Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3f91ab4-930a-4958-b6c8-811feb211be7.roa
File:                     b3f91ab4-930a-4958-b6c8-811feb211be7.roa (raw, json)
Hash identifier:          Y5ccbCuApyz3cmB9YJQt1owY/7RpdF5Y7v1R4D8t7s4=
Subject key identifier:   7C:2A:F9:03:1E:53:CB:44:1B:80:B9:A8:94:8C:F1:65:E9:B3:A0:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4308407969FDBE798810A921EC02CC1AA001DE07
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3f91ab4-930a-4958-b6c8-811feb211be7.roa
Signing time:             Fri 13 Jun 2025 17:21:20 +0000
ROA not before:           Fri 13 Jun 2025 17:21:20 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f10:c800::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:08:40:79:69:fd:be:79:88:10:a9:21:ec:02:cc:1a:a0:01:de:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 17:21:20 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=db2d3bb73411212a24d7e7a9f5bf6e9482cf3a8c2f4f5350b5f4dcc377c02b60, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:49:80:99:0a:0b:77:59:92:c8:66:95:dd:cf:
                    6f:04:5f:7a:96:23:26:5d:c1:1e:f5:e2:af:dc:55:
                    30:90:8a:bb:e0:9a:b0:bc:d2:d3:d4:12:21:83:a8:
                    0c:14:ec:15:78:61:6d:55:63:12:75:5d:3b:8c:91:
                    ef:de:27:1d:b5:66:f4:41:08:df:e3:42:0d:cb:a0:
                    59:64:db:9b:ec:55:b5:40:9c:bb:2a:4b:a9:ff:cb:
                    c1:26:ed:a8:d3:85:7c:66:bd:77:aa:99:51:ca:aa:
                    24:eb:f0:5a:62:64:cf:d9:62:ca:f6:e3:17:d0:69:
                    96:db:a6:51:3a:74:21:44:84:29:ef:6b:0a:b1:bf:
                    7e:5c:bd:8e:b6:c8:d5:d8:13:ff:70:79:13:72:61:
                    85:63:bc:2c:d6:0a:d3:18:60:4f:1a:78:40:21:a4:
                    9c:8c:ad:4c:6e:ba:27:29:09:6b:28:b5:7b:74:8b:
                    27:3b:34:d3:34:b5:8d:6d:5d:17:6c:c8:46:96:77:
                    e7:da:91:5a:38:49:df:c0:69:ee:81:c6:41:3b:d5:
                    01:57:08:3b:84:67:c6:a3:72:9c:fc:27:d9:d6:0c:
                    49:18:ba:1b:b2:6c:27:2f:06:43:c2:53:05:db:51:
                    ee:1b:63:c8:e9:d7:4b:ac:12:15:22:c2:e8:e6:9f:
                    e8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:2A:F9:03:1E:53:CB:44:1B:80:B9:A8:94:8C:F1:65:E9:B3:A0:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3f91ab4-930a-4958-b6c8-811feb211be7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f10:c800::/37

    Signature Algorithm: sha256WithRSAEncryption
         bd:5d:d8:68:2f:d1:bd:67:e8:6d:6b:bd:52:22:d3:ae:bc:27:
         c7:8d:81:c1:d2:f0:e1:e2:f0:53:d9:2f:dc:5c:9b:a5:b5:39:
         d6:82:f5:7c:d6:66:d9:79:c3:fe:0b:90:fd:3a:33:1d:75:c7:
         a1:80:fb:49:6f:a5:92:d9:c2:d4:c6:d2:c2:d6:d5:fa:5c:c0:
         1d:2e:d9:ea:4f:7a:81:20:f8:3e:43:8d:bf:e3:d2:d6:87:ed:
         18:3a:31:0e:6e:ca:79:d0:f2:51:93:60:81:7b:eb:6a:8f:c8:
         50:ee:73:a0:47:c9:94:22:86:00:b9:9d:85:47:78:57:45:c1:
         56:d4:0a:4f:b7:72:2c:67:37:10:e1:94:eb:b1:0c:02:c8:b0:
         28:ab:a4:65:13:f7:77:67:33:3b:b1:03:da:77:51:98:1d:b8:
         4b:d3:94:ce:51:a5:39:a1:d9:7a:50:8d:a8:35:00:40:0a:f7:
         42:76:28:22:93:c1:5a:5e:e7:5d:d6:06:61:4e:1e:77:57:ef:
         30:d5:5e:b2:cf:80:00:67:ec:8b:bb:5d:20:11:24:79:b1:4a:
         ee:b3:98:73:84:46:c7:fa:11:cc:56:a6:28:9c:9c:11:a9:d7:
         f8:89:dc:74:50:7d:7f:fb:0e:50:c3:2e:ea:e1:dd:ce:83:51:
         06:30:47:74
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQwhAeWn9vnmIEKkh7ALMGqAB3gcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMTcyMTIwWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjJkM2JiNzM0MTEyMTJhMjRkN2U3YTlmNWJmNmU5NDgy
Y2YzYThjMmY0ZjUzNTBiNWY0ZGNjMzc3YzAyYjYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlSYCZCgt3WZLIZpXdz28EX3qWIyZdwR714q/cVTCQirvg
mrC80tPUEiGDqAwU7BV4YW1VYxJ1XTuMke/eJx21ZvRBCN/jQg3LoFlk25vsVbVA
nLsqS6n/y8Em7ajThXxmvXeqmVHKqiTr8FpiZM/ZYsr24xfQaZbbplE6dCFEhCnv
awqxv35cvY62yNXYE/9weRNyYYVjvCzWCtMYYE8aeEAhpJyMrUxuuicpCWsotXt0
iyc7NNM0tY1tXRdsyEaWd+fakVo4Sd/Aae6BxkE71QFXCDuEZ8ajcpz8J9nWDEkY
uhuybCcvBkPCUwXbUe4bY8jp10usEhUiwujmn+hbAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUfCr5Ax5Ty0QbgLmolIzxZemzoGAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzZjkxYWI0LTkzMGEtNDk1OC1iNmM4LTgxMWZlYjIxMWJlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8QyDANBgkqhkiG9w0BAQsFAAOCAQEAvV3YaC/RvWfobWu9UiLTrrwn
x42BwdLw4eLwU9kv3FybpbU51oL1fNZm2XnD/guQ/TozHXXHoYD7SW+lktnC1MbS
wtbV+lzAHS7Z6k96gSD4PkONv+PS1oftGDoxDm7KedDyUZNggXvrao/IUO5zoEfJ
lCKGALmdhUd4V0XBVtQKT7dyLGc3EOGU67EMAsiwKKukZRP3d2czO7ED2ndRmB24
S9OUzlGlOaHZelCNqDUAQAr3QnYoIpPBWl7nXdYGYU4ed1fvMNVess+AAGfsi7td
IBEkebFK7rOYc4RGx/oRzFamKJycEanX+IncdFB9f/sOUMMu6uHdzoNRBjBHdA==
-----END CERTIFICATE-----