Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ab860450-a818-47f3-a42f-5570594471c3.roa
File:                     ab860450-a818-47f3-a42f-5570594471c3.roa (raw, json)
Hash identifier:          N+MBa5EfX6puDncAi6lnxK9JRxc9S8YU2PAIYAGm4js=
Subject key identifier:   08:AC:A5:7A:FD:1D:B5:FF:F1:5F:07:51:5E:D9:B3:25:C3:C9:F8:A8
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1634E580E41B87957B55F4D447737B49567FAEC4
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ab860450-a818-47f3-a42f-5570594471c3.roa
Signing time:             Tue 20 May 2025 18:10:59 +0000
ROA not before:           Tue 20 May 2025 18:10:59 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e900::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:34:e5:80:e4:1b:87:95:7b:55:f4:d4:47:73:7b:49:56:7f:ae:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:10:59 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=17d8f16315cbe19d0f1666e45f4b8beadc379a2675accd2047e7281e87ed9171, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:aa:aa:b1:4d:0c:d6:21:a3:2b:06:8e:06:bf:
                    49:8e:64:46:6b:53:88:94:3c:d1:71:e0:2a:fd:64:
                    39:61:31:c2:ec:77:33:8c:d6:dc:35:21:1a:86:f8:
                    e7:be:6f:30:8d:b2:8f:1b:99:0f:d3:85:73:de:78:
                    90:3e:cf:d4:65:40:f0:47:e4:08:bd:51:a4:5b:2c:
                    da:fc:bc:a7:b2:30:52:2e:df:ce:ae:75:d5:57:84:
                    c2:db:2b:ac:1a:ed:2e:61:8e:9e:0f:c4:89:e7:19:
                    1e:50:fe:f2:19:24:d3:f4:f9:26:5c:91:db:5e:a1:
                    ff:49:b5:67:b4:08:d7:8d:e1:7e:24:07:d8:bd:21:
                    bd:fa:4f:34:64:a0:6b:93:fc:98:30:4a:75:8f:89:
                    c9:02:ed:b0:5d:3e:37:4a:4c:ef:52:b1:b8:b1:cc:
                    f5:57:19:2d:80:9a:62:4f:f5:fc:21:c7:aa:3f:d5:
                    5a:dc:15:5b:f7:d8:8f:2b:13:96:03:47:04:79:05:
                    09:bf:c4:1b:fe:52:56:c5:ae:02:6f:5a:33:d8:9e:
                    9d:02:55:77:a3:94:6d:7a:30:b9:b8:82:d6:66:9e:
                    d6:6f:d5:c4:83:3e:31:18:b1:65:26:2f:30:19:9d:
                    f7:ef:13:4f:75:51:57:de:8e:77:9b:b7:9e:86:06:
                    30:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:AC:A5:7A:FD:1D:B5:FF:F1:5F:07:51:5E:D9:B3:25:C3:C9:F8:A8
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ab860450-a818-47f3-a42f-5570594471c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e900::/42

    Signature Algorithm: sha256WithRSAEncryption
         1d:9b:0b:97:33:20:ad:cf:4b:66:08:0b:a6:dd:6d:23:57:d7:
         50:dc:d8:9d:2b:ef:ab:8d:da:e0:2b:fe:96:c7:4b:51:2a:fc:
         a7:a8:4a:c6:8f:f6:60:7e:69:30:6c:87:d3:4b:2d:36:45:31:
         d0:67:7d:bb:73:48:32:61:91:f0:fc:49:0a:14:37:f2:de:63:
         70:0f:39:83:fe:88:02:e4:37:73:af:ea:db:b5:7b:ae:c7:f7:
         37:f9:af:5d:a4:4b:40:c8:8d:2a:01:a5:d1:c1:9c:9d:9a:f8:
         dc:c1:2c:be:03:4f:31:81:b1:be:99:bd:f9:89:83:9e:66:4e:
         44:38:4d:25:82:7b:b0:fd:cd:e2:f1:04:45:4c:b6:ed:3d:96:
         b2:2b:33:87:40:81:ed:91:9a:cd:a8:ea:55:03:0d:09:ac:5a:
         9b:df:cb:e3:1b:a1:94:6d:4f:0e:80:31:f4:65:57:de:89:3d:
         e3:d4:38:96:78:0a:49:59:ec:13:6e:07:5e:b7:92:c3:b8:74:
         80:9a:f6:92:d3:a3:53:a0:1b:bb:09:72:1f:2b:d0:d2:a0:7a:
         0c:0b:aa:33:82:99:74:9e:a7:26:5e:13:09:18:a5:0e:9c:a7:
         76:bc:f9:26:47:83:bb:ec:63:76:34:e9:63:0e:6c:30:d4:d3:
         97:1f:da:bd
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUFjTlgOQbh5V7VfTUR3N7SVZ/rsQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgxMDU5WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxN2Q4ZjE2MzE1Y2JlMTlkMGYxNjY2ZTQ1ZjRiOGJlYWRj
Mzc5YTI2NzVhY2NkMjA0N2U3MjgxZTg3ZWQ5MTcxMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWqqqxTQzWIaMrBo4Gv0mOZEZrU4iUPNFx4Cr9ZDlhMcLs
dzOM1tw1IRqG+Oe+bzCNso8bmQ/ThXPeeJA+z9RlQPBH5Ai9UaRbLNr8vKeyMFIu
386uddVXhMLbK6wa7S5hjp4PxInnGR5Q/vIZJNP0+SZckdteof9JtWe0CNeN4X4k
B9i9Ib36TzRkoGuT/JgwSnWPickC7bBdPjdKTO9SsbixzPVXGS2AmmJP9fwhx6o/
1VrcFVv32I8rE5YDRwR5BQm/xBv+UlbFrgJvWjPYnp0CVXejlG16MLm4gtZmntZv
1cSDPjEYsWUmLzAZnffvE091UVfejnebt56GBjARAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUCKylev0dtf/xXwdRXtmzJcPJ+KgwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2FiODYwNDUwLWE4MTgtNDdmMy1hNDJmLTU1NzA1OTQ0NzFjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD76QAwDQYJKoZIhvcNAQELBQADggEBAB2bC5czIK3PS2YIC6bdbSNX
11Dc2J0r76uN2uAr/pbHS1Eq/KeoSsaP9mB+aTBsh9NLLTZFMdBnfbtzSDJhkfD8
SQoUN/LeY3APOYP+iALkN3Ov6tu1e67H9zf5r12kS0DIjSoBpdHBnJ2a+NzBLL4D
TzGBsb6ZvfmJg55mTkQ4TSWCe7D9zeLxBEVMtu09lrIrM4dAge2Rms2o6lUDDQms
Wpvfy+MboZRtTw6AMfRlV96JPePUOJZ4CklZ7BNuB163ksO4dICa9pLTo1OgG7sJ
ch8r0NKgegwLqjOCmXSepyZeEwkYpQ6cp3a8+SZHg7vsY3Y06WMObDDU05cf2r0=
-----END CERTIFICATE-----