Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ceacf551-02ee-4f40-8abd-053509a65c13.roa
File:                     ceacf551-02ee-4f40-8abd-053509a65c13.roa (raw, json)
Hash identifier:          yd/SIFuP435JM1cW/tvcxIV4va0S6p0HtHOMlnm9Hn8=
Subject key identifier:   95:1D:4B:5D:BD:E2:39:F9:7A:DE:24:AE:8F:B1:B8:9B:62:4E:E4:C6
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       537C9221AC7BB005B0E69F8F33B8E931CDFBDE99
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ceacf551-02ee-4f40-8abd-053509a65c13.roa
Signing time:             Tue 20 May 2025 18:20:01 +0000
ROA not before:           Tue 20 May 2025 18:20:01 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:ea00::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 09 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:7c:92:21:ac:7b:b0:05:b0:e6:9f:8f:33:b8:e9:31:cd:fb:de:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:20:01 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=1c0b8e44097b9934ef1fd18e5703ff4c65c4309e04700a630a1f87c6e68393e8, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:48:18:aa:2e:79:01:33:28:0f:30:2e:dc:76:
                    b0:7f:f8:bf:59:39:99:1c:86:d6:76:44:6f:d9:5f:
                    0e:52:2b:d6:fe:e0:52:1a:73:78:ad:73:56:26:48:
                    be:72:86:0c:cf:95:8e:14:3b:22:a5:7c:74:91:49:
                    56:53:5a:62:79:f3:21:d0:b9:96:6c:cf:93:c7:1e:
                    e0:44:73:ab:39:23:23:29:65:df:5f:99:02:91:b6:
                    75:12:d8:b8:bb:42:f2:3c:97:77:26:9e:c4:c5:86:
                    98:79:55:97:85:4f:ac:38:2b:c7:e2:b6:69:fe:01:
                    5f:75:31:5a:81:91:13:40:fd:cb:d9:49:e0:6a:2e:
                    36:7c:1b:4f:6f:46:ef:ec:4f:d0:cd:0d:47:d7:8e:
                    84:1e:46:cd:64:2e:99:37:82:ba:aa:b5:2c:7d:59:
                    12:de:74:2b:dc:e2:a7:9a:22:8b:0b:bf:00:72:a2:
                    4a:cf:94:cc:c9:ab:e2:98:33:d0:94:e8:e7:02:7c:
                    1b:85:bb:81:c7:c8:82:8e:55:de:2e:06:b2:c6:00:
                    89:82:b6:d5:95:b8:57:6e:2e:07:6a:dc:ee:10:a2:
                    55:ed:39:77:68:e0:4b:fa:da:87:ec:5a:a0:95:3d:
                    7b:73:8b:b8:53:5b:f0:30:e1:86:ad:de:a2:61:b4:
                    c0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:1D:4B:5D:BD:E2:39:F9:7A:DE:24:AE:8F:B1:B8:9B:62:4E:E4:C6
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ceacf551-02ee-4f40-8abd-053509a65c13.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ea00::/42

    Signature Algorithm: sha256WithRSAEncryption
         53:b0:77:c3:b5:87:92:11:73:fe:f1:12:38:fe:92:b2:b6:c4:
         18:1f:34:0e:4b:5c:f3:27:ff:66:3b:88:e3:64:20:1a:b0:52:
         bc:32:d4:60:5c:3b:b7:1b:28:59:15:90:6f:82:89:49:e7:50:
         e0:11:9e:42:5b:48:f6:fe:db:2e:54:aa:72:a3:47:a9:7b:2a:
         b7:f1:61:d2:79:f8:7b:db:37:d7:6a:79:c0:d3:7b:ab:f3:c9:
         05:4e:69:a9:90:04:06:ef:e0:f4:5b:8f:88:0d:9a:30:c5:cf:
         ce:41:bd:60:9c:1d:4c:79:84:c3:d7:c0:40:e3:c7:df:56:07:
         96:b2:6e:ab:d3:1e:7b:c6:58:c2:ab:b2:db:42:e6:b1:76:3a:
         b5:a4:d3:20:bf:c8:56:c2:94:6d:de:ff:20:30:9d:50:30:28:
         34:1c:0f:4e:55:54:1c:c7:e2:eb:5c:bf:d1:5a:1a:c3:f5:ee:
         9c:eb:b8:be:4a:ba:c6:a1:4c:09:72:5e:12:83:fe:eb:e1:0d:
         86:1c:9b:8f:17:db:07:c5:f0:bc:56:b6:1d:19:1a:48:d3:3b:
         17:f1:77:ab:63:ec:97:80:2e:a8:6e:f9:f2:3f:4f:01:2a:a3:
         87:60:74:f3:da:e1:5f:50:3f:50:35:74:5b:dc:ee:17:2e:1f:
         94:91:82:39
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUU3ySIax7sAWw5p+PM7jpMc373pkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgyMDAxWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzBiOGU0NDA5N2I5OTM0ZWYxZmQxOGU1NzAzZmY0YzY1
YzQzMDllMDQ3MDBhNjMwYTFmODdjNmU2ODM5M2U4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRSBiqLnkBMygPMC7cdrB/+L9ZOZkchtZ2RG/ZXw5SK9b+
4FIac3itc1YmSL5yhgzPlY4UOyKlfHSRSVZTWmJ58yHQuZZsz5PHHuBEc6s5IyMp
Zd9fmQKRtnUS2Li7QvI8l3cmnsTFhph5VZeFT6w4K8fitmn+AV91MVqBkRNA/cvZ
SeBqLjZ8G09vRu/sT9DNDUfXjoQeRs1kLpk3grqqtSx9WRLedCvc4qeaIosLvwBy
okrPlMzJq+KYM9CU6OcCfBuFu4HHyIKOVd4uBrLGAImCttWVuFduLgdq3O4QolXt
OXdo4Ev62ofsWqCVPXtzi7hTW/Aw4Yat3qJhtMChAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUlR1LXb3iOfl63iSuj7G4m2JO5MYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2NlYWNmNTUxLTAyZWUtNGY0MC04YWJkLTA1MzUwOWE2NWMxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD76gAwDQYJKoZIhvcNAQELBQADggEBAFOwd8O1h5IRc/7xEjj+krK2
xBgfNA5LXPMn/2Y7iONkIBqwUrwy1GBcO7cbKFkVkG+CiUnnUOARnkJbSPb+2y5U
qnKjR6l7KrfxYdJ5+HvbN9dqecDTe6vzyQVOaamQBAbv4PRbj4gNmjDFz85BvWCc
HUx5hMPXwEDjx99WB5aybqvTHnvGWMKrsttC5rF2OrWk0yC/yFbClG3e/yAwnVAw
KDQcD05VVBzH4utcv9FaGsP17pzruL5KusahTAlyXhKD/uvhDYYcm48X2wfF8LxW
th0ZGkjTOxfxd6tj7JeALqhu+fI/TwEqo4dgdPPa4V9QP1A1dFvc7hcuH5SRgjk=
-----END CERTIFICATE-----