Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/616e4134-09a6-4be2-bb0a-458670061cbd.roa
File:                     616e4134-09a6-4be2-bb0a-458670061cbd.roa (raw, json)
Hash identifier:          NH826h+Z6bCm+TxOckppoCnDf2FEumOweMha0PF0p94=
Subject key identifier:   6D:85:EF:1E:AB:71:F1:1B:2F:C3:A7:23:1E:6F:F3:94:CE:EB:8C:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C630CF1E5F4A4878A9FAA30F88D35B56C52C88F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/616e4134-09a6-4be2-bb0a-458670061cbd.roa
Signing time:             Wed 18 Jun 2025 00:10:27 +0000
ROA not before:           Wed 18 Jun 2025 00:10:27 +0000
ROA not after:            Wed 23 Jul 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f25::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:63:0c:f1:e5:f4:a4:87:8a:9f:aa:30:f8:8d:35:b5:6c:52:c8:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 18 00:10:27 2025 GMT
            Not After : Jul 23 23:59:59 2025 GMT
        Subject: serialNumber=dc7f6f9b6e8649b1f00b349a1358e66ecde90c6f8c9e6ffb509301c4c8f6bf8b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e3:e9:5b:5a:75:2d:f4:c0:98:61:37:8e:2a:
                    42:55:7a:de:ab:54:a1:6e:48:88:37:67:57:93:23:
                    72:bd:e5:13:51:6d:ad:fd:88:b7:20:44:07:9f:a7:
                    3f:09:a5:31:c6:3f:3d:58:c5:a5:a5:c0:78:b6:05:
                    16:c1:44:96:b1:76:e4:07:ae:79:65:ee:a4:da:6a:
                    5f:e7:02:b6:dc:89:d7:7c:75:b7:07:e0:ff:c3:8b:
                    b0:50:e8:0e:19:74:28:60:e0:be:ce:a0:01:52:54:
                    25:13:a9:f9:6a:69:d0:64:32:fb:77:41:79:2a:4d:
                    83:ea:9d:8f:15:b7:77:5a:ef:c3:a4:2b:60:52:e4:
                    77:1e:c2:bc:1b:d9:6e:7b:44:26:c3:1b:e3:a2:7f:
                    52:92:f3:2f:71:32:ef:95:71:55:8a:dc:75:5e:e4:
                    91:df:85:82:4d:26:48:aa:d2:84:30:64:da:50:b0:
                    13:f1:69:bd:99:76:8d:b1:a5:80:ec:ca:bf:cf:2f:
                    10:b3:c6:05:f3:36:f2:1b:94:11:c0:8c:6e:45:74:
                    d0:e6:e3:64:dc:3d:02:b6:14:05:71:13:9f:12:76:
                    cb:05:4d:df:c5:c4:d6:0f:d9:da:d4:aa:af:44:97:
                    c9:1b:1e:6d:ad:dd:04:0d:20:99:59:37:47:63:2e:
                    b8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:85:EF:1E:AB:71:F1:1B:2F:C3:A7:23:1E:6F:F3:94:CE:EB:8C:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/616e4134-09a6-4be2-bb0a-458670061cbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f25::/36

    Signature Algorithm: sha256WithRSAEncryption
         b3:29:33:52:f0:d1:97:c1:1c:22:29:69:76:fc:28:71:5d:3d:
         fc:6d:53:04:5e:be:10:e4:41:9a:d0:df:83:dc:39:c7:91:a5:
         4f:02:fa:59:0d:ea:b8:c0:b6:24:54:60:3b:a3:fb:b7:ee:38:
         0d:eb:bf:08:a7:7f:d3:e9:d3:aa:d6:98:a9:53:49:fb:da:c1:
         29:f1:33:5e:37:8f:32:33:69:70:dd:5b:ad:ce:80:6d:14:8c:
         5d:ed:74:43:ff:76:7d:77:17:e8:48:81:ee:5f:c6:94:6e:82:
         23:38:c9:2a:9e:6c:32:77:87:6e:3d:11:52:26:5e:db:bf:7e:
         90:51:64:cf:9c:b0:c3:f7:be:40:47:e7:0e:6d:d8:3b:99:c3:
         ef:43:34:f2:70:ac:4c:a7:ca:3c:2c:61:bd:97:7b:b1:9e:ca:
         99:c4:5d:d2:49:6c:9c:2c:e2:0b:fb:e3:55:32:65:a3:08:fe:
         b8:89:e6:9d:d4:86:33:a0:56:15:a4:87:27:95:37:5b:ae:79:
         fa:cc:b6:ba:a5:30:65:92:42:73:13:3f:b1:b7:e9:43:b1:4d:
         81:b3:dd:10:e2:28:6d:27:85:ba:82:64:7d:76:13:f1:38:b8:
         7b:78:49:ff:8a:9f:bf:95:17:1d:59:05:f6:a3:3d:27:3d:a3:
         7a:bb:7c:c2
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUfGMM8eX0pIeKn6ow+I01tWxSyI8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE4MDAxMDI3WhcNMjUwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzdmNmY5YjZlODY0OWIxZjAwYjM0OWExMzU4ZTY2ZWNk
ZTkwYzZmOGM5ZTZmZmI1MDkzMDFjNGM4ZjZiZjhiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC34+lbWnUt9MCYYTeOKkJVet6rVKFuSIg3Z1eTI3K95RNR
ba39iLcgRAefpz8JpTHGPz1YxaWlwHi2BRbBRJaxduQHrnll7qTaal/nArbcidd8
dbcH4P/Di7BQ6A4ZdChg4L7OoAFSVCUTqflqadBkMvt3QXkqTYPqnY8Vt3da78Ok
K2BS5Hcewrwb2W57RCbDG+Oif1KS8y9xMu+VcVWK3HVe5JHfhYJNJkiq0oQwZNpQ
sBPxab2Zdo2xpYDsyr/PLxCzxgXzNvIblBHAjG5FdNDm42TcPQK2FAVxE58SdssF
Td/FxNYP2drUqq9El8kbHm2t3QQNIJlZN0djLrhZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUbYXvHqtx8Rsvw6cjHm/zlM7rjC4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxNmU0MTM0LTA5YTYtNGJlMi1iYjBhLTQ1ODY3MDA2MWNiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8lADANBgkqhkiG9w0BAQsFAAOCAQEAsykzUvDRl8EcIilpdvwocV09
/G1TBF6+EORBmtDfg9w5x5GlTwL6WQ3quMC2JFRgO6P7t+44Deu/CKd/0+nTqtaY
qVNJ+9rBKfEzXjePMjNpcN1brc6AbRSMXe10Q/92fXcX6EiB7l/GlG6CIzjJKp5s
MneHbj0RUiZe279+kFFkz5yww/e+QEfnDm3YO5nD70M08nCsTKfKPCxhvZd7sZ7K
mcRd0klsnCziC/vjVTJlowj+uInmndSGM6BWFaSHJ5U3W655+sy2uqUwZZJCcxM/
sbfpQ7FNgbPdEOIobSeFuoJkfXYT8Ti4e3hJ/4qfv5UXHVkF9qM9Jz2jert8wg==
-----END CERTIFICATE-----