Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/88d05d2c-791d-492a-9697-f4c4a592c57a.roa
File:                     88d05d2c-791d-492a-9697-f4c4a592c57a.roa (raw, json)
Hash identifier:          tieDU57MtKnr4WK5V9QPBTnYL8UcojmWzWM8/T/IR/w=
Subject key identifier:   D8:36:23:CB:DC:C9:2D:4E:98:5A:CA:79:3C:36:5B:67:57:70:26:AF
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       286FB531177018BEA435C7D72A64FA8AE2E2D8B5
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/88d05d2c-791d-492a-9697-f4c4a592c57a.roa
Signing time:             Tue 20 May 2025 15:30:53 +0000
ROA not before:           Tue 20 May 2025 15:30:53 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:5201::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 08 Jun 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:6f:b5:31:17:70:18:be:a4:35:c7:d7:2a:64:fa:8a:e2:e2:d8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: May 20 15:30:53 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=19aead39f124adf6b0d91f0d982d1d0e416ec6ae9be2073b04c7643dc1711425, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:18:1e:be:0a:42:17:69:f2:7f:41:f5:c1:12:
                    c6:fd:9e:55:a5:33:f7:58:45:cb:ba:d2:a3:11:30:
                    fd:d5:2c:c4:41:10:2d:9e:13:30:3c:69:03:2e:77:
                    4c:13:24:ca:fa:b1:b7:ba:8f:2b:c6:cc:b6:ed:8b:
                    db:04:7c:cb:89:80:36:ce:81:56:88:fa:d8:07:c5:
                    b6:28:6f:d0:9b:f6:be:9a:b5:20:84:8a:e1:a0:2b:
                    d1:83:ba:7c:58:a1:fd:80:8d:90:16:47:23:fd:f4:
                    af:42:b5:57:c3:54:c8:7f:05:6f:a0:9c:bf:8b:b0:
                    ce:1f:c8:0a:70:d7:90:68:93:96:47:34:0d:b8:92:
                    f4:5d:39:88:65:b7:33:53:d9:58:3f:1c:e7:c1:9c:
                    d3:9b:fe:36:ae:0c:b3:d2:db:7d:91:41:c4:df:01:
                    5b:37:fe:a9:fd:a0:d8:a0:68:ef:50:7a:17:ba:07:
                    01:91:9c:59:11:12:1c:39:52:f9:35:80:7f:b0:46:
                    b4:09:b2:84:ed:b7:88:eb:68:b4:b4:d6:0e:79:58:
                    3b:ca:e0:5e:d5:0f:dc:0a:43:ed:0f:28:ba:60:16:
                    4c:c0:4b:e8:c2:08:de:b7:a4:a5:1a:58:cf:18:16:
                    e0:68:e3:54:f7:f2:18:3b:7e:c7:e5:2c:97:4a:31:
                    18:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:36:23:CB:DC:C9:2D:4E:98:5A:CA:79:3C:36:5B:67:57:70:26:AF
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/88d05d2c-791d-492a-9697-f4c4a592c57a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:5201::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:ef:f4:d9:a3:85:e7:4e:34:50:66:48:c8:d0:28:ab:94:ff:
         10:dc:c5:72:4a:9d:0f:87:e6:0c:3b:fc:97:73:59:d0:34:cb:
         e5:68:87:2b:e0:b8:cf:31:97:06:c9:76:66:09:58:41:60:a3:
         f4:9d:ba:b6:f5:c1:ca:14:f8:49:3a:ff:7c:a9:88:1d:2b:fc:
         0a:68:1c:87:0c:88:5b:05:82:54:91:99:41:54:14:64:11:74:
         f2:be:6c:02:87:fc:63:17:d7:0b:62:89:43:ea:c2:14:47:28:
         aa:fd:92:e4:dc:71:62:a6:41:f9:81:a7:57:fe:cf:5a:54:ce:
         5f:d1:24:06:d4:21:48:64:da:36:ce:98:64:19:01:e4:0d:16:
         8b:d4:18:c5:21:ea:42:b4:72:8e:75:c5:23:8b:98:de:fb:3e:
         e7:82:bc:74:21:ea:bc:2b:0b:85:23:6f:79:58:f3:3b:1a:b0:
         16:54:96:ef:2f:f3:6b:15:a9:6a:33:a2:d3:7f:7c:6c:28:51:
         e8:75:b2:55:e7:26:a0:f5:61:88:e8:4f:80:62:21:ec:c9:95:
         5a:97:73:54:8c:17:9c:00:2a:b3:97:d2:8c:0a:76:12:70:95:
         74:99:bc:04:af:a7:71:de:22:bb:66:d8:8f:eb:f2:f8:0a:97:
         77:b2:bd:93
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKG+1MRdwGL6kNcfXKmT6iuLi2LUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUwNTIwMTUzMDUzWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWFlYWQzOWYxMjRhZGY2YjBkOTFmMGQ5ODJkMWQwZTQx
NmVjNmFlOWJlMjA3M2IwNGM3NjQzZGMxNzExNDI1MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlGB6+CkIXafJ/QfXBEsb9nlWlM/dYRcu60qMRMP3VLMRB
EC2eEzA8aQMud0wTJMr6sbe6jyvGzLbti9sEfMuJgDbOgVaI+tgHxbYob9Cb9r6a
tSCEiuGgK9GDunxYof2AjZAWRyP99K9CtVfDVMh/BW+gnL+LsM4fyApw15Bok5ZH
NA24kvRdOYhltzNT2Vg/HOfBnNOb/jauDLPS232RQcTfAVs3/qn9oNigaO9Qehe6
BwGRnFkREhw5Uvk1gH+wRrQJsoTtt4jraLS01g55WDvK4F7VD9wKQ+0PKLpgFkzA
S+jCCN63pKUaWM8YFuBo41T38hg7fsflLJdKMRhtAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU2DYjy9zJLU6YWsp5PDZbZ1dwJq8wHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1Lzg4ZDA1ZDJjLTc5MWQtNDkyYS05Njk3LWY0YzRhNTkyYzU3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAJAAUgEwDQYJKoZIhvcNAQELBQADggEBAEDv9NmjhedONFBmSMjQKKuU
/xDcxXJKnQ+H5gw7/JdzWdA0y+VohyvguM8xlwbJdmYJWEFgo/Sdurb1wcoU+Ek6
/3ypiB0r/ApoHIcMiFsFglSRmUFUFGQRdPK+bAKH/GMX1wtiiUPqwhRHKKr9kuTc
cWKmQfmBp1f+z1pUzl/RJAbUIUhk2jbOmGQZAeQNFovUGMUh6kK0co51xSOLmN77
PueCvHQh6rwrC4Ujb3lY8zsasBZUlu8v82sVqWozotN/fGwoUeh1slXnJqD1YYjo
T4BiIezJlVqXc1SMF5wAKrOX0owKdhJwlXSZvASvp3HeIrtm2I/r8vgKl3eyvZM=
-----END CERTIFICATE-----