Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f91b8ca-e789-405a-8ad4-962f4aa4471b.roa
File:                     2f91b8ca-e789-405a-8ad4-962f4aa4471b.roa (raw, json)
Hash identifier:          zQ/M36PilHW8DYC0YATNGr6vZPTK3o2cdkI96YHWYXM=
Subject key identifier:   AA:EA:ED:CC:52:A1:60:19:88:FD:50:18:1F:1D:7A:7A:DE:81:62:B4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AC1986597E076E290C17C894B671B2D140F4CDD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f91b8ca-e789-405a-8ad4-962f4aa4471b.roa
Signing time:             Tue 19 Aug 2025 00:10:27 +0000
ROA not before:           Tue 19 Aug 2025 00:10:27 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:4000::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c1:98:65:97:e0:76:e2:90:c1:7c:89:4b:67:1b:2d:14:0f:4c:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 19 00:10:27 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=32fde9844b418ce29d6d4f16cba3481518289d3c8f3b1bece2bae24ff61ec6a0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:81:70:24:7d:df:11:1d:27:f7:dd:85:f9:0c:
                    a4:b1:44:24:a0:e0:a9:99:4e:46:58:38:b7:f9:5a:
                    5c:c5:f3:52:7e:37:64:2f:5e:2a:fb:33:07:bd:fa:
                    9e:2c:f5:9b:97:b0:d5:89:0c:41:35:ba:ef:fc:86:
                    57:b6:71:9f:52:1c:45:f3:7c:bb:b6:fc:f1:41:43:
                    b7:94:db:b1:28:aa:31:bc:17:08:e7:dc:75:67:5f:
                    21:a7:fa:56:8c:07:1d:92:a3:ed:d7:f9:64:5e:aa:
                    f4:04:c7:c7:30:dd:51:e6:9c:27:bb:1d:f2:ec:8b:
                    15:6b:c5:b9:72:ec:7b:ca:a0:3e:7f:d0:f2:11:bf:
                    e8:4f:a6:b8:75:bc:b9:93:ec:9c:ec:95:10:05:5b:
                    75:4a:aa:c1:ed:09:21:f5:ff:83:a7:82:62:76:9d:
                    e2:20:57:9a:01:49:2a:af:32:fa:05:9f:1f:42:e7:
                    e6:8f:6d:bd:24:33:b3:fd:45:cf:76:63:e7:97:89:
                    9f:fb:45:17:02:62:9b:39:34:d3:e2:09:a5:1a:a0:
                    1c:97:ca:61:77:a9:63:f1:a4:8a:6d:e0:57:29:59:
                    dc:41:79:50:88:0d:8d:73:af:47:f0:05:bd:ff:8c:
                    0b:ee:c8:95:b6:02:f8:f3:5a:4e:9d:69:9d:0b:25:
                    0c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:EA:ED:CC:52:A1:60:19:88:FD:50:18:1F:1D:7A:7A:DE:81:62:B4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f91b8ca-e789-405a-8ad4-962f4aa4471b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         07:96:5d:ec:a6:c7:4a:3c:45:88:f6:b2:2c:e2:bd:f1:d6:e2:
         48:e8:04:39:58:26:ef:56:0d:59:ac:8d:c4:12:8e:14:10:3e:
         4d:21:48:9d:0e:71:6b:02:d2:50:3f:45:f9:aa:b9:e4:5c:15:
         b3:62:04:8e:53:c2:66:a1:63:e6:dc:a3:d6:d6:1c:76:34:98:
         7e:0a:55:0a:fa:b3:a5:0b:c9:b8:40:21:40:1c:7c:61:6b:a3:
         5c:67:64:8a:14:ed:d3:0b:26:d6:88:c6:3a:9f:e2:02:4f:d6:
         d9:25:e7:57:e6:b3:38:77:c1:4b:e1:19:a7:2e:57:a4:38:c5:
         d7:07:7a:1a:2a:b8:da:fd:5c:80:5c:ec:f8:4f:a8:c0:41:4c:
         54:37:36:a3:e7:f7:ff:37:7d:de:f4:55:89:44:4a:d0:03:45:
         fa:91:2e:f1:3f:d1:4f:2b:3e:ca:40:7f:0d:9c:59:a6:5b:1a:
         a5:46:1a:9d:79:2e:2e:fa:63:00:e6:6f:51:20:88:e8:59:aa:
         d0:d3:0c:e3:11:99:0d:4a:89:0b:a1:11:21:ab:59:48:5c:88:
         41:b9:fe:de:e9:1a:6f:de:51:65:62:5e:68:7e:03:3b:ea:a7:
         58:c7:bc:16:8d:61:f2:2f:cb:9f:af:9f:26:25:ec:f8:74:5b:
         e3:b2:51:bc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKsGYZZfgduKQwXyJS2cbLRQPTN0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE5MDAxMDI3WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMmZkZTk4NDRiNDE4Y2UyOWQ2ZDRmMTZjYmEzNDgxNTE4
Mjg5ZDNjOGYzYjFiZWNlMmJhZTI0ZmY2MWVjNmEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjgXAkfd8RHSf33YX5DKSxRCSg4KmZTkZYOLf5WlzF81J+
N2QvXir7Mwe9+p4s9ZuXsNWJDEE1uu/8hle2cZ9SHEXzfLu2/PFBQ7eU27EoqjG8
Fwjn3HVnXyGn+laMBx2So+3X+WReqvQEx8cw3VHmnCe7HfLsixVrxbly7HvKoD5/
0PIRv+hPprh1vLmT7JzslRAFW3VKqsHtCSH1/4OngmJ2neIgV5oBSSqvMvoFnx9C
5+aPbb0kM7P9Rc92Y+eXiZ/7RRcCYps5NNPiCaUaoByXymF3qWPxpIpt4FcpWdxB
eVCIDY1zr0fwBb3/jAvuyJW2AvjzWk6daZ0LJQw3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqurtzFKhYBmI/VAYHx16et6BYrQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmOTFiOGNhLWU3ODktNDA1YS04YWQ0LTk2MmY0YWE0NDcxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9gQDANBgkqhkiG9w0BAQsFAAOCAQEAB5Zd7KbHSjxFiPayLOK98dbi
SOgEOVgm71YNWayNxBKOFBA+TSFInQ5xawLSUD9F+aq55FwVs2IEjlPCZqFj5tyj
1tYcdjSYfgpVCvqzpQvJuEAhQBx8YWujXGdkihTt0wsm1ojGOp/iAk/W2SXnV+az
OHfBS+EZpy5XpDjF1wd6Giq42v1cgFzs+E+owEFMVDc2o+f3/zd93vRViURK0ANF
+pEu8T/RTys+ykB/DZxZplsapUYanXkuLvpjAOZvUSCI6Fmq0NMM4xGZDUqJC6ER
IatZSFyIQbn+3ukab95RZWJeaH4DO+qnWMe8Fo1h8i/Ln6+fJiXs+HRb47JRvA==
-----END CERTIFICATE-----