Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c8f71b7e-9974-4779-8c24-e352d24c707e.roa
File:                     c8f71b7e-9974-4779-8c24-e352d24c707e.roa (raw, json)
Hash identifier:          QZzb5NAxCTAqRc3zcRU1XocoeQuR2dnOYDFZQZ6DaO0=
Subject key identifier:   B1:EB:6E:6F:26:62:AA:4F:D9:2A:23:DE:00:36:9A:26:13:35:81:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F787E6764CE6FA5BD1D80670D347B7F4471A41C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c8f71b7e-9974-4779-8c24-e352d24c707e.roa
Signing time:             Mon 23 Jun 2025 15:20:28 +0000
ROA not before:           Mon 23 Jun 2025 15:20:28 +0000
ROA not after:            Mon 28 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff8:5000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:78:7e:67:64:ce:6f:a5:bd:1d:80:67:0d:34:7b:7f:44:71:a4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 23 15:20:28 2025 GMT
            Not After : Jul 28 23:59:59 2025 GMT
        Subject: serialNumber=b1f939fbaf47dcbd3682465aedf9d0b17b6697a6c0dcfd4381a3cc72e66d81a7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:94:1b:92:a5:78:0c:1d:a4:0d:ae:34:8a:40:
                    23:bd:08:b4:86:74:57:48:ab:f3:6b:29:af:ac:44:
                    f8:2b:82:da:83:9e:88:d0:06:99:32:d8:b3:06:af:
                    94:6e:3f:6e:41:f7:e9:d5:d3:5c:21:85:a0:06:f5:
                    0f:91:f0:17:53:30:6f:04:6e:2c:c4:e2:73:61:41:
                    cc:e3:c5:de:c0:af:d8:1d:59:7f:32:a1:26:93:a0:
                    3f:98:0a:bb:13:e6:08:d7:92:b1:0d:80:3e:28:2d:
                    90:09:4f:0f:d7:e0:51:57:72:58:6f:ef:5b:bd:a5:
                    90:ad:b3:04:98:17:10:12:94:e1:f2:20:a3:0e:54:
                    e1:af:c3:4c:71:29:c0:25:a4:56:2d:37:ca:a1:41:
                    70:b5:29:b3:de:c1:95:a6:05:79:88:05:1e:e2:b3:
                    53:f2:93:9e:3e:e6:66:c6:ce:d6:1a:c6:5a:3e:27:
                    01:fe:6f:ee:fb:4e:94:e0:8c:cf:b3:35:39:31:23:
                    61:4b:d0:e5:80:0e:13:73:25:94:9d:53:f0:07:43:
                    a8:f9:c4:bf:f1:9b:46:f8:d3:c6:67:cf:dd:fa:01:
                    b8:1c:67:52:96:36:00:71:57:b0:80:7b:f3:de:af:
                    57:da:c5:32:c1:74:22:20:32:f5:36:37:35:f4:ab:
                    2b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:EB:6E:6F:26:62:AA:4F:D9:2A:23:DE:00:36:9A:26:13:35:81:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c8f71b7e-9974-4779-8c24-e352d24c707e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff8:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         93:48:6a:21:05:98:95:07:1c:57:df:ee:32:dc:ed:25:8c:d3:
         10:0e:04:3a:77:8c:82:ee:94:6d:a8:c8:eb:d0:72:87:b9:eb:
         79:45:9d:90:1d:93:c3:f4:f4:7e:4c:7e:92:9b:c0:26:a0:27:
         27:ef:3b:de:ed:a7:23:15:5a:5c:3c:49:05:7d:ed:26:11:f0:
         68:23:16:e8:ac:cb:8c:0b:97:62:41:b1:bc:b1:6c:3e:92:f4:
         ba:7a:da:87:93:b5:74:8f:29:b1:8e:fe:ec:b4:47:d8:e4:15:
         38:d1:a0:b8:aa:0e:db:3c:0f:b7:40:32:31:e1:ba:e2:b1:b5:
         20:be:96:06:7d:16:c8:de:cd:7a:17:30:8c:8f:c6:e3:6c:96:
         b4:73:7f:98:fb:5f:5e:47:a0:d0:4b:05:39:17:df:e9:4f:17:
         e1:50:48:97:4c:2a:97:ec:4e:2f:84:b9:30:91:6a:fc:3d:be:
         e8:98:1a:0b:07:a5:6c:70:65:b0:8f:b7:3a:65:4e:2c:8d:c7:
         38:b6:d3:4a:15:d3:89:6a:db:8d:f2:0f:ab:d0:5e:ec:43:c5:
         88:66:6a:5f:9a:6f:2b:76:4f:7b:6d:be:90:ab:6d:34:41:bd:
         b0:69:2d:e7:da:31:cd:99:0c:09:76:c7:4e:fe:7f:b5:83:0e:
         6b:fa:2d:31
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUH3h+Z2TOb6W9HYBnDTR7f0RxpBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjIzMTUyMDI4WhcNMjUwNzI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMWY5MzlmYmFmNDdkY2JkMzY4MjQ2NWFlZGY5ZDBiMTdi
NjY5N2E2YzBkY2ZkNDM4MWEzY2M3MmU2NmQ4MWE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIlBuSpXgMHaQNrjSKQCO9CLSGdFdIq/NrKa+sRPgrgtqD
nojQBpky2LMGr5RuP25B9+nV01whhaAG9Q+R8BdTMG8EbizE4nNhQczjxd7Ar9gd
WX8yoSaToD+YCrsT5gjXkrENgD4oLZAJTw/X4FFXclhv71u9pZCtswSYFxASlOHy
IKMOVOGvw0xxKcAlpFYtN8qhQXC1KbPewZWmBXmIBR7is1Pyk54+5mbGztYaxlo+
JwH+b+77TpTgjM+zNTkxI2FL0OWADhNzJZSdU/AHQ6j5xL/xm0b408Znz936Abgc
Z1KWNgBxV7CAe/Per1faxTLBdCIgMvU2NzX0qyttAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUsetubyZiqk/ZKiPeADaaJhM1gTAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4ZjcxYjdlLTk5NzQtNDc3OS04YzI0LWUzNTJkMjRjNzA3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB/4UDANBgkqhkiG9w0BAQsFAAOCAQEAk0hqIQWYlQccV9/uMtztJYzT
EA4EOneMgu6UbajI69Byh7nreUWdkB2Tw/T0fkx+kpvAJqAnJ+873u2nIxVaXDxJ
BX3tJhHwaCMW6KzLjAuXYkGxvLFsPpL0unrah5O1dI8psY7+7LRH2OQVONGguKoO
2zwPt0AyMeG64rG1IL6WBn0WyN7NehcwjI/G42yWtHN/mPtfXkeg0EsFORff6U8X
4VBIl0wql+xOL4S5MJFq/D2+6JgaCwelbHBlsI+3OmVOLI3HOLbTShXTiWrbjfIP
q9Be7EPFiGZqX5pvK3ZPe22+kKttNEG9sGkt59oxzZkMCXbHTv5/tYMOa/otMQ==
-----END CERTIFICATE-----