv/3zeoycUogQpKlw==
-----END CERTIFICATE-----