Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbed3a5f-ab91-4d00-9617-65b88c24ab33.roa
File:                     dbed3a5f-ab91-4d00-9617-65b88c24ab33.roa (raw, json)
Hash identifier:          k8NWBmCnjffTgSWoiadAl13Ypv5ARqstJWatU7d7/Gk=
Subject key identifier:   87:CD:09:E4:6B:6F:7A:C1:9D:22:8A:65:1D:F3:EF:F3:01:F3:12:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       22B9D3D68A337110E47FF8971F90F91ABDAD041E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbed3a5f-ab91-4d00-9617-65b88c24ab33.roa
Signing time:             Sat 10 May 2025 00:10:14 +0000
ROA not before:           Sat 10 May 2025 00:10:14 +0000
ROA not after:            Sat 14 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:a400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 12 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:b9:d3:d6:8a:33:71:10:e4:7f:f8:97:1f:90:f9:1a:bd:ad:04:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 10 00:10:14 2025 GMT
            Not After : Jun 14 23:59:59 2025 GMT
        Subject: serialNumber=9de80a67b081af03f1047298b10abbe2089ba1412a7f639ace295447d4e0a3c8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d5:31:3b:70:fa:d2:c9:ef:ce:b9:36:de:63:
                    24:31:eb:3c:da:cf:0e:fe:8a:7c:a8:da:6d:3e:fb:
                    1d:8b:13:7e:46:69:c0:e8:2d:98:6a:75:db:6a:ad:
                    a3:6d:73:c9:2c:6e:d7:dd:a3:80:5c:ca:0e:73:80:
                    a6:d9:67:8d:48:6f:83:af:1d:72:da:78:27:54:07:
                    fb:f6:47:7a:3d:58:26:71:3c:4a:64:6b:e6:c5:fc:
                    ba:93:37:58:b9:0d:93:17:f0:b5:9c:b4:f1:ac:cf:
                    a9:de:19:9a:1c:9a:4c:e1:a1:db:f9:fa:6b:ea:57:
                    5a:40:3e:05:df:b9:a1:51:12:0c:3c:00:46:57:33:
                    af:94:a4:b3:af:50:52:19:68:c7:12:c7:3b:6b:94:
                    76:e8:83:d0:8e:b4:52:d7:b5:46:6e:89:d1:1c:d2:
                    cd:b5:a6:70:49:25:36:4b:ec:81:07:37:9e:c4:5a:
                    f3:24:56:7c:d1:9c:91:75:57:88:89:66:66:b1:76:
                    ca:b9:a7:25:aa:3c:4c:bf:d5:b6:39:3a:09:7a:a1:
                    52:57:ac:05:72:1e:88:ad:89:79:95:94:ef:40:e3:
                    da:8f:01:5a:49:a1:04:7e:58:19:26:e5:49:1f:73:
                    e5:29:53:ad:5f:ec:73:43:02:4c:5f:a4:54:5f:c5:
                    8f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:CD:09:E4:6B:6F:7A:C1:9D:22:8A:65:1D:F3:EF:F3:01:F3:12:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbed3a5f-ab91-4d00-9617-65b88c24ab33.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:4b:a3:f3:1d:20:c4:21:86:c2:c7:d1:61:35:9b:55:dc:8d:
         82:a3:72:7d:a9:3a:d8:f5:13:84:31:1e:e0:31:b1:75:d2:f4:
         db:e6:72:45:16:43:6c:c6:d4:27:ac:43:75:91:8f:c7:6c:ed:
         48:a7:60:f4:1c:07:66:2b:6a:b6:ff:55:37:a5:e2:a1:48:11:
         a3:5f:8e:00:b5:3c:9c:d9:d8:6d:fe:40:2c:02:5b:8f:83:1d:
         9e:59:73:94:4f:c2:43:8b:45:cb:5e:eb:af:cc:34:f5:fd:d4:
         d8:72:66:6c:83:52:64:22:45:a8:c5:48:4a:63:86:6d:c9:f6:
         2c:75:1b:9d:e9:09:da:c7:cd:92:7d:74:6b:65:8e:58:6b:f5:
         7f:50:51:a3:0b:1e:ac:99:2c:8c:c1:41:b2:f0:ca:cb:a9:b6:
         88:50:b7:34:23:56:c2:d4:c7:7c:74:b4:84:d6:d3:7e:ef:76:
         80:d9:74:55:2b:cb:8c:5a:5d:6d:79:e4:9f:58:ca:cf:d9:43:
         96:3b:c2:f9:4c:68:2f:c0:9d:f9:a8:b5:72:2c:b6:38:30:9e:
         67:40:18:da:2d:1f:78:92:cf:30:96:a9:71:d2:14:9d:52:e5:
         cf:96:f3:e0:2d:c1:9d:01:5a:8c:dd:9d:c8:9b:5a:7f:b4:b0:
         6e:68:75:07
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUIrnT1oozcRDkf/iXH5D5Gr2tBB4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTEwMDAxMDE0WhcNMjUwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZGU4MGE2N2IwODFhZjAzZjEwNDcyOThiMTBhYmJlMjA4
OWJhMTQxMmE3ZjYzOWFjZTI5NTQ0N2Q0ZTBhM2M4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCk1TE7cPrSye/OuTbeYyQx6zzazw7+inyo2m0++x2LE35G
acDoLZhqddtqraNtc8ksbtfdo4Bcyg5zgKbZZ41Ib4OvHXLaeCdUB/v2R3o9WCZx
PEpka+bF/LqTN1i5DZMX8LWctPGsz6neGZocmkzhodv5+mvqV1pAPgXfuaFREgw8
AEZXM6+UpLOvUFIZaMcSxztrlHbog9COtFLXtUZuidEc0s21pnBJJTZL7IEHN57E
WvMkVnzRnJF1V4iJZmaxdsq5pyWqPEy/1bY5Ogl6oVJXrAVyHoitiXmVlO9A49qP
AVpJoQR+WBkm5Ukfc+UpU61f7HNDAkxfpFRfxY9zAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUh80J5GtvesGdIoplHfPv8wHzEiAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiZWQzYTVmLWFiOTEtNGQwMC05NjE3LTY1Yjg4YzI0YWIzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gpDANBgkqhkiG9w0BAQsFAAOCAQEAh0uj8x0gxCGGwsfRYTWbVdyN
gqNyfak62PUThDEe4DGxddL02+ZyRRZDbMbUJ6xDdZGPx2ztSKdg9BwHZitqtv9V
N6XioUgRo1+OALU8nNnYbf5ALAJbj4MdnllzlE/CQ4tFy17rr8w09f3U2HJmbINS
ZCJFqMVISmOGbcn2LHUbnekJ2sfNkn10a2WOWGv1f1BRowserJksjMFBsvDKy6m2
iFC3NCNWwtTHfHS0hNbTfu92gNl0VSvLjFpdbXnkn1jKz9lDljvC+UxoL8Cd+ai1
ciy2ODCeZ0AY2i0feJLPMJapcdIUnVLlz5bz4C3BnQFajN2dyJtaf7Swbmh1Bw==
-----END CERTIFICATE-----