Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a24442-56c6-46d4-9923-f4d5b17fd850.roa
File:                     f8a24442-56c6-46d4-9923-f4d5b17fd850.roa (raw, json)
Hash identifier:          kbU53UvhL+od5Zm3n72xmw6MT2uLwaYMllzR69qi+rw=
Subject key identifier:   65:28:87:AE:15:16:E7:7C:D9:75:5C:7F:E9:5C:6B:6D:BF:89:26:76
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6CC176C92212B4C27617E8B0D45796AEDC1A7F54
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a24442-56c6-46d4-9923-f4d5b17fd850.roa
Signing time:             Tue 20 May 2025 18:00:59 +0000
ROA not before:           Tue 20 May 2025 18:00:59 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:6010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 07 Jun 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:c1:76:c9:22:12:b4:c2:76:17:e8:b0:d4:57:96:ae:dc:1a:7f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 18:00:59 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=a102649d5117e85165b124db8a40b8a5dbb34583295227a3061c0b598cb284d9, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:77:32:ea:5d:9f:02:34:4f:ec:5b:ef:90:ec:
                    db:fd:70:78:70:e4:33:dd:d2:f9:97:2b:02:15:9c:
                    21:ed:78:20:c3:e3:71:67:9e:5a:22:35:2b:72:fd:
                    36:c3:88:44:ad:e0:d2:21:48:06:53:f2:16:fe:15:
                    63:ac:29:04:2c:02:40:28:52:6e:7f:e6:86:c6:6c:
                    d6:01:40:39:40:ec:64:66:e5:1b:61:8e:a2:56:23:
                    74:14:50:56:f6:e3:ec:fd:a1:7b:ab:e8:ce:52:b8:
                    e6:25:7e:4c:34:b8:3d:04:bf:c6:00:e0:36:e6:c5:
                    33:8d:70:19:b4:61:48:30:dc:52:47:83:67:79:6b:
                    89:ee:5e:a2:e8:c1:7d:cc:70:93:53:a2:29:0a:84:
                    a4:bd:6b:18:72:f2:ef:d0:9b:61:45:8e:61:78:9f:
                    72:5e:c3:80:1f:4d:ee:1a:32:ad:4b:c4:1e:82:30:
                    e7:a1:0a:62:b2:e1:de:0b:99:88:f0:44:64:01:50:
                    03:4d:40:57:75:9d:6e:ac:2a:2d:08:09:6a:43:24:
                    f5:5b:17:ba:49:5a:e2:5f:db:9f:65:f2:b2:b9:41:
                    9b:b5:7f:69:d0:b8:63:aa:30:07:68:bb:8a:a9:4c:
                    89:af:3d:af:67:d7:6c:a6:29:55:bc:29:01:d0:ac:
                    89:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:28:87:AE:15:16:E7:7C:D9:75:5C:7F:E9:5C:6B:6D:BF:89:26:76
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a24442-56c6-46d4-9923-f4d5b17fd850.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6010::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:ed:fa:ea:87:52:89:47:bb:31:c8:f5:5b:b3:9d:7f:c1:ea:
         83:c6:6f:51:a1:ad:9d:a4:ec:9c:e9:d1:36:19:f9:a3:cd:97:
         ba:aa:43:23:e9:ef:79:2c:74:a8:e6:3d:4e:02:f2:05:b7:2a:
         61:13:dd:ae:d6:11:d3:9a:5b:88:c0:45:13:22:5d:87:c7:09:
         dd:a2:fa:06:5a:8c:a4:f3:83:9f:38:a6:23:af:df:45:c9:49:
         ab:78:e1:70:dc:8a:0d:d9:fb:47:4b:6d:49:62:9a:f8:5f:36:
         bc:0d:4d:74:07:66:35:82:18:c3:14:42:8c:b5:6e:fb:1c:02:
         5a:b4:c1:35:1d:e6:af:d9:a0:6c:5b:fc:f4:a4:2f:f5:96:a7:
         59:23:5b:de:b9:49:e8:ed:90:0d:ba:c5:72:a4:d2:a6:0f:08:
         d3:70:60:9a:ab:cf:dd:a3:4e:c2:90:b2:8d:22:7e:f4:0a:6e:
         b0:98:a1:f9:a2:b4:54:f3:57:44:8e:82:7d:2c:79:f4:d7:ab:
         a6:7c:3a:ee:0c:5a:26:bb:4e:8a:a9:fa:23:3b:30:53:0a:4b:
         11:b2:28:fc:2e:66:83:e8:0b:0f:83:39:14:d7:c3:ec:62:a3:
         26:5f:78:21:7b:16:74:05:c9:c8:35:91:e0:56:f8:a0:be:ed:
         73:64:77:2d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUbMF2ySIStMJ2F+iw1FeWrtwaf1QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTIwMTgwMDU5WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTAyNjQ5ZDUxMTdlODUxNjViMTI0ZGI4YTQwYjhhNWRi
YjM0NTgzMjk1MjI3YTMwNjFjMGI1OThjYjI4NGQ5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDedzLqXZ8CNE/sW++Q7Nv9cHhw5DPd0vmXKwIVnCHteCDD
43FnnloiNSty/TbDiESt4NIhSAZT8hb+FWOsKQQsAkAoUm5/5obGbNYBQDlA7GRm
5RthjqJWI3QUUFb24+z9oXur6M5SuOYlfkw0uD0Ev8YA4DbmxTONcBm0YUgw3FJH
g2d5a4nuXqLowX3McJNToikKhKS9axhy8u/Qm2FFjmF4n3Jew4AfTe4aMq1LxB6C
MOehCmKy4d4LmYjwRGQBUANNQFd1nW6sKi0ICWpDJPVbF7pJWuJf259l8rK5QZu1
f2nQuGOqMAdou4qpTImvPa9n12ymKVW8KQHQrInNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZSiHrhUW53zZdVx/6Vxrbb+JJnYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2Y4YTI0NDQyLTU2YzYtNDZkNC05OTIzLWY0ZDViMTdmZDg1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDwYBAwDQYJKoZIhvcNAQELBQADggEBAGvt+uqHUolHuzHI9VuznX/B
6oPGb1GhrZ2k7Jzp0TYZ+aPNl7qqQyPp73ksdKjmPU4C8gW3KmET3a7WEdOaW4jA
RRMiXYfHCd2i+gZajKTzg584piOv30XJSat44XDcig3Z+0dLbUlimvhfNrwNTXQH
ZjWCGMMUQoy1bvscAlq0wTUd5q/ZoGxb/PSkL/WWp1kjW965SejtkA26xXKk0qYP
CNNwYJqrz92jTsKQso0ifvQKbrCYofmitFTzV0SOgn0sefTXq6Z8Ou4MWia7Toqp
+iM7MFMKSxGyKPwuZoPoCw+DORTXw+xioyZfeCF7FnQFycg1keBW+KC+7XNkdy0=
-----END CERTIFICATE-----