Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cd541762-84a0-4063-89f9-de14817d2419.roa
File:                     cd541762-84a0-4063-89f9-de14817d2419.roa (raw, json)
Hash identifier:          DSMtlE/Ms76d6ito314+8z77joQG2zeARLM8oZNz068=
Subject key identifier:   41:B1:36:D6:70:49:06:99:91:CF:F6:38:0B:C1:BB:7F:C6:02:2C:D6
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       5C2640885E52DF4A25C29AABE6D279FBCBB22797
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cd541762-84a0-4063-89f9-de14817d2419.roa
Signing time:             Tue 20 May 2025 18:00:23 +0000
ROA not before:           Tue 20 May 2025 18:00:23 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:1000::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 05 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:26:40:88:5e:52:df:4a:25:c2:9a:ab:e6:d2:79:fb:cb:b2:27:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:00:23 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=50484f66b0e8252caa4b58455998d600d8929755ca8f19812b321f0b491d08b0, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3d:a5:c2:65:46:18:2e:91:3e:7d:da:76:39:
                    b2:1a:72:20:13:4a:94:b0:58:d2:8e:7d:43:f9:63:
                    ce:51:b3:a2:e6:29:e8:f8:dd:64:7b:24:3b:68:8b:
                    99:89:21:bf:b0:10:6f:93:f0:6a:44:f4:d4:47:25:
                    e4:d3:d9:74:63:d0:db:c7:c6:68:c9:6b:c4:00:0b:
                    de:68:8e:59:67:ee:2c:5d:ea:37:9a:c1:e6:46:7b:
                    00:ae:c8:95:33:bc:58:27:06:34:1a:2e:db:84:f3:
                    ac:3e:15:fe:2b:d1:87:6d:d5:90:43:c5:79:59:e6:
                    0c:0d:b9:bf:04:f5:0c:23:f9:94:77:be:b7:28:90:
                    15:26:ec:00:af:16:8f:af:47:bc:9e:4f:a0:28:b9:
                    fd:d7:3f:6e:f9:2b:eb:05:21:01:7b:dc:a1:10:34:
                    a4:5f:cd:f1:f6:5b:f5:f3:6e:f8:40:16:1d:2c:90:
                    99:a9:2a:bd:d4:c3:4f:f5:83:a3:90:34:ac:bb:75:
                    4a:e2:b3:55:76:48:dd:45:2a:30:d0:ce:69:73:36:
                    b7:74:d9:18:9b:97:fa:6d:db:6e:ca:79:d0:05:86:
                    4d:4a:88:2b:15:e9:a9:30:93:64:5c:c8:ba:ec:b4:
                    da:c8:ce:ff:06:66:32:17:52:15:fa:11:c7:d1:60:
                    e2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B1:36:D6:70:49:06:99:91:CF:F6:38:0B:C1:BB:7F:C6:02:2C:D6
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cd541762-84a0-4063-89f9-de14817d2419.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:1000::/44

    Signature Algorithm: sha256WithRSAEncryption
         63:fb:53:6d:30:2f:dd:14:09:61:a0:25:4a:6b:b7:e0:b8:df:
         75:e3:69:a1:1b:e4:c2:02:ff:b5:2d:e8:20:65:b7:6e:75:9d:
         d7:17:d2:18:b6:01:4a:45:4b:29:a0:b3:1c:7c:4c:28:b8:54:
         13:aa:79:04:81:f5:c1:e6:e1:c3:29:a0:ec:f4:0c:2c:5c:8a:
         a9:c2:02:af:ff:4b:4c:14:73:09:85:1c:63:fa:d5:5b:67:80:
         68:a0:7f:2b:b3:ad:96:33:bd:0e:0c:b3:5a:7b:de:bd:25:65:
         db:52:6d:94:9e:3c:78:79:86:6f:89:cc:15:33:43:b0:32:6a:
         83:87:f1:e0:ea:2b:23:34:6a:56:df:9c:f0:81:b9:65:e9:b9:
         15:46:33:4e:a4:a0:b2:96:3e:8b:97:97:2e:93:05:cc:5d:d4:
         de:ba:6b:43:0e:31:ac:d8:42:6d:9f:97:6f:5f:71:bf:bd:83:
         f2:69:41:74:5b:5e:bd:ce:ad:78:ad:be:7a:ba:35:a0:49:f3:
         ab:64:9b:80:09:ca:ee:5a:82:d1:a0:3d:ae:aa:c8:eb:e3:b2:
         33:e7:ad:79:48:bb:e2:52:c9:e0:ff:87:bb:d1:97:c2:e4:71:
         32:f9:10:37:c8:34:df:17:c0:24:7b:a2:e3:59:ad:28:d8:db:
         d5:db:91:c6
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUXCZAiF5S30olwpqr5tJ5+8uyJ5cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgwMDIzWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDQ4NGY2NmIwZTgyNTJjYWE0YjU4NDU1OTk4ZDYwMGQ4
OTI5NzU1Y2E4ZjE5ODEyYjMyMWYwYjQ5MWQwOGIwMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5PaXCZUYYLpE+fdp2ObIaciATSpSwWNKOfUP5Y85Rs6Lm
Kej43WR7JDtoi5mJIb+wEG+T8GpE9NRHJeTT2XRj0NvHxmjJa8QAC95ojlln7ixd
6jeaweZGewCuyJUzvFgnBjQaLtuE86w+Ff4r0Ydt1ZBDxXlZ5gwNub8E9Qwj+ZR3
vrcokBUm7ACvFo+vR7yeT6Aouf3XP275K+sFIQF73KEQNKRfzfH2W/XzbvhAFh0s
kJmpKr3Uw0/1g6OQNKy7dUris1V2SN1FKjDQzmlzNrd02Ribl/pt227KedAFhk1K
iCsV6akwk2RcyLrstNrIzv8GZjIXUhX6EcfRYOKfAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUQbE21nBJBpmRz/Y4C8G7f8YCLNYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2NkNTQxNzYyLTg0YTAtNDA2My04OWY5LWRlMTQ4MTdkMjQxOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDwEAAwDQYJKoZIhvcNAQELBQADggEBAGP7U20wL90UCWGgJUprt+C4
33XjaaEb5MIC/7Ut6CBlt251ndcX0hi2AUpFSymgsxx8TCi4VBOqeQSB9cHm4cMp
oOz0DCxciqnCAq//S0wUcwmFHGP61VtngGigfyuzrZYzvQ4Ms1p73r0lZdtSbZSe
PHh5hm+JzBUzQ7AyaoOH8eDqKyM0albfnPCBuWXpuRVGM06koLKWPouXly6TBcxd
1N66a0MOMazYQm2fl29fcb+9g/JpQXRbXr3OrXitvnq6NaBJ86tkm4AJyu5agtGg
Pa6qyOvjsjPnrXlIu+JSyeD/h7vRl8LkcTL5EDfINN8XwCR7ouNZrSjY29XbkcY=
-----END CERTIFICATE-----