Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/91a27594-a038-483a-a558-a5377f4d266f.roa
File:                     91a27594-a038-483a-a558-a5377f4d266f.roa (raw, json)
Hash identifier:          1UJwUF+ho9Gb7HtIaos+wmLpYe1YYGuxT7GaDbqWSXU=
Subject key identifier:   71:D1:DA:6C:9F:07:4D:E6:21:74:86:93:30:B8:B3:B1:94:11:FD:53
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       31B3B9C85371AF7BB5186687219CABA90389A9FF
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/91a27594-a038-483a-a558-a5377f4d266f.roa
Signing time:             Wed 25 Jun 2025 00:20:07 +0000
ROA not before:           Wed 25 Jun 2025 00:20:07 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:f40:fffc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:b3:b9:c8:53:71:af:7b:b5:18:66:87:21:9c:ab:a9:03:89:a9:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Jun 25 00:20:07 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=35ed85b0f18b779f7fedba4502739ede7585350578cd7a8eba2cb1e2f133f174, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:85:83:1c:db:fc:88:aa:a1:d9:7d:3e:85:0d:
                    85:5d:5b:f4:b7:0b:02:cb:67:e8:0d:25:0b:b8:b3:
                    fb:22:7e:5d:f0:84:d4:9e:8f:c6:09:76:b9:8e:eb:
                    10:54:28:c2:c0:cb:fc:c9:26:17:99:af:94:81:38:
                    7f:4a:cc:48:40:cc:cc:c7:ee:22:3e:ad:10:da:e3:
                    57:d0:24:d3:d5:1c:2d:ad:4f:40:88:74:dc:91:b0:
                    8a:34:64:90:db:b7:81:e4:84:00:36:ff:fc:51:95:
                    d2:3f:76:e3:b1:55:cc:ad:7a:b5:7d:89:0e:41:df:
                    21:8d:e7:d6:31:f0:3f:3e:41:ca:50:23:3d:19:2c:
                    d3:9e:f8:1b:09:29:f8:fc:07:8f:73:51:ce:b4:11:
                    ff:ff:a0:6a:c0:69:27:a0:f0:7a:4b:31:2c:45:73:
                    3b:93:d6:d1:e1:ac:d2:11:a4:15:95:55:56:3f:d5:
                    75:a9:e0:8e:f0:37:d9:a1:69:b4:87:af:e1:5d:47:
                    94:3a:0e:87:cb:80:8e:a8:d6:d9:ad:23:73:99:d9:
                    84:53:78:53:13:01:dc:4f:87:6d:bd:07:50:8a:4c:
                    bc:bc:92:4d:d6:f0:b1:e6:a2:9c:8d:30:69:a3:26:
                    80:2e:d6:dc:85:06:71:21:e1:a7:fd:87:23:d0:18:
                    02:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D1:DA:6C:9F:07:4D:E6:21:74:86:93:30:B8:B3:B1:94:11:FD:53
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/91a27594-a038-483a-a558-a5377f4d266f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:fffc::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:b4:31:e5:31:42:89:bb:ba:bf:52:f1:c4:8d:bc:a8:6b:28:
         50:29:48:63:38:e3:2b:f0:19:ee:29:df:11:64:6c:c8:69:d3:
         03:c6:c5:d9:a1:8f:01:8e:53:40:e1:e9:8f:70:96:63:c5:44:
         e9:5e:d5:03:0f:59:ee:6e:e1:ab:25:f8:38:fb:e4:91:15:53:
         47:25:ff:33:9c:dd:da:22:19:8f:0e:34:ca:54:96:4a:c3:fc:
         7a:7d:2a:c3:99:70:16:2d:7a:80:5e:06:8e:19:0e:cf:e6:99:
         70:7b:69:60:c2:ab:6a:68:12:53:0a:ef:4b:9a:a1:7e:aa:79:
         1e:51:e5:1f:5c:7c:eb:11:13:94:89:70:65:92:b5:ec:a4:78:
         22:ad:d4:22:33:1d:8b:6f:b1:91:85:c5:d1:9d:6e:ba:f8:5d:
         dd:1b:da:7f:d1:d0:b6:c1:9f:11:0e:94:43:4d:1c:b6:d8:2c:
         6c:6f:06:25:70:88:f5:9b:dd:03:98:7a:eb:28:92:75:db:87:
         a3:70:fa:34:1b:46:77:4a:de:7a:21:65:96:ae:07:2d:eb:ea:
         2a:ca:52:4f:0f:37:75:d5:80:a4:ea:18:4e:61:d9:e6:b0:4a:
         ba:a7:09:c0:2d:1c:55:17:9b:71:de:c5:34:2b:4e:3c:ce:ba:
         ab:f6:25:32
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUMbO5yFNxr3u1GGaHIZyrqQOJqf8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUwNjI1MDAyMDA3WhcNMjUwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNWVkODViMGYxOGI3NzlmN2ZlZGJhNDUwMjczOWVkZTc1
ODUzNTA1NzhjZDdhOGViYTJjYjFlMmYxMzNmMTc0MS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCihYMc2/yIqqHZfT6FDYVdW/S3CwLLZ+gNJQu4s/sifl3w
hNSej8YJdrmO6xBUKMLAy/zJJheZr5SBOH9KzEhAzMzH7iI+rRDa41fQJNPVHC2t
T0CIdNyRsIo0ZJDbt4HkhAA2//xRldI/duOxVcyterV9iQ5B3yGN59Yx8D8+QcpQ
Iz0ZLNOe+BsJKfj8B49zUc60Ef//oGrAaSeg8HpLMSxFczuT1tHhrNIRpBWVVVY/
1XWp4I7wN9mhabSHr+FdR5Q6DofLgI6o1tmtI3OZ2YRTeFMTAdxPh229B1CKTLy8
kk3W8LHmopyNMGmjJoAu1tyFBnEh4af9hyPQGAJ1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUcdHabJ8HTeYhdIaTMLizsZQR/VMwHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzkxYTI3NTk0LWEwMzgtNDgzYS1hNTU4LWE1Mzc3ZjRkMjY2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBg9A//wwDQYJKoZIhvcNAQELBQADggEBAIe0MeUxQom7ur9S8cSNvKhr
KFApSGM44yvwGe4p3xFkbMhp0wPGxdmhjwGOU0Dh6Y9wlmPFROle1QMPWe5u4asl
+Dj75JEVU0cl/zOc3doiGY8ONMpUlkrD/Hp9KsOZcBYteoBeBo4ZDs/mmXB7aWDC
q2poElMK70uaoX6qeR5R5R9cfOsRE5SJcGWSteykeCKt1CIzHYtvsZGFxdGdbrr4
Xd0b2n/R0LbBnxEOlENNHLbYLGxvBiVwiPWb3QOYeusoknXbh6Nw+jQbRndK3noh
ZZauBy3r6irKUk8PN3XVgKTqGE5h2eawSrqnCcAtHFUXm3HexTQrTjzOuqv2JTI=
-----END CERTIFICATE-----