Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
File:                     d040f02c-c962-433b-9282-37c1d283eaeb.roa (raw, json)
Hash identifier:          IaSuCaLo7Z7LCoRlfnONHpKNFydQ5zDC+Tl8R8G1zAw=
Subject key identifier:   DE:E0:8E:77:40:FA:D2:9E:AC:5B:07:1F:10:D6:6D:72:5A:3E:CA:41
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1939B6356D976EA578613B76A62D5B519409D1A1
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
Signing time:             Tue 20 May 2025 18:11:19 +0000
ROA not before:           Tue 20 May 2025 18:11:19 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:eb00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 07 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:39:b6:35:6d:97:6e:a5:78:61:3b:76:a6:2d:5b:51:94:09:d1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:11:19 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=971b3ecbb2c71af14825867c3699f1bc8498d415d2b9b95daf8fa00c54ccf1a1, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:93:18:f9:15:54:81:20:2b:cc:49:ee:27:e4:
                    fc:02:0e:7f:5c:d8:2f:af:1b:3d:ab:64:d6:1b:84:
                    5b:8d:7b:b3:51:1b:d9:f2:03:63:b8:0b:3f:c9:1e:
                    ce:76:b4:7b:83:a5:b5:ca:1a:71:be:3c:e3:e8:dc:
                    7e:22:39:22:d6:4d:8c:50:78:9a:ec:b9:e5:43:c3:
                    50:b6:ef:42:72:50:7e:d3:46:7c:cb:ed:69:5e:35:
                    60:86:2d:75:df:f6:78:8a:34:92:76:a5:96:f0:66:
                    f8:68:df:6a:49:4f:44:35:fb:7d:6f:07:82:66:4c:
                    f6:24:95:e4:45:0b:ee:d9:6e:4c:50:d8:5d:43:3b:
                    a4:61:43:02:3d:86:a1:c7:df:ab:42:42:e5:80:8b:
                    bf:2b:54:e6:49:1a:8e:01:88:cb:eb:81:b6:c7:64:
                    f7:87:5d:c7:44:1e:fa:cd:9b:09:0a:7f:3b:81:d4:
                    91:30:2b:b1:c8:ff:40:07:90:42:4c:00:ac:af:55:
                    b1:1b:65:f6:c2:84:2d:63:7d:fd:1e:9e:12:0a:ab:
                    cd:14:ef:b5:7b:05:0a:2c:3d:59:47:14:e4:8d:68:
                    54:f5:79:ab:25:f9:69:da:53:37:29:4d:16:20:48:
                    db:39:76:78:42:d7:a4:f6:7b:ee:b5:22:75:ae:a4:
                    bc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E0:8E:77:40:FA:D2:9E:AC:5B:07:1F:10:D6:6D:72:5A:3E:CA:41
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:eb00::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:a4:95:5d:07:03:bd:a7:8f:67:7a:4b:92:5b:b3:59:91:33:
         93:10:b9:30:e6:dc:fd:97:5c:23:05:37:60:0c:8a:10:43:09:
         c7:fc:ea:83:76:4a:a7:a3:6b:64:cd:fa:ce:90:be:81:c3:75:
         a0:a6:35:4f:c6:3c:4e:80:38:4a:32:06:b8:a9:84:64:6a:7f:
         24:94:07:dc:79:87:62:73:e7:c9:f3:ee:95:65:37:93:6f:2f:
         97:15:24:f5:2d:d1:e2:a3:40:be:35:17:9a:91:17:c2:5c:24:
         e8:ab:d9:17:1f:7d:f0:7f:12:d0:6e:7c:f6:d5:53:a2:47:39:
         32:00:ec:36:b7:89:33:bb:29:a7:1e:46:07:e4:95:a4:73:77:
         b4:60:24:c7:ec:c9:59:0c:bb:56:66:70:f2:9c:0d:07:14:e6:
         ad:97:21:6a:b6:98:ad:8c:b3:a4:ac:ac:20:e6:75:d5:b4:8e:
         3d:6a:97:69:fb:f2:04:97:37:66:a7:7e:93:98:3f:07:98:95:
         80:86:a3:6f:3a:be:8f:cd:7a:38:9f:7f:97:e5:5c:f1:0f:2f:
         4a:a1:04:f6:b1:f5:1e:c3:51:11:3b:32:fd:c0:e2:18:1c:00:
         04:45:4b:0d:7d:f2:e3:fe:72:41:d3:d4:d5:9e:e5:2c:08:4a:
         ea:e2:3a:6e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGTm2NW2XbqV4YTt2pi1bUZQJ0aEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgxMTE5WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzFiM2VjYmIyYzcxYWYxNDgyNTg2N2MzNjk5ZjFiYzg0
OThkNDE1ZDJiOWI5NWRhZjhmYTAwYzU0Y2NmMWExMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2kxj5FVSBICvMSe4n5PwCDn9c2C+vGz2rZNYbhFuNe7NR
G9nyA2O4Cz/JHs52tHuDpbXKGnG+POPo3H4iOSLWTYxQeJrsueVDw1C270JyUH7T
RnzL7WleNWCGLXXf9niKNJJ2pZbwZvho32pJT0Q1+31vB4JmTPYkleRFC+7ZbkxQ
2F1DO6RhQwI9hqHH36tCQuWAi78rVOZJGo4BiMvrgbbHZPeHXcdEHvrNmwkKfzuB
1JEwK7HI/0AHkEJMAKyvVbEbZfbChC1jff0enhIKq80U77V7BQosPVlHFOSNaFT1
easl+WnaUzcpTRYgSNs5dnhC16T2e+61InWupLypAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU3uCOd0D60p6sWwcfENZtclo+ykEwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2QwNDBmMDJjLWM5NjItNDMzYi05MjgyLTM3YzFkMjgzZWFlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76zANBgkqhkiG9w0BAQsFAAOCAQEAk6SVXQcDvaePZ3pLkluzWZEz
kxC5MObc/ZdcIwU3YAyKEEMJx/zqg3ZKp6NrZM36zpC+gcN1oKY1T8Y8ToA4SjIG
uKmEZGp/JJQH3HmHYnPnyfPulWU3k28vlxUk9S3R4qNAvjUXmpEXwlwk6KvZFx99
8H8S0G589tVTokc5MgDsNreJM7sppx5GB+SVpHN3tGAkx+zJWQy7VmZw8pwNBxTm
rZcharaYrYyzpKysIOZ11bSOPWqXafvyBJc3Zqd+k5g/B5iVgIajbzq+j816OJ9/
l+Vc8Q8vSqEE9rH1HsNRETsy/cDiGBwABEVLDX3y4/5yQdPU1Z7lLAhK6uI6bg==
-----END CERTIFICATE-----