Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f05e9af-40c1-4b64-8acd-465c0b672d25.roa
File:                     8f05e9af-40c1-4b64-8acd-465c0b672d25.roa (raw, json)
Hash identifier:          DxvLV75LlprGKsxlyNY8LY5SuEjHo9ePLK3l2qot+i0=
Subject key identifier:   B4:2B:DD:51:60:5D:60:C6:15:1F:37:7F:CA:52:32:34:8B:6B:6C:EA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1FF81834145392C190F88161EFB9773217B99D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f05e9af-40c1-4b64-8acd-465c0b672d25.roa
Signing time:             Thu 26 Jun 2025 19:24:41 +0000
ROA not before:           Thu 26 Jun 2025 19:24:41 +0000
ROA not after:            Thu 31 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff3:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:f8:18:34:14:53:92:c1:90:f8:81:61:ef:b9:77:32:17:b9:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 26 19:24:41 2025 GMT
            Not After : Jul 31 23:59:59 2025 GMT
        Subject: serialNumber=4de095991a7b8a42e09cac3d716f950ad4a89dae14ddce4a73bfbbca5ef4d3a2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:87:78:6e:11:7e:50:ee:d4:87:40:59:e6:ad:
                    85:af:84:7f:00:93:b8:b7:ed:a5:06:a9:24:32:b6:
                    f6:01:d9:97:ad:a1:98:17:d7:92:3b:50:52:65:e4:
                    d2:f7:f0:c9:30:70:17:ab:1c:ac:e2:25:cd:f5:a5:
                    6b:65:2f:25:6b:d7:83:b8:4c:06:af:86:98:ab:f2:
                    31:9e:3b:58:58:cd:e3:72:b1:6f:bf:e7:42:4e:7e:
                    98:3e:2b:80:d9:1d:ee:58:fb:81:39:dd:eb:00:1e:
                    8f:98:f3:72:9c:5a:e5:e4:f8:f1:35:56:68:47:c9:
                    88:6b:ac:70:b5:ae:18:c4:2c:a6:6b:27:2e:7d:52:
                    d9:b8:50:af:26:44:ac:de:b9:84:c8:3d:3a:e6:92:
                    dd:cf:50:d1:83:a4:b1:3a:23:0e:5d:15:f9:50:0f:
                    9e:6e:b2:09:63:c4:76:4b:2d:bf:e5:97:f3:90:66:
                    e9:c8:33:9d:47:30:1e:2c:40:72:96:d3:0f:27:83:
                    a5:d3:50:bf:95:98:7c:94:9e:60:c6:9a:86:c5:bf:
                    a0:b7:de:c7:b0:07:0d:b2:f5:f2:f3:0f:2c:6e:c0:
                    07:93:31:e4:e4:11:e0:15:db:ec:f6:2d:e6:80:f7:
                    b0:1c:43:3f:d6:3d:04:c8:4a:3d:ed:51:2f:5f:16:
                    6d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:2B:DD:51:60:5D:60:C6:15:1F:37:7F:CA:52:32:34:8B:6B:6C:EA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f05e9af-40c1-4b64-8acd-465c0b672d25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5a:ae:9c:94:c7:31:85:4f:8f:86:c8:4a:e2:40:ce:44:6e:d7:
         d1:6a:14:f5:ea:53:be:85:66:1d:89:85:25:ae:ce:2f:2e:0f:
         e0:45:ea:61:47:a0:0f:91:51:5d:33:c7:de:55:ad:46:65:64:
         6b:e0:f2:a1:93:2f:ee:fe:62:4a:02:92:44:b5:37:5e:4d:00:
         2b:31:15:43:7b:e6:33:74:48:40:6f:9a:0d:02:12:9c:a3:75:
         9b:23:35:51:2a:0a:39:53:2c:d1:a0:2f:52:d0:83:34:d6:1d:
         65:63:c3:f7:ca:89:c9:c2:f6:6b:73:ba:e4:6e:a5:4d:05:aa:
         8a:e4:a2:c9:56:8c:ae:1f:33:b3:2f:8a:f2:94:b2:fc:7c:e9:
         1a:d2:97:f3:1a:a4:e3:1b:98:14:49:95:86:b8:af:cc:da:17:
         b4:a5:31:d3:98:53:cf:f3:0a:77:c3:3c:31:40:f3:13:7f:03:
         7c:60:5f:6a:60:a9:03:95:af:7f:54:e1:bf:22:78:e6:00:a8:
         15:86:d3:ce:56:3f:18:d6:45:3e:91:73:33:0d:ec:ca:1c:e7:
         20:ec:97:b7:83:b2:2c:84:c7:e4:fd:07:56:a2:47:1a:e2:50:
         a6:d2:03:b8:8d:33:da:3e:98:dc:1b:08:e5:36:ae:09:9f:4b:
         7a:6e:6e:28
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgITH/gYNBRTksGQ+IFh77l3Mhe5nTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTA2MjYxOTI0NDFaFw0yNTA3MzEyMzU5NTla
MHoxSTBHBgNVBAUTQDRkZTA5NTk5MWE3YjhhNDJlMDljYWMzZDcxNmY5NTBhZDRh
ODlkYWUxNGRkY2U0YTczYmZiYmNhNWVmNGQzYTIxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKOHeG4RflDu1IdAWeatha+EfwCTuLftpQapJDK29gHZl62h
mBfXkjtQUmXk0vfwyTBwF6scrOIlzfWla2UvJWvXg7hMBq+GmKvyMZ47WFjN43Kx
b7/nQk5+mD4rgNkd7lj7gTnd6wAej5jzcpxa5eT48TVWaEfJiGuscLWuGMQspmsn
Ln1S2bhQryZErN65hMg9OuaS3c9Q0YOksTojDl0V+VAPnm6yCWPEdkstv+WX85Bm
6cgznUcwHixAcpbTDyeDpdNQv5WYfJSeYMaahsW/oLfex7AHDbL18vMPLG7AB5Mx
5OQR4BXb7PYt5oD3sBxDP9Y9BMhKPe1RL18WbacCAwEAAaOCArMwggKvMB0GA1Ud
DgQWBBS0K91RYF1gxhUfN3/KUjI0i2ts6jAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvOGYwNWU5YWYtNDBjMS00YjY0LThhY2QtNDY1YzBiNjcyZDI1LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw
CAMGACYAH/PgMA0GCSqGSIb3DQEBCwUAA4IBAQBarpyUxzGFT4+GyEriQM5EbtfR
ahT16lO+hWYdiYUlrs4vLg/gRephR6APkVFdM8feVa1GZWRr4PKhky/u/mJKApJE
tTdeTQArMRVDe+YzdEhAb5oNAhKco3WbIzVRKgo5UyzRoC9S0IM01h1lY8P3yonJ
wvZrc7rkbqVNBaqK5KLJVoyuHzOzL4rylLL8fOka0pfzGqTjG5gUSZWGuK/M2he0
pTHTmFPP8wp3wzwxQPMTfwN8YF9qYKkDla9/VOG/InjmAKgVhtPOVj8Y1kU+kXMz
DezKHOcg7Je3g7IshMfk/QdWokca4lCm0gO4jTPaPpjcGwjlNq4Jn0t6bm4o
-----END CERTIFICATE-----