Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/59031a63-ea1a-4943-86ab-19221a23ca42.roa
File:                     59031a63-ea1a-4943-86ab-19221a23ca42.roa (raw, json)
Hash identifier:          +PjuiiYB5+FcnAtkQHH2IimBY4Qckx4vzRGfn5DwdBo=
Subject key identifier:   FC:A0:90:16:27:5A:94:18:86:C5:25:86:94:7D:FF:3D:96:CD:B8:6D
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       18638DF5626CDB724B5C3AA2D76C3BBB379BF97C
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/59031a63-ea1a-4943-86ab-19221a23ca42.roa
Signing time:             Tue 01 Jul 2025 00:20:30 +0000
ROA not before:           Tue 01 Jul 2025 00:20:30 +0000
ROA not after:            Tue 05 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:f40:8000::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:63:8d:f5:62:6c:db:72:4b:5c:3a:a2:d7:6c:3b:bb:37:9b:f9:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Jul  1 00:20:30 2025 GMT
            Not After : Aug  5 23:59:59 2025 GMT
        Subject: serialNumber=7f4cfd79e4dc5937170b7a3a428ab4e2770e844f8d892b2e8db6fe9654982c09, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:02:29:b8:ba:d9:f7:1d:6e:37:eb:b1:b2:7b:
                    b3:d7:05:a0:f7:f7:00:51:ee:7d:65:5e:d6:2a:2e:
                    96:61:6d:bf:b5:b1:92:6c:6f:4f:6a:8e:72:3c:5b:
                    af:27:84:e2:cb:d3:e6:04:02:1d:b0:19:74:69:83:
                    27:90:e7:fa:f9:67:6d:4d:c7:c5:13:be:7a:85:a0:
                    98:71:01:c8:ce:f2:0d:70:d6:6d:51:77:b9:4b:7c:
                    0b:8c:c0:b8:70:bd:3b:d0:c4:0a:ce:ea:b6:6e:60:
                    a9:20:5a:51:c3:3b:b5:7b:a3:24:73:41:35:dd:33:
                    0a:87:c9:3c:75:10:37:9f:1f:9e:28:64:37:ac:08:
                    b7:57:19:0a:2e:cb:38:51:52:88:64:ff:f0:89:f7:
                    af:d9:3b:4b:99:42:cd:35:21:6f:c7:b8:64:cb:a7:
                    f5:fb:87:9d:0c:19:1c:f9:c8:e9:cc:08:9a:e5:64:
                    63:89:12:d9:c3:7a:05:30:86:b6:78:4c:86:a6:75:
                    2d:02:e0:3c:e9:4c:80:9c:4c:71:94:16:61:61:47:
                    5b:d4:63:a4:f4:ad:b5:64:a7:91:02:78:60:53:b3:
                    61:fe:14:1c:93:73:1e:0b:a6:ae:8a:20:59:65:1f:
                    44:01:51:3f:64:32:f9:22:68:ad:d2:1f:c4:07:f1:
                    d6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A0:90:16:27:5A:94:18:86:C5:25:86:94:7D:FF:3D:96:CD:B8:6D
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/59031a63-ea1a-4943-86ab-19221a23ca42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         1a:d5:16:35:76:e9:52:fa:8c:c0:56:03:87:cd:11:1f:10:ff:
         90:24:09:24:08:9d:bc:1b:4a:86:c2:19:07:1e:cb:37:54:e2:
         97:3f:6c:7f:6a:91:ed:49:2f:a7:61:be:a4:1a:10:10:db:1e:
         8e:2e:35:25:60:31:c7:6b:90:a2:68:49:a6:b1:05:90:bb:47:
         e6:8a:21:d1:97:99:83:5b:02:e0:2e:cd:2b:21:1a:ec:08:df:
         6b:17:ff:25:39:ee:14:70:b7:d3:ea:0c:5b:43:f9:a8:51:87:
         9f:12:76:70:a4:df:e4:b5:34:b5:f8:cd:ce:1a:dc:e7:09:ea:
         99:90:f3:b8:f4:ba:dd:ae:2e:b5:14:90:81:01:48:c8:22:ed:
         73:7d:33:eb:ee:7b:2d:9b:f9:08:67:62:f4:c7:c2:78:bc:1e:
         e2:80:fa:a9:b8:67:a0:85:0b:3b:2d:f0:3e:e9:94:53:64:9b:
         10:f0:68:54:98:89:cf:f9:a4:3e:ae:56:d7:9a:05:c7:44:ee:
         d3:f2:1b:e1:45:c5:37:81:76:13:49:9a:ac:3a:60:d9:e1:29:
         d3:4f:e4:b2:6d:b3:75:d9:07:7e:f3:a4:20:16:86:98:dc:00:
         b7:cb:36:f2:9d:da:58:58:a4:40:c2:92:72:e4:b4:5e:d4:61:
         64:5b:97:fd
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGGON9WJs23JLXDqi12w7uzeb+XwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUwNzAxMDAyMDMwWhcNMjUwODA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZjRjZmQ3OWU0ZGM1OTM3MTcwYjdhM2E0MjhhYjRlMjc3
MGU4NDRmOGQ4OTJiMmU4ZGI2ZmU5NjU0OTgyYzA5MS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLAim4utn3HW4367Gye7PXBaD39wBR7n1lXtYqLpZhbb+1
sZJsb09qjnI8W68nhOLL0+YEAh2wGXRpgyeQ5/r5Z21Nx8UTvnqFoJhxAcjO8g1w
1m1Rd7lLfAuMwLhwvTvQxArO6rZuYKkgWlHDO7V7oyRzQTXdMwqHyTx1EDefH54o
ZDesCLdXGQouyzhRUohk//CJ96/ZO0uZQs01IW/HuGTLp/X7h50MGRz5yOnMCJrl
ZGOJEtnDegUwhrZ4TIamdS0C4DzpTICcTHGUFmFhR1vUY6T0rbVkp5ECeGBTs2H+
FByTcx4Lpq6KIFllH0QBUT9kMvkiaK3SH8QH8dbZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU/KCQFidalBiGxSWGlH3/PZbNuG0wHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzU5MDMxYTYzLWVhMWEtNDk0My04NmFiLTE5MjIxYTIzY2E0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AgDANBgkqhkiG9w0BAQsFAAOCAQEAGtUWNXbpUvqMwFYDh80RHxD/
kCQJJAidvBtKhsIZBx7LN1Tilz9sf2qR7Ukvp2G+pBoQENseji41JWAxx2uQomhJ
prEFkLtH5ooh0ZeZg1sC4C7NKyEa7Ajfaxf/JTnuFHC30+oMW0P5qFGHnxJ2cKTf
5LU0tfjNzhrc5wnqmZDzuPS63a4utRSQgQFIyCLtc30z6+57LZv5CGdi9MfCeLwe
4oD6qbhnoIULOy3wPumUU2SbEPBoVJiJz/mkPq5W15oFx0Tu0/Ib4UXFN4F2E0ma
rDpg2eEp00/ksm2zddkHfvOkIBaGmNwAt8s28p3aWFikQMKScuS0XtRhZFuX/Q==
-----END CERTIFICATE-----