Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f504ccce-2eee-4202-842d-dad59cabe141.roa
File:                     f504ccce-2eee-4202-842d-dad59cabe141.roa (raw, json)
Hash identifier:          l5igpHk6TzwswXJNl64AqUKoOgu3ju81UYmWKUvqPGg=
Subject key identifier:   06:C4:41:23:A3:72:D4:79:3D:75:C2:FC:3B:E1:74:C0:7F:18:DD:9D
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       5B90B84FBA9F4AA188FC9D1919B65D8CA9AD6BFA
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f504ccce-2eee-4202-842d-dad59cabe141.roa
Signing time:             Tue 20 May 2025 18:10:11 +0000
ROA not before:           Tue 20 May 2025 18:10:11 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:8000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 08 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:90:b8:4f:ba:9f:4a:a1:88:fc:9d:19:19:b6:5d:8c:a9:ad:6b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:10:11 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=2270de35a5ac44c61786315b9e95d8554cf60d9949727d1a86a860a6d659949c, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:15:ea:e0:82:58:df:53:dc:4b:cd:ba:51:a1:
                    b0:ca:80:a2:25:54:6e:ba:6f:42:67:ab:32:cd:1f:
                    e8:b6:85:22:4c:47:b3:bb:f7:e8:ab:55:41:00:55:
                    94:eb:35:41:06:88:a6:ed:bd:03:2d:67:89:56:58:
                    bf:cc:9f:c7:05:d4:48:5f:14:3a:89:c5:5c:f0:f1:
                    47:d9:ee:d1:a6:a1:20:91:09:85:c4:e1:09:4b:4f:
                    39:85:3d:43:81:44:ff:fa:91:5b:64:e0:72:b3:cf:
                    6e:73:23:3f:dd:9d:54:71:a7:22:a8:f5:92:76:17:
                    9a:3e:3b:f9:29:90:66:7f:28:3c:bb:50:57:37:a4:
                    a6:08:d2:9a:f2:b6:37:b7:ad:4d:d9:d3:1d:11:be:
                    45:82:4e:18:37:ee:35:ce:6c:a7:fd:00:ce:bb:3d:
                    84:3f:b0:7e:5b:be:7f:b3:d7:7d:02:0b:e5:17:c6:
                    53:dc:92:a9:5a:5e:43:9d:f4:a7:da:df:09:ef:35:
                    e5:95:e0:dd:17:dd:f5:24:7b:68:31:f1:84:d2:d6:
                    4c:7a:9d:67:91:40:54:0c:0b:0e:e4:7b:5f:54:6b:
                    1b:b3:b3:1a:b8:91:66:0b:c8:62:71:33:d5:99:36:
                    9e:65:0b:e7:48:b6:55:bc:e9:88:f1:d1:ea:cb:14:
                    47:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C4:41:23:A3:72:D4:79:3D:75:C2:FC:3B:E1:74:C0:7F:18:DD:9D
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f504ccce-2eee-4202-842d-dad59cabe141.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0b:3c:11:3f:e1:e0:b1:cc:73:af:da:37:33:a4:2d:60:ea:53:
         92:cc:01:d9:2f:2f:f9:22:db:26:45:7e:8e:b3:67:62:cf:6c:
         2a:af:97:cf:a2:38:25:9e:c4:db:c8:b7:92:d4:47:bb:09:a1:
         9d:62:26:cd:b3:85:ea:6e:a4:6e:f2:e9:5d:d5:a1:ec:d6:26:
         f5:bf:40:e3:01:a6:7e:69:65:97:65:9d:27:ed:4c:70:52:31:
         1f:23:76:5e:d3:2b:19:39:ec:02:75:f4:33:d7:9c:ab:50:2e:
         80:bb:37:25:53:af:d9:44:25:72:bb:30:a7:a1:2b:57:99:19:
         19:0a:58:47:80:6e:0f:68:98:98:f6:f4:1f:b8:b2:bb:30:a1:
         73:fe:75:2f:ee:e7:b7:de:2f:50:d1:99:30:62:41:8c:8e:96:
         08:8b:a5:9e:fa:38:97:34:e5:55:71:2c:57:6a:c5:8a:01:f7:
         da:48:f1:aa:e8:b6:b3:c8:e7:80:f4:06:7a:41:6d:62:5a:8c:
         f7:b7:53:be:a4:dc:d5:3b:58:bb:41:99:af:52:d8:f5:91:d9:
         25:a6:5f:88:9f:16:bc:de:bf:be:0d:c3:46:ea:ee:10:99:db:
         f0:a4:bd:c7:5d:1c:3b:08:3d:5c:1e:2a:a0:d4:24:df:e7:c8:
         2c:d3:8f:27
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUW5C4T7qfSqGI/J0ZGbZdjKmta/owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgxMDExWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjcwZGUzNWE1YWM0NGM2MTc4NjMxNWI5ZTk1ZDg1NTRj
ZjYwZDk5NDk3MjdkMWE4NmE4NjBhNmQ2NTk5NDljMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtFerggljfU9xLzbpRobDKgKIlVG66b0JnqzLNH+i2hSJM
R7O79+irVUEAVZTrNUEGiKbtvQMtZ4lWWL/Mn8cF1EhfFDqJxVzw8UfZ7tGmoSCR
CYXE4QlLTzmFPUOBRP/6kVtk4HKzz25zIz/dnVRxpyKo9ZJ2F5o+O/kpkGZ/KDy7
UFc3pKYI0prytje3rU3Z0x0RvkWCThg37jXObKf9AM67PYQ/sH5bvn+z130CC+UX
xlPckqlaXkOd9Kfa3wnvNeWV4N0X3fUke2gx8YTS1kx6nWeRQFQMCw7ke19Uaxuz
sxq4kWYLyGJxM9WZNp5lC+dItlW86Yjx0erLFEf9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUBsRBI6Ny1Hk9dcL8O+F0wH8Y3Z0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2Y1MDRjY2NlLTJlZWUtNDIwMi04NDJkLWRhZDU5Y2FiZTE0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD7gDANBgkqhkiG9w0BAQsFAAOCAQEACzwRP+Hgscxzr9o3M6QtYOpT
kswB2S8v+SLbJkV+jrNnYs9sKq+Xz6I4JZ7E28i3ktRHuwmhnWImzbOF6m6kbvLp
XdWh7NYm9b9A4wGmfmlll2WdJ+1McFIxHyN2XtMrGTnsAnX0M9ecq1AugLs3JVOv
2UQlcrswp6ErV5kZGQpYR4BuD2iYmPb0H7iyuzChc/51L+7nt94vUNGZMGJBjI6W
CIulnvo4lzTlVXEsV2rFigH32kjxqui2s8jngPQGekFtYlqM97dTvqTc1TtYu0GZ
r1LY9ZHZJaZfiJ8WvN6/vg3DRuruEJnb8KS9x10cOwg9XB4qoNQk3+fILNOPJw==
-----END CERTIFICATE-----