Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/c686f937-000a-490a-846c-e2773b637b26.roa
File:                     c686f937-000a-490a-846c-e2773b637b26.roa (raw, json)
Hash identifier:          Dttg5jud/ulKHo9YIm2Qx70uM2HnmwPSgtD6RKG4O6c=
Subject key identifier:   C8:26:50:59:AD:41:AE:8A:35:D7:23:95:81:77:E0:43:E9:31:50:E6
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       68DD7BE2CB9847AA51DEDE487C48F04508475371
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/c686f937-000a-490a-846c-e2773b637b26.roa
Signing time:             Wed 25 Jun 2025 00:20:06 +0000
ROA not before:           Wed 25 Jun 2025 00:20:06 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:dd:7b:e2:cb:98:47:aa:51:de:de:48:7c:48:f0:45:08:47:53:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Jun 25 00:20:06 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=ed20273c98d8d8d9da109f3354776fbac1b6ba3d8cbeb01e661da96e588bb491, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:88:98:18:98:29:e1:18:62:c3:76:18:82:d6:
                    f2:28:9c:88:1e:a2:95:6c:3a:ad:e7:70:36:2f:d5:
                    0b:d1:09:89:0d:00:e2:99:7f:fe:86:d9:a7:93:ea:
                    ea:ca:16:25:72:b6:96:53:59:f2:7d:03:b1:8d:78:
                    b0:ed:f9:47:e9:f9:65:dd:93:33:c2:ae:5f:70:ed:
                    54:97:02:3b:eb:ec:d4:79:8d:57:da:43:b7:57:dd:
                    60:d0:47:af:f6:68:a9:ef:96:70:04:53:63:b3:ff:
                    7b:1c:ba:eb:83:0a:ec:60:bf:f3:ab:fd:69:f6:42:
                    18:52:bc:18:fc:f2:e0:42:ff:28:34:ff:61:ae:f1:
                    9d:b3:86:19:72:e9:46:65:ea:40:08:35:e1:eb:c4:
                    2e:aa:0f:1f:87:a2:c6:12:5a:06:3b:fe:e0:a4:82:
                    ba:ca:45:18:b9:73:32:13:89:7a:6d:b8:b6:5a:31:
                    22:60:3b:a7:f7:9d:3a:17:c3:8b:e7:f1:96:01:50:
                    e3:e5:51:76:3f:49:9e:7c:cd:f7:e3:4d:b8:3a:eb:
                    63:65:cd:fe:39:c1:10:16:1e:77:75:8a:24:4c:1d:
                    f3:46:02:51:d5:4e:b3:f6:47:51:46:3e:f0:7a:b3:
                    f8:ef:81:ba:87:9d:ce:fd:25:01:de:79:15:5b:e6:
                    91:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:26:50:59:AD:41:AE:8A:35:D7:23:95:81:77:E0:43:E9:31:50:E6
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/c686f937-000a-490a-846c-e2773b637b26.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:05:81:df:8f:4c:94:fb:a3:12:c6:c6:7d:3f:a9:07:6c:0e:
         2a:93:44:19:81:14:50:a2:c5:d8:88:ca:c1:0b:5d:1c:16:61:
         1e:63:b0:28:5e:58:6c:64:f9:56:3d:ce:f9:80:22:a8:8d:90:
         ba:17:42:be:ec:f4:70:b3:c6:bb:52:c7:10:4f:ac:8d:40:80:
         a3:70:80:53:3b:a3:86:dd:b8:fb:2f:90:af:54:f0:2d:df:35:
         ab:74:e9:33:f9:89:92:c7:26:63:46:a4:ae:8f:18:27:03:37:
         55:ef:08:c9:a7:65:eb:72:92:06:f6:f1:1d:8a:2f:67:3b:7b:
         9c:35:db:22:f7:46:57:df:c9:1e:99:aa:be:93:7c:0c:96:f5:
         7e:65:64:40:e2:c7:18:93:9a:65:f3:d4:e6:32:47:2e:7a:3d:
         20:8a:cc:f7:d0:b8:7b:d5:dc:7b:ef:e8:88:7f:66:b3:c9:b3:
         7b:5a:01:3b:9a:3b:0c:df:b4:ee:8b:d0:a5:32:cd:d9:b4:e5:
         27:d3:1d:9d:b0:31:79:bb:f4:1c:4d:bf:93:44:82:92:19:e7:
         85:cf:1c:ba:1f:e7:18:45:e6:eb:84:ba:76:f5:fc:56:f7:ec:
         17:a6:fb:ab:a2:c2:14:8d:ed:44:78:ac:8e:45:13:51:24:e4:
         4c:06:ac:90
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUaN174suYR6pR3t5IfEjwRQhHU3EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUwNjI1MDAyMDA2WhcNMjUwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDIwMjczYzk4ZDhkOGQ5ZGExMDlmMzM1NDc3NmZiYWMx
YjZiYTNkOGNiZWIwMWU2NjFkYTk2ZTU4OGJiNDkxMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgiJgYmCnhGGLDdhiC1vIonIgeopVsOq3ncDYv1QvRCYkN
AOKZf/6G2aeT6urKFiVytpZTWfJ9A7GNeLDt+Ufp+WXdkzPCrl9w7VSXAjvr7NR5
jVfaQ7dX3WDQR6/2aKnvlnAEU2Oz/3scuuuDCuxgv/Or/Wn2QhhSvBj88uBC/yg0
/2Gu8Z2zhhly6UZl6kAINeHrxC6qDx+HosYSWgY7/uCkgrrKRRi5czITiXptuLZa
MSJgO6f3nToXw4vn8ZYBUOPlUXY/SZ58zffjTbg662Nlzf45wRAWHnd1iiRMHfNG
AlHVTrP2R1FGPvB6s/jvgbqHnc79JQHeeRVb5pFlAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUyCZQWa1Broo11yOVgXfgQ+kxUOYwHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjL2M2ODZmOTM3LTAwMGEtNDkwYS04NDZjLWUyNzczYjYzN2IyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmBg9AMA0GCSqGSIb3DQEBCwUAA4IBAQABBYHfj0yU+6MSxsZ9P6kHbA4q
k0QZgRRQosXYiMrBC10cFmEeY7AoXlhsZPlWPc75gCKojZC6F0K+7PRws8a7UscQ
T6yNQICjcIBTO6OG3bj7L5CvVPAt3zWrdOkz+YmSxyZjRqSujxgnAzdV7wjJp2Xr
cpIG9vEdii9nO3ucNdsi90ZX38kemaq+k3wMlvV+ZWRA4scYk5pl89TmMkcuej0g
isz30Lh71dx77+iIf2azybN7WgE7mjsM37Tui9ClMs3ZtOUn0x2dsDF5u/QcTb+T
RIKSGeeFzxy6H+cYRebrhLp29fxW9+wXpvurosIUje1EeKyORRNRJORMBqyQ
-----END CERTIFICATE-----