Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa
File:                     6e9ea69d-4b33-4a85-894c-5620e610e709.roa (raw, json)
Hash identifier:          zGiZ2XGL5YBa4I7dIOsYCRYxWw4sYV2xh6mzKkUzTtM=
Subject key identifier:   AA:98:5A:7D:80:62:8D:D3:E8:FA:56:EC:FA:D4:95:38:BD:C8:DE:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       48C8ECC42F5A255DD696A868E070DEBE675AEAA1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa
Signing time:             Tue 29 Apr 2025 00:11:04 +0000
ROA not before:           Tue 29 Apr 2025 00:11:04 +0000
ROA not after:            Tue 03 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:85e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 13 May 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:c8:ec:c4:2f:5a:25:5d:d6:96:a8:68:e0:70:de:be:67:5a:ea:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 29 00:11:04 2025 GMT
            Not After : Jun  3 23:59:59 2025 GMT
        Subject: serialNumber=81ff4836efd37445d5803b63308989270288d0d083e02164e53e2e5207719ee8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:0a:77:cf:04:9c:ef:b4:2c:99:27:47:7c:66:
                    d1:c8:e1:65:9b:31:a9:b2:a9:93:2b:a4:3a:9a:7e:
                    21:28:58:6a:7c:7d:61:00:a8:ea:51:ec:a5:f3:8d:
                    7a:c0:41:63:1b:b1:a1:fb:c9:df:4c:cc:68:f4:b1:
                    ff:c1:80:3f:75:6c:4b:7a:a6:50:8e:b6:d7:c1:60:
                    2a:42:9c:40:cc:8d:68:ac:b3:9a:27:e7:c9:39:a9:
                    e5:a7:55:fc:86:12:68:4f:0e:3e:c1:47:6f:eb:cb:
                    17:c1:e4:ab:1b:a9:ac:8d:b0:4f:4d:70:8e:f7:06:
                    56:43:dd:67:8d:d6:4d:61:1b:77:eb:66:90:ef:61:
                    d8:3c:b9:71:c2:9c:5e:e0:30:b6:10:d0:67:94:f2:
                    70:f3:2d:2a:46:56:e8:81:ff:40:62:de:7a:a0:0c:
                    6a:cd:eb:91:db:e4:ce:a4:8b:3a:2f:da:75:87:4c:
                    d0:d9:2e:0e:ff:56:19:64:26:a8:22:45:6a:52:b5:
                    3e:97:80:3f:11:62:f6:68:fb:12:35:06:91:77:6a:
                    0c:ab:8c:c0:c1:2e:81:a8:e8:6f:57:de:60:16:70:
                    a4:f1:cd:41:c2:ed:5e:82:b4:c2:d8:2a:56:f7:b6:
                    84:e0:04:6e:2c:1c:64:bb:99:9d:51:9a:a5:fb:72:
                    7d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:98:5A:7D:80:62:8D:D3:E8:FA:56:EC:FA:D4:95:38:BD:C8:DE:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:85e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:2f:e2:f3:96:08:d8:5e:ff:2e:55:11:c8:c0:1a:1e:a9:71:
         46:71:8a:04:ff:af:2e:65:f6:0b:8e:f7:c0:40:67:61:b8:a7:
         d2:8b:95:1c:b9:c4:0e:02:00:01:9b:95:ce:57:75:17:cb:74:
         d4:3a:de:31:ae:44:31:c4:b3:cb:1a:3f:89:55:7a:71:b9:7f:
         af:d3:2b:34:a0:f4:f8:a9:62:ac:07:d1:f4:a1:cb:19:20:6a:
         ec:7a:c3:97:ac:84:ca:95:6e:dd:a6:eb:e3:f7:3b:7b:e2:24:
         65:cf:ba:c1:b2:9f:76:c7:ca:91:f7:d2:ee:4a:28:44:47:f5:
         73:f6:98:4d:03:98:3f:f5:f2:9e:84:1f:ec:fb:72:7c:c5:22:
         72:05:84:69:cb:1f:97:7d:d9:8c:ff:0b:f0:05:23:6f:7c:83:
         7b:ec:c8:88:9f:d4:58:63:c7:a1:e1:14:79:85:ef:10:56:21:
         c4:72:c9:34:bc:57:43:27:c6:ef:04:54:2a:04:e0:8c:88:71:
         65:ee:92:3f:51:26:0e:55:26:cf:6f:2b:df:8d:97:72:91:d9:
         85:0f:b5:5c:9a:47:58:87:4b:cd:45:52:e9:19:fd:77:72:f1:
         91:49:55:ec:9e:a1:2e:b7:4e:d5:ef:14:d6:c7:54:7b:5d:f9:
         04:33:5e:4e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUSMjsxC9aJV3Wlqho4HDevmda6qEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI5MDAxMTA0WhcNMjUwNjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWZmNDgzNmVmZDM3NDQ1ZDU4MDNiNjMzMDg5ODkyNzAy
ODhkMGQwODNlMDIxNjRlNTNlMmU1MjA3NzE5ZWU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlCnfPBJzvtCyZJ0d8ZtHI4WWbMamyqZMrpDqafiEoWGp8
fWEAqOpR7KXzjXrAQWMbsaH7yd9MzGj0sf/BgD91bEt6plCOttfBYCpCnEDMjWis
s5on58k5qeWnVfyGEmhPDj7BR2/ryxfB5KsbqayNsE9NcI73BlZD3WeN1k1hG3fr
ZpDvYdg8uXHCnF7gMLYQ0GeU8nDzLSpGVuiB/0Bi3nqgDGrN65Hb5M6kizov2nWH
TNDZLg7/VhlkJqgiRWpStT6XgD8RYvZo+xI1BpF3agyrjMDBLoGo6G9X3mAWcKTx
zUHC7V6CtMLYKlb3toTgBG4sHGS7mZ1RmqX7cn3fAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqphafYBijdPo+lbs+tSVOL3I3tcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlOWVhNjlkLTRiMzMtNGE4NS04OTRjLTU2MjBlNjEwZTcwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9hegwDQYJKoZIhvcNAQELBQADggEBAC4v4vOWCNhe/y5VEcjAGh6p
cUZxigT/ry5l9guO98BAZ2G4p9KLlRy5xA4CAAGblc5XdRfLdNQ63jGuRDHEs8sa
P4lVenG5f6/TKzSg9PipYqwH0fShyxkgaux6w5eshMqVbt2m6+P3O3viJGXPusGy
n3bHypH30u5KKERH9XP2mE0DmD/18p6EH+z7cnzFInIFhGnLH5d92Yz/C/AFI298
g3vsyIif1Fhjx6HhFHmF7xBWIcRyyTS8V0Mnxu8EVCoE4IyIcWXukj9RJg5VJs9v
K9+Nl3KR2YUPtVyaR1iHS81FUukZ/Xdy8ZFJVeyeoS63TtXvFNbHVHtd+QQzXk4=
-----END CERTIFICATE-----