Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ec42dc47-0cc9-474a-9470-19700f756d36.roa
File:                     ec42dc47-0cc9-474a-9470-19700f756d36.roa (raw, json)
Hash identifier:          shjpFZvK8Rp3udfMFfGzA/il4hqvrHKjt5w8wEE/bJI=
Subject key identifier:   BF:10:4A:B8:B4:6E:C1:92:08:4F:21:63:97:3A:AF:7C:2C:0E:81:86
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       5F2DA9BC5F2E156D9AC71CBEFAA8F4FFA75BA820
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ec42dc47-0cc9-474a-9470-19700f756d36.roa
Signing time:             Mon 16 Jun 2025 19:10:10 +0000
ROA not before:           Mon 16 Jun 2025 19:10:10 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:551c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 08 Jul 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:2d:a9:bc:5f:2e:15:6d:9a:c7:1c:be:fa:a8:f4:ff:a7:5b:a8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 16 19:10:10 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=03a565c4d76e227dd935767673deae3239c20dcc9fd4b7eb88d726fa39bf90d8, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b3:ba:f5:22:bf:cd:92:95:09:b2:bb:da:a1:
                    eb:e2:2d:03:86:2b:c4:67:73:88:b9:e3:bd:5e:cb:
                    ed:de:74:0b:34:49:d7:72:70:39:a8:a1:c6:15:f2:
                    b2:e5:c6:65:2f:96:63:a7:91:f1:39:6c:39:6c:9b:
                    5f:2e:15:07:82:de:81:09:53:73:bf:86:26:9a:df:
                    77:ca:d2:7d:2d:21:46:79:0d:4a:fd:c2:2c:56:fb:
                    27:8b:04:bf:17:a1:2d:52:54:7b:c6:62:20:5e:60:
                    d5:2f:b6:e4:42:fe:e3:35:7c:c3:9c:03:37:9b:ae:
                    8c:a1:c7:70:b1:09:50:43:28:8c:b6:55:3d:92:2c:
                    72:4b:c2:dc:82:7e:b9:12:67:4c:39:19:d2:0c:99:
                    40:b9:03:e1:08:b5:d9:dd:dc:d5:77:95:8f:a6:9a:
                    0f:02:f9:e4:93:06:cf:ba:54:41:f1:7e:b7:04:b0:
                    49:9c:9b:cc:95:68:a3:ac:9d:14:04:b2:24:11:81:
                    19:31:72:d0:38:6b:30:15:25:88:b8:06:c9:88:46:
                    89:b9:d0:1b:e6:da:53:82:f2:a8:10:34:2e:9d:d2:
                    c5:48:bf:25:b4:18:c5:ac:d1:8d:af:0b:a4:a5:a8:
                    d3:42:bc:38:18:dd:8a:ac:d6:73:8e:bf:58:85:a3:
                    41:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:10:4A:B8:B4:6E:C1:92:08:4F:21:63:97:3A:AF:7C:2C:0E:81:86
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ec42dc47-0cc9-474a-9470-19700f756d36.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:551c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:f4:87:19:79:b3:f2:3f:13:cc:19:7f:e4:59:54:81:fc:f6:
         21:91:85:c8:8d:7e:3d:d2:1f:c4:f1:e6:fc:b1:f4:01:92:4f:
         27:e0:0b:54:12:c9:0d:5c:3e:72:bc:c5:f7:9e:8c:68:f3:5f:
         4a:9f:19:54:ee:c4:af:e6:55:b5:9c:5d:b0:14:f8:e7:77:f5:
         b0:ef:ac:4d:b2:6c:e7:be:b2:5b:ed:92:ed:89:1f:99:4e:37:
         0b:e0:71:4d:ea:f9:fb:77:5c:c8:55:1d:a5:b7:56:5e:09:54:
         48:b5:11:31:3c:d6:8f:d3:84:29:99:8e:85:4e:85:2d:cf:f9:
         be:47:29:33:d0:8a:f5:87:2d:68:e8:42:31:68:2a:53:93:a7:
         aa:46:b0:9d:11:c9:79:7d:d5:bd:db:28:79:00:fe:5b:ea:9b:
         46:d0:6c:45:7a:d7:04:7a:0c:87:81:a3:ac:97:ea:ab:69:09:
         9f:9b:71:ba:a0:66:15:d5:60:68:99:10:ea:96:69:e6:99:dd:
         0c:70:a2:ff:3c:12:be:22:55:2a:f4:80:45:0a:9c:98:f2:9d:
         4b:b8:bf:72:c2:48:76:00:76:38:6a:56:1c:17:69:5a:f2:2e:
         95:0a:4a:e6:3d:c6:0b:f4:02:ec:c9:ff:53:02:9c:55:ea:f4:
         c0:90:5e:d7
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUXy2pvF8uFW2axxy++qj0/6dbqCAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjE2MTkxMDEwWhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2E1NjVjNGQ3NmUyMjdkZDkzNTc2NzY3M2RlYWUzMjM5
YzIwZGNjOWZkNGI3ZWI4OGQ3MjZmYTM5YmY5MGQ4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCds7r1Ir/NkpUJsrvaoeviLQOGK8Rnc4i5471ey+3edAs0
SddycDmoocYV8rLlxmUvlmOnkfE5bDlsm18uFQeC3oEJU3O/hiaa33fK0n0tIUZ5
DUr9wixW+yeLBL8XoS1SVHvGYiBeYNUvtuRC/uM1fMOcAzebroyhx3CxCVBDKIy2
VT2SLHJLwtyCfrkSZ0w5GdIMmUC5A+EItdnd3NV3lY+mmg8C+eSTBs+6VEHxfrcE
sEmcm8yVaKOsnRQEsiQRgRkxctA4azAVJYi4BsmIRom50Bvm2lOC8qgQNC6d0sVI
vyW0GMWs0Y2vC6SlqNNCvDgY3Yqs1nOOv1iFo0HhAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUvxBKuLRuwZIITyFjlzqvfCwOgYYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2VjNDJkYzQ3LTBjYzktNDc0YS05NDcwLTE5NzAwZjc1NmQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRwwDQYJKoZIhvcNAQELBQADggEBAJv0hxl5s/I/E8wZf+RZVIH8
9iGRhciNfj3SH8Tx5vyx9AGSTyfgC1QSyQ1cPnK8xfeejGjzX0qfGVTuxK/mVbWc
XbAU+Od39bDvrE2ybOe+slvtku2JH5lONwvgcU3q+ft3XMhVHaW3Vl4JVEi1ETE8
1o/ThCmZjoVOhS3P+b5HKTPQivWHLWjoQjFoKlOTp6pGsJ0RyXl91b3bKHkA/lvq
m0bQbEV61wR6DIeBo6yX6qtpCZ+bcbqgZhXVYGiZEOqWaeaZ3Qxwov88Er4iVSr0
gEUKnJjynUu4v3LCSHYAdjhqVhwXaVryLpUKSuY9xgv0AuzJ/1MCnFXq9MCQXtc=
-----END CERTIFICATE-----