Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/713ada64-003f-4d7e-9ca8-19853d2f9d0e.roa
File:                     713ada64-003f-4d7e-9ca8-19853d2f9d0e.roa (raw, json)
Hash identifier:          rcuOpihwrvrIqA4y0Do8nc25/FBpETfr+Hykkal8nd4=
Subject key identifier:   E4:2A:71:73:6A:69:54:BA:6F:F0:A3:71:43:FC:27:75:B2:82:92:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       038B137ED7E6E7832235182733F8D466DBA75875
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/713ada64-003f-4d7e-9ca8-19853d2f9d0e.roa
Signing time:             Mon 16 Jun 2025 15:20:17 +0000
ROA not before:           Mon 16 Jun 2025 15:20:17 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f20:c000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:8b:13:7e:d7:e6:e7:83:22:35:18:27:33:f8:d4:66:db:a7:58:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 16 15:20:17 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=0ded06b1900e303e2e0a718463530a944b416256198dfc23d76aa87c3ddd864d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fe:2e:0a:17:bc:fb:77:cf:df:61:cf:6e:ff:
                    4d:96:31:d7:9c:15:ed:40:00:0a:98:f3:28:55:0b:
                    3e:75:1d:a4:d6:32:70:5f:84:e8:44:70:fc:b7:3d:
                    ae:9b:75:34:86:db:1f:34:c6:43:79:17:a9:df:4c:
                    36:03:31:49:9a:e2:8f:49:ea:bd:49:f7:27:1d:ef:
                    dc:95:d5:90:88:5f:66:c1:04:0d:a3:9c:7a:1b:15:
                    81:3b:19:fa:cc:56:58:a2:2f:f8:88:51:e2:67:c1:
                    cc:f6:2e:af:b0:5b:ac:cb:d7:43:49:a4:cd:b2:8f:
                    9a:62:2d:f8:95:13:07:a6:fe:f3:a6:82:88:81:24:
                    9f:2b:9c:a1:a0:09:68:9a:c2:e4:94:27:8c:8e:dd:
                    b5:f1:20:29:89:8c:54:ae:c9:3c:af:c7:6b:77:8b:
                    85:1d:38:17:f3:80:28:09:e2:a0:8e:1a:c2:ea:91:
                    39:4e:ec:82:75:99:e4:81:34:17:ad:26:57:03:53:
                    a2:88:3b:0a:23:87:08:ac:92:e6:0b:00:1f:c0:0c:
                    19:5f:fe:2c:3c:db:8c:15:14:32:a3:6d:68:24:e4:
                    32:02:15:08:cc:9b:b6:f0:1e:59:ef:41:19:30:2d:
                    44:97:7d:ea:d7:36:8f:48:5a:0f:74:bd:64:82:b9:
                    66:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2A:71:73:6A:69:54:BA:6F:F0:A3:71:43:FC:27:75:B2:82:92:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/713ada64-003f-4d7e-9ca8-19853d2f9d0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f20:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         8a:c0:ea:c6:f5:ad:85:a0:7b:60:e8:43:93:8e:86:f6:0f:8f:
         3f:70:a6:c3:eb:b4:33:22:65:2a:20:de:71:0b:e5:84:62:06:
         0d:b0:c2:91:6c:a8:04:71:b4:5b:d1:f7:d3:0e:7c:95:8b:66:
         3b:52:d3:b1:c7:70:cc:eb:ee:6e:e5:e1:eb:d3:aa:04:93:71:
         d1:2c:e8:f5:90:8a:ce:5b:32:a4:42:f6:00:46:33:ba:e7:53:
         51:b6:75:7c:bf:19:c3:3b:c4:92:bc:3d:d8:58:65:80:e0:83:
         2a:1e:90:dc:f8:f6:bb:01:fc:e7:57:78:60:8f:ac:b2:28:ed:
         dd:18:a6:d1:99:4d:37:aa:7e:48:18:60:8c:a4:27:1a:ad:1f:
         9f:1e:8f:56:7a:71:f9:6e:11:89:dd:9a:b9:67:62:25:ca:dd:
         2a:2a:64:a9:71:24:1c:c7:e5:f4:a6:6a:03:90:c6:2e:8c:10:
         ed:f7:a8:b4:1c:c4:1f:d7:9f:bc:e3:f3:3d:71:2e:33:0b:2a:
         fe:e3:e5:52:3d:0c:77:f6:79:d2:05:3c:52:7f:20:d8:fb:85:
         f1:cf:39:a5:24:bb:6a:67:d2:be:8a:06:08:d1:81:ec:49:49:
         20:ca:df:5b:7f:ae:36:bb:5d:3b:e8:bc:50:78:41:36:75:8f:
         0f:3c:20:02
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUA4sTftfm54MiNRgnM/jUZtunWHUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE2MTUyMDE3WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGVkMDZiMTkwMGUzMDNlMmUwYTcxODQ2MzUzMGE5NDRi
NDE2MjU2MTk4ZGZjMjNkNzZhYTg3YzNkZGQ4NjRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5/i4KF7z7d8/fYc9u/02WMdecFe1AAAqY8yhVCz51HaTW
MnBfhOhEcPy3Pa6bdTSG2x80xkN5F6nfTDYDMUma4o9J6r1J9ycd79yV1ZCIX2bB
BA2jnHobFYE7GfrMVliiL/iIUeJnwcz2Lq+wW6zL10NJpM2yj5piLfiVEwem/vOm
goiBJJ8rnKGgCWiawuSUJ4yO3bXxICmJjFSuyTyvx2t3i4UdOBfzgCgJ4qCOGsLq
kTlO7IJ1meSBNBetJlcDU6KIOwojhwiskuYLAB/ADBlf/iw824wVFDKjbWgk5DIC
FQjMm7bwHlnvQRkwLUSXferXNo9IWg90vWSCuWYZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU5Cpxc2ppVLpv8KNxQ/wndbKCkoAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxM2FkYTY0LTAwM2YtNGQ3ZS05Y2E4LTE5ODUzZDJmOWQwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8gwDANBgkqhkiG9w0BAQsFAAOCAQEAisDqxvWthaB7YOhDk46G9g+P
P3Cmw+u0MyJlKiDecQvlhGIGDbDCkWyoBHG0W9H30w58lYtmO1LTscdwzOvubuXh
69OqBJNx0Szo9ZCKzlsypEL2AEYzuudTUbZ1fL8ZwzvEkrw92FhlgOCDKh6Q3Pj2
uwH851d4YI+ssijt3Rim0ZlNN6p+SBhgjKQnGq0fnx6PVnpx+W4Rid2auWdiJcrd
KipkqXEkHMfl9KZqA5DGLowQ7feotBzEH9efvOPzPXEuMwsq/uPlUj0Md/Z50gU8
Un8g2PuF8c85pSS7amfSvooGCNGB7ElJIMrfW3+uNrtdO+i8UHhBNnWPDzwgAg==
-----END CERTIFICATE-----