Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/869b59ab-0ce7-4311-8cd3-7a5d60ca3f80.roa
File:                     869b59ab-0ce7-4311-8cd3-7a5d60ca3f80.roa (raw, json)
Hash identifier:          a1nLT4OQQPof+LR1OhCxDZqC5Udi1E9k3AvpEivL3nI=
Subject key identifier:   13:D8:91:5D:16:20:CF:3D:89:6D:A2:83:E9:F9:5E:34:36:1E:41:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       162527799078040D672BC3938F57F1C66BFA1258
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/869b59ab-0ce7-4311-8cd3-7a5d60ca3f80.roa
Signing time:             Wed 13 Aug 2025 00:21:56 +0000
ROA not before:           Wed 13 Aug 2025 00:21:56 +0000
ROA not after:            Wed 17 Sep 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ffe:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 25 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:25:27:79:90:78:04:0d:67:2b:c3:93:8f:57:f1:c6:6b:fa:12:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 13 00:21:56 2025 GMT
            Not After : Sep 17 23:59:59 2025 GMT
        Subject: serialNumber=754420f088733783e45cd35e576ddd8505651e029378c57b88e6cb189c23c975, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:18:70:93:c1:30:8d:9b:ce:d6:25:26:23:37:
                    30:03:5c:c5:4c:12:9b:35:87:49:f3:d4:4c:f4:2b:
                    d6:8a:aa:7b:8c:b4:d5:da:9a:6e:59:44:af:d5:ec:
                    58:c5:a5:37:9d:47:de:1e:08:46:1b:af:7e:6e:0c:
                    e5:19:9c:67:cc:5b:ae:34:5d:15:21:3d:85:14:4e:
                    c4:d6:eb:bc:0d:dd:be:8d:8a:1b:f2:71:d1:37:31:
                    91:34:c6:de:69:18:5a:99:ae:b1:b2:19:30:5a:de:
                    2a:15:43:a7:64:ab:db:71:6b:50:8e:50:20:82:56:
                    4b:85:60:04:cf:10:86:33:11:00:f0:f6:0a:9a:45:
                    7a:e3:9a:85:12:fa:36:7a:b7:70:ae:ef:ad:73:f9:
                    8a:d7:79:f8:6c:ce:6f:c2:a2:70:35:60:0d:3b:9e:
                    86:96:64:10:10:ca:fa:bf:77:8f:ca:e7:9a:e5:24:
                    ca:ac:75:bd:15:c2:f5:e8:c3:e0:24:ce:c0:e9:a9:
                    ed:cf:52:c0:08:89:7a:6f:cf:33:00:be:3e:76:57:
                    e0:ee:65:44:22:1c:53:4e:f3:6f:70:37:e3:8d:c9:
                    71:b0:d6:ed:a1:ac:73:bd:57:3e:60:13:f0:97:1d:
                    70:e9:4f:49:18:d2:c3:ea:63:4b:8f:d0:9c:0e:17:
                    fb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D8:91:5D:16:20:CF:3D:89:6D:A2:83:E9:F9:5E:34:36:1E:41:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/869b59ab-0ce7-4311-8cd3-7a5d60ca3f80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffe:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:8e:ca:86:8e:b3:2f:30:eb:33:b2:d1:37:af:9f:18:78:e1:
         ac:da:6e:0f:f8:ba:e7:65:50:83:c5:ca:36:eb:b5:09:4e:54:
         57:f2:94:cf:37:70:84:17:60:12:f5:3b:44:bc:f7:bf:85:d2:
         f5:01:50:8b:5a:6b:e6:ed:8c:4a:64:18:df:da:12:ed:53:2c:
         26:93:5d:68:0a:e5:0e:cb:d2:bb:97:06:a8:c9:43:4a:52:16:
         2d:4a:c0:e9:9c:04:2c:b2:8a:6a:71:5b:be:3d:63:9f:b7:be:
         26:1c:34:3a:4c:14:9d:15:87:12:48:ec:39:1e:17:3e:ec:9d:
         03:45:f8:c8:65:38:95:bc:fe:11:1c:f3:7f:28:66:5d:6d:ca:
         78:78:97:93:31:40:c0:f9:70:5b:b9:38:0d:eb:3f:6e:71:e6:
         a7:82:11:a3:7f:8b:61:03:7c:7f:77:3c:8c:c3:06:c7:8f:ac:
         aa:a6:28:5f:5a:63:75:ff:3e:a1:c8:43:83:48:53:77:45:fd:
         f3:d9:c0:28:14:70:7e:d3:3e:21:e5:5b:63:00:cd:56:34:0e:
         2c:ab:b3:72:f6:18:c5:04:95:d2:23:2c:27:71:5d:16:f5:f1:
         bc:63:fe:28:bf:73:0b:32:4b:36:c4:71:2e:60:32:64:8d:de:
         d5:e4:78:c8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUFiUneZB4BA1nK8OTj1fxxmv6ElgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEzMDAyMTU2WhcNMjUwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTQ0MjBmMDg4NzMzNzgzZTQ1Y2QzNWU1NzZkZGQ4NTA1
NjUxZTAyOTM3OGM1N2I4OGU2Y2IxODljMjNjOTc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsGHCTwTCNm87WJSYjNzADXMVMEps1h0nz1Ez0K9aKqnuM
tNXamm5ZRK/V7FjFpTedR94eCEYbr35uDOUZnGfMW640XRUhPYUUTsTW67wN3b6N
ihvycdE3MZE0xt5pGFqZrrGyGTBa3ioVQ6dkq9txa1COUCCCVkuFYATPEIYzEQDw
9gqaRXrjmoUS+jZ6t3Cu761z+YrXefhszm/ConA1YA07noaWZBAQyvq/d4/K55rl
JMqsdb0VwvXow+AkzsDpqe3PUsAIiXpvzzMAvj52V+DuZUQiHFNO829wN+ONyXGw
1u2hrHO9Vz5gE/CXHXDpT0kY0sPqY0uP0JwOF/vRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUE9iRXRYgzz2JbaKD6fleNDYeQWEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg2OWI1OWFiLTBjZTctNDMxMS04Y2QzLTdhNWQ2MGNhM2Y4MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/+IDANBgkqhkiG9w0BAQsFAAOCAQEAUY7Kho6zLzDrM7LRN6+fGHjh
rNpuD/i652VQg8XKNuu1CU5UV/KUzzdwhBdgEvU7RLz3v4XS9QFQi1pr5u2MSmQY
39oS7VMsJpNdaArlDsvSu5cGqMlDSlIWLUrA6ZwELLKKanFbvj1jn7e+Jhw0OkwU
nRWHEkjsOR4XPuydA0X4yGU4lbz+ERzzfyhmXW3KeHiXkzFAwPlwW7k4Des/bnHm
p4IRo3+LYQN8f3c8jMMGx4+sqqYoX1pjdf8+ochDg0hTd0X989nAKBRwftM+IeVb
YwDNVjQOLKuzcvYYxQSV0iMsJ3FdFvXxvGP+KL9zCzJLNsRxLmAyZI3e1eR4yA==
-----END CERTIFICATE-----