Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2bd076f-38fe-414c-adae-9c6f359542b7.roa
File:                     b2bd076f-38fe-414c-adae-9c6f359542b7.roa (raw, json)
Hash identifier:          GnDTAhxRfTHAqNg47CEbrYPyWxec0nbwrF6YXB9V5GA=
Subject key identifier:   19:95:35:43:6F:6E:9C:D8:ED:B2:D1:6F:24:0B:E7:78:77:48:7B:2D
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       2777C8A1B4BF236447D99B3445DA196BD7384F12
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2bd076f-38fe-414c-adae-9c6f359542b7.roa
Signing time:             Tue 20 May 2025 18:11:35 +0000
ROA not before:           Tue 20 May 2025 18:11:35 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 07 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:77:c8:a1:b4:bf:23:64:47:d9:9b:34:45:da:19:6b:d7:38:4f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:11:35 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=65dc68c2849a54f5344c99dfe60b3f6539aa994290fcd58a104ce9f7cb6a819b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c9:c7:2f:ab:ea:5c:50:df:99:8e:92:5f:30:
                    18:db:f7:df:0d:1d:12:76:47:b5:e6:8c:76:6c:af:
                    7e:f0:a8:2f:f8:6e:6b:1d:bd:1d:61:f6:b8:5d:52:
                    af:e8:9c:5a:44:6b:1e:66:36:ed:12:7a:48:d9:d1:
                    5b:fe:e3:f3:23:90:42:14:5e:b1:b2:0e:09:ca:a2:
                    cf:66:96:8b:6a:87:a3:db:dd:54:a0:5b:a2:34:6e:
                    ac:eb:d0:2b:b4:4c:d5:f7:ac:94:8f:9e:46:7f:9e:
                    06:27:e2:4b:a6:71:de:9e:bc:95:33:cd:39:7a:bb:
                    45:fe:d3:37:71:8f:de:43:f6:4f:7a:a0:88:87:87:
                    c2:5e:5c:84:27:e0:98:f0:53:61:3f:b0:ee:54:72:
                    5b:b3:e8:a6:5d:d1:7b:8d:b6:2d:f7:47:0e:b4:e3:
                    2a:ca:ad:b2:fb:73:79:16:da:eb:b1:37:c9:c9:f5:
                    7f:13:03:2c:a8:8a:74:d3:ab:cd:94:f5:4d:ce:f4:
                    d9:e4:3b:ea:27:79:5d:77:39:ac:71:01:af:ee:17:
                    85:19:be:8d:f1:ca:30:af:61:31:ab:5d:e3:d8:b0:
                    b8:6d:02:ae:5b:7c:18:d2:36:32:2c:4c:04:da:66:
                    03:c5:3d:27:fd:60:72:bd:3d:56:43:3f:ab:00:5b:
                    4a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:95:35:43:6F:6E:9C:D8:ED:B2:D1:6F:24:0B:E7:78:77:48:7B:2D
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2bd076f-38fe-414c-adae-9c6f359542b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e300::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:2e:91:cd:e0:91:50:eb:1a:be:29:e0:5e:6c:d6:ab:f0:c6:
         89:c6:f0:f5:b4:0b:6e:54:1a:26:b0:06:8c:3a:2d:03:f0:5a:
         f7:aa:8e:f1:a1:dd:94:45:17:29:01:52:e9:87:15:2a:e2:e3:
         bf:dd:2e:4c:67:f0:9d:e1:26:65:5e:82:9f:5c:02:55:bc:48:
         f5:00:7a:ea:eb:8d:35:63:2f:dd:a2:48:77:2a:05:d5:ae:73:
         57:88:79:77:2e:61:b6:d8:df:37:24:00:79:0e:d9:13:3b:76:
         88:90:de:43:ec:69:6e:1d:a4:0b:26:bc:b0:f8:7a:48:cf:89:
         01:3a:09:09:94:55:54:d3:15:df:62:54:59:98:62:04:1b:44:
         0e:65:57:f7:b8:90:d1:91:70:44:da:1a:11:31:f6:90:2f:46:
         0c:1d:10:ea:5f:2e:a4:9d:ff:39:a9:d3:f4:d4:a1:45:a9:93:
         cb:cd:7c:4e:2b:5f:3a:ab:aa:e4:7c:d6:4e:8d:f1:a7:43:35:
         39:65:c2:fa:ee:f5:64:58:9f:aa:5c:a4:6a:29:13:8c:99:9b:
         a1:0b:44:d0:49:77:05:99:da:0f:7d:16:77:ce:c1:a6:fd:27:
         a9:de:46:45:b4:99:c2:59:53:e2:dd:ed:07:e0:cc:ed:b5:31:
         05:3c:89:8b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJ3fIobS/I2RH2Zs0RdoZa9c4TxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgxMTM1WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NWRjNjhjMjg0OWE1NGY1MzQ0Yzk5ZGZlNjBiM2Y2NTM5
YWE5OTQyOTBmY2Q1OGExMDRjZTlmN2NiNmE4MTliMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZyccvq+pcUN+ZjpJfMBjb998NHRJ2R7XmjHZsr37wqC/4
bmsdvR1h9rhdUq/onFpEax5mNu0SekjZ0Vv+4/MjkEIUXrGyDgnKos9mlotqh6Pb
3VSgW6I0bqzr0Cu0TNX3rJSPnkZ/ngYn4kumcd6evJUzzTl6u0X+0zdxj95D9k96
oIiHh8JeXIQn4JjwU2E/sO5Ucluz6KZd0XuNti33Rw604yrKrbL7c3kW2uuxN8nJ
9X8TAyyoinTTq82U9U3O9NnkO+oneV13OaxxAa/uF4UZvo3xyjCvYTGrXePYsLht
Aq5bfBjSNjIsTATaZgPFPSf9YHK9PVZDP6sAW0rpAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUGZU1Q29unNjtstFvJAvneHdIey0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2IyYmQwNzZmLTM4ZmUtNDE0Yy1hZGFlLTljNmYzNTk1NDJiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD74zANBgkqhkiG9w0BAQsFAAOCAQEABS6RzeCRUOsavingXmzWq/DG
icbw9bQLblQaJrAGjDotA/Ba96qO8aHdlEUXKQFS6YcVKuLjv90uTGfwneEmZV6C
n1wCVbxI9QB66uuNNWMv3aJIdyoF1a5zV4h5dy5httjfNyQAeQ7ZEzt2iJDeQ+xp
bh2kCya8sPh6SM+JAToJCZRVVNMV32JUWZhiBBtEDmVX97iQ0ZFwRNoaETH2kC9G
DB0Q6l8upJ3/OanT9NShRamTy818TitfOquq5HzWTo3xp0M1OWXC+u71ZFifqlyk
aikTjJmboQtE0El3BZnaD30Wd87Bpv0nqd5GRbSZwllT4t3tB+DM7bUxBTyJiw==
-----END CERTIFICATE-----