Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2bd076f-38fe-414c-adae-9c6f359542b7.roa
File:                     b2bd076f-38fe-414c-adae-9c6f359542b7.roa (raw, json)
Hash identifier:          OLAIQ9ff8QKXg5Cf9lOjrKoDiMQL2TkKaSwSc9DY+Cc=
Subject key identifier:   FA:AD:5F:C8:8C:0D:20:EC:A3:B2:21:E0:DE:98:1E:21:8F:42:AE:04
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3985BFE0DC82E2D7F0D82DCFE08EB45F8E29E4ED
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2bd076f-38fe-414c-adae-9c6f359542b7.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Feb 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:85:bf:e0:dc:82:e2:d7:f0:d8:2d:cf:e0:8e:b4:5f:8e:29:e4:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:91:ae:79:da:d6:c0:92:8e:d6:1a:b5:79:9a:
                    28:1d:01:0e:b2:5e:fe:2d:1d:8d:d4:b8:e4:89:4f:
                    26:49:53:02:ac:7e:ce:63:ed:41:ef:85:19:a6:5c:
                    72:de:c9:cf:36:12:47:ef:b6:ac:0d:54:0b:34:4f:
                    81:7a:4d:85:08:36:1b:39:4f:b6:d5:9f:fb:71:c1:
                    43:72:5a:6a:cc:8a:5e:8f:a1:4f:01:50:5d:ed:59:
                    36:18:2d:0d:97:eb:69:11:39:51:08:6d:02:de:77:
                    80:1c:40:50:b4:73:6f:f4:88:61:0d:55:c6:26:d5:
                    63:35:27:b8:be:7a:5a:b3:57:42:93:b7:d9:a7:eb:
                    c7:dc:24:8f:47:62:13:37:2f:13:34:a5:3d:a1:92:
                    bb:d5:b7:48:97:04:0c:a7:05:bf:fa:39:f4:0c:f3:
                    81:c4:b9:e3:0d:ca:5b:a3:9c:d2:93:e0:f7:e6:7b:
                    27:9a:a8:00:a2:44:34:c5:3d:ef:1e:d6:61:65:17:
                    03:09:a3:4e:80:64:46:81:07:2b:55:68:36:b7:3f:
                    d3:22:88:01:44:83:94:19:22:b3:b0:cc:1a:30:eb:
                    30:66:89:b7:c2:73:48:86:bb:33:63:cc:0f:1e:2c:
                    3c:c6:ed:b6:df:ef:e1:9f:e0:87:21:2a:81:0b:93:
                    bd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AD:5F:C8:8C:0D:20:EC:A3:B2:21:E0:DE:98:1E:21:8F:42:AE:04
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2bd076f-38fe-414c-adae-9c6f359542b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e300::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:c1:03:c3:57:6b:f6:0a:0c:00:da:bb:8c:10:0a:ff:d8:36:
         46:b4:5c:2d:2f:4d:d8:d3:2d:86:89:87:36:40:c2:a5:0f:cd:
         82:61:7c:01:18:a3:ca:a4:50:eb:ff:a0:1b:76:f4:48:0b:a4:
         a3:4a:af:22:d8:6f:cd:f1:bb:ca:30:a8:db:d0:94:2f:67:07:
         d2:cd:99:44:3b:50:e2:94:8d:25:49:0b:c3:37:2a:0c:40:d7:
         44:88:8e:80:2d:17:09:a4:bf:40:58:2f:36:aa:e6:c9:be:7b:
         d0:a3:e7:d8:61:48:d1:0d:eb:59:ef:0c:e8:66:b3:27:17:41:
         2b:57:a1:21:75:c4:1b:c3:73:c7:2e:26:a3:b0:95:10:e8:9e:
         af:88:53:7d:c8:d1:23:37:bc:13:b9:ae:08:af:eb:3a:27:cb:
         44:81:1c:ed:2c:6b:44:c3:6b:57:30:3c:4c:4c:84:b9:99:d5:
         b1:c2:e4:5f:b4:c7:23:c4:07:33:5a:25:8a:f9:aa:d5:e3:b8:
         13:9d:10:d7:d3:1a:5c:fe:ae:15:2e:2b:c1:16:53:42:44:34:
         68:dd:d0:c2:20:df:88:b3:be:9b:c3:21:63:26:dd:3b:33:1f:
         94:8f:f2:2a:e0:88:83:e8:79:eb:13:b3:cb:36:0a:95:e4:eb:
         59:23:cd:5f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUOYW/4NyC4tfw2C3P4I60X44p5O0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTNmNjcxMWU4ZTBiMDAzODc2NzM0ODhjYzA2MjhiNGUy
MTZmNTQwNDgwY2RhODgyOGM2ZDBiMDk0NDQwMDQ1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuka552tbAko7WGrV5migdAQ6yXv4tHY3UuOSJTyZJUwKs
fs5j7UHvhRmmXHLeyc82EkfvtqwNVAs0T4F6TYUINhs5T7bVn/txwUNyWmrMil6P
oU8BUF3tWTYYLQ2X62kROVEIbQLed4AcQFC0c2/0iGENVcYm1WM1J7i+elqzV0KT
t9mn68fcJI9HYhM3LxM0pT2hkrvVt0iXBAynBb/6OfQM84HEueMNylujnNKT4Pfm
eyeaqACiRDTFPe8e1mFlFwMJo06AZEaBBytVaDa3P9MiiAFEg5QZIrOwzBow6zBm
ibfCc0iGuzNjzA8eLDzG7bbf7+Gf4IchKoELk73rAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+q1fyIwNIOyjsiHg3pgeIY9CrgQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2IyYmQwNzZmLTM4ZmUtNDE0Yy1hZGFlLTljNmYzNTk1NDJiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD74zANBgkqhkiG9w0BAQsFAAOCAQEAY8EDw1dr9goMANq7jBAK/9g2
RrRcLS9N2NMthomHNkDCpQ/NgmF8ARijyqRQ6/+gG3b0SAuko0qvIthvzfG7yjCo
29CUL2cH0s2ZRDtQ4pSNJUkLwzcqDEDXRIiOgC0XCaS/QFgvNqrmyb570KPn2GFI
0Q3rWe8M6GazJxdBK1ehIXXEG8Nzxy4mo7CVEOier4hTfcjRIze8E7muCK/rOifL
RIEc7SxrRMNrVzA8TEyEuZnVscLkX7THI8QHM1olivmq1eO4E50Q19MaXP6uFS4r
wRZTQkQ0aN3QwiDfiLO+m8MhYybdOzMflI/yKuCIg+h56xOzyzYKleTrWSPNXw==
-----END CERTIFICATE-----