Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e1f114b0-d940-4fa0-8376-bac93d2868fc.roa
File:                     e1f114b0-d940-4fa0-8376-bac93d2868fc.roa (raw, json)
Hash identifier:          6KoIWIDkUa7Cz0v7ui7lGabBViOKkwXBMYWDR6VxwMw=
Subject key identifier:   5E:40:74:D3:E5:DB:76:4A:D8:33:1D:EE:6C:B1:39:70:26:99:28:F4
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       669E8103DA3F42FD70E34B580248620211F11534
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e1f114b0-d940-4fa0-8376-bac93d2868fc.roa
Signing time:             Tue 10 Jun 2025 17:20:03 +0000
ROA not before:           Tue 10 Jun 2025 17:20:03 +0000
ROA not after:            Tue 15 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:4100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 12 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:9e:81:03:da:3f:42:fd:70:e3:4b:58:02:48:62:02:11:f1:15:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 10 17:20:03 2025 GMT
            Not After : Jul 15 23:59:59 2025 GMT
        Subject: serialNumber=8bafb6f8f60c23c2bfeb743ddc394e2647a442003cccc24afcaea0fb34144e32, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2c:f4:da:f5:3c:3c:6d:51:48:e3:19:84:99:
                    15:09:2f:f3:2d:9d:6a:f4:46:1f:ec:80:a0:45:bb:
                    ab:28:d7:dd:d4:78:f0:5a:f7:4c:11:e1:22:65:4d:
                    f1:ae:12:0b:2c:e2:1d:fc:65:95:45:e7:b5:0d:f4:
                    cf:1c:bf:64:6c:52:83:8c:21:75:ed:20:c0:b1:22:
                    a6:75:c8:2d:1b:b9:16:4d:76:c7:29:48:28:85:6b:
                    a6:c9:b5:20:61:e5:78:5c:49:1d:31:67:61:59:6b:
                    b5:de:72:1e:12:9d:50:77:0b:23:69:e8:80:a1:47:
                    e8:11:44:c0:83:e7:0a:01:9c:1e:30:95:a3:80:19:
                    f7:6e:38:f5:2f:95:b8:fe:fa:24:8d:b5:f4:b7:19:
                    98:47:25:0a:82:9a:4c:7e:6a:13:84:3d:34:3a:c2:
                    64:ad:b8:a4:5b:79:b7:ff:e2:4f:44:68:a4:db:8a:
                    48:d8:d6:71:9d:89:65:72:df:d7:0a:49:9e:d8:7f:
                    65:34:ef:68:e5:2c:41:b7:f5:ae:88:57:7e:90:5b:
                    81:e8:bc:ee:11:84:bc:56:d3:60:cf:2b:38:e8:51:
                    d7:ca:68:de:b3:09:4b:0a:ba:f0:23:12:a9:a4:58:
                    f2:12:7b:70:6f:c0:4f:d9:e3:ae:88:09:6b:6b:8f:
                    46:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:40:74:D3:E5:DB:76:4A:D8:33:1D:EE:6C:B1:39:70:26:99:28:F4
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e1f114b0-d940-4fa0-8376-bac93d2868fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:4100::/40

    Signature Algorithm: sha256WithRSAEncryption
         41:e9:97:26:50:d0:08:0e:ec:81:d2:e3:b9:6f:21:48:0e:08:
         61:3e:77:2f:e9:1d:c7:1f:21:9f:04:4a:b6:76:d7:8a:cf:cc:
         b2:90:5a:29:c6:55:98:a6:bd:d2:de:16:bd:df:1a:2a:71:e0:
         db:b1:b8:0d:f0:30:26:a9:e4:0f:e1:4b:28:3d:11:e7:23:f1:
         88:1b:b7:5f:55:54:6f:3e:32:fc:1a:c7:b4:00:e2:6d:9b:69:
         3f:82:f3:d7:bc:a6:ae:c5:85:89:a4:c6:34:aa:4f:bc:74:09:
         a7:62:04:d9:56:6d:ad:4a:14:64:87:8a:ee:5d:9c:f1:3b:92:
         1a:1a:6d:51:e3:94:28:d8:df:d5:77:54:4d:c8:02:1b:25:99:
         01:f5:15:72:71:4d:1c:6b:5e:3c:4c:d3:2a:08:5c:38:1d:18:
         a8:f3:d9:32:4c:8f:75:bb:5b:94:ae:ce:74:93:9b:a8:19:fa:
         2e:0f:af:d7:d8:5c:07:8e:82:a3:fe:10:e5:45:6e:a9:41:82:
         f5:d9:0e:28:aa:7c:fa:12:b9:53:0e:6a:e5:fe:2f:47:10:2b:
         d0:24:6d:20:4f:b9:54:2f:9d:5e:f8:8a:f3:75:cf:25:36:b5:
         f6:54:13:4b:9d:5c:df:d8:e3:23:95:82:f1:cc:6b:d4:3d:e4:
         97:3f:33:c8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZp6BA9o/Qv1w40tYAkhiAhHxFTQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjEwMTcyMDAzWhcNMjUwNzE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmFmYjZmOGY2MGMyM2MyYmZlYjc0M2RkYzM5NGUyNjQ3
YTQ0MjAwM2NjY2MyNGFmY2FlYTBmYjM0MTQ0ZTMyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9LPTa9Tw8bVFI4xmEmRUJL/MtnWr0Rh/sgKBFu6so193U
ePBa90wR4SJlTfGuEgss4h38ZZVF57UN9M8cv2RsUoOMIXXtIMCxIqZ1yC0buRZN
dscpSCiFa6bJtSBh5XhcSR0xZ2FZa7Xech4SnVB3CyNp6IChR+gRRMCD5woBnB4w
laOAGfduOPUvlbj++iSNtfS3GZhHJQqCmkx+ahOEPTQ6wmStuKRbebf/4k9EaKTb
ikjY1nGdiWVy39cKSZ7Yf2U072jlLEG39a6IV36QW4HovO4RhLxW02DPKzjoUdfK
aN6zCUsKuvAjEqmkWPISe3BvwE/Z466ICWtrj0bNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUXkB00+XbdkrYMx3ubLE5cCaZKPQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2UxZjExNGIwLWQ5NDAtNGZhMC04Mzc2LWJhYzkzZDI4NjhmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwQTANBgkqhkiG9w0BAQsFAAOCAQEAQemXJlDQCA7sgdLjuW8hSA4I
YT53L+kdxx8hnwRKtnbXis/MspBaKcZVmKa90t4Wvd8aKnHg27G4DfAwJqnkD+FL
KD0R5yPxiBu3X1VUbz4y/BrHtADibZtpP4Lz17ymrsWFiaTGNKpPvHQJp2IE2VZt
rUoUZIeK7l2c8TuSGhptUeOUKNjf1XdUTcgCGyWZAfUVcnFNHGtePEzTKghcOB0Y
qPPZMkyPdbtblK7OdJObqBn6Lg+v19hcB46Co/4Q5UVuqUGC9dkOKKp8+hK5Uw5q
5f4vRxAr0CRtIE+5VC+dXviK83XPJTa19lQTS51c39jjI5WC8cxr1D3klz8zyA==
-----END CERTIFICATE-----