Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2537a9dc-38fe-4282-a7fd-c3f10cbb6270.roa
File:                     2537a9dc-38fe-4282-a7fd-c3f10cbb6270.roa (raw, json)
Hash identifier:          I4uHWs+PVWkkz6jPJWeiJMsXxENknlonnIobamIDNcA=
Subject key identifier:   2E:80:B4:B1:A9:28:8A:1B:AC:C3:99:BF:86:32:30:35:CC:CE:B6:DA
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       334CD4857CDA60320D62A25CBEE09F1DDEEE0E4E
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2537a9dc-38fe-4282-a7fd-c3f10cbb6270.roa
Signing time:             Wed 18 Jun 2025 00:30:07 +0000
ROA not before:           Wed 18 Jun 2025 00:30:07 +0000
ROA not after:            Wed 23 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f3:f000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:4c:d4:85:7c:da:60:32:0d:62:a2:5c:be:e0:9f:1d:de:ee:0e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 18 00:30:07 2025 GMT
            Not After : Jul 23 23:59:59 2025 GMT
        Subject: serialNumber=2a043bdb4634d23c2c214578fded480ea9938249cb17a79186d19614f185cda4, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e5:5d:f7:d5:4d:e8:e1:93:cd:c0:f4:0a:a6:
                    3a:a6:4c:7a:42:06:7d:c9:1b:e5:28:7b:f5:a0:c6:
                    74:e4:38:29:e8:1b:d5:36:95:76:18:a8:00:dc:a7:
                    06:45:a6:ae:a0:ce:0b:f5:6f:18:16:55:31:50:4b:
                    79:91:b0:ce:a0:3e:2c:33:16:83:35:8c:68:90:68:
                    80:a2:5e:84:9c:42:d1:eb:96:b7:00:aa:7b:f7:4c:
                    3d:c8:9d:67:3c:57:34:4f:60:88:4f:5e:70:6f:ac:
                    5b:79:b9:2b:64:37:27:34:5f:90:38:1b:6f:51:60:
                    63:6d:3c:a4:37:8f:1d:da:69:ff:5d:9a:0e:fe:73:
                    c5:a5:61:82:c5:bc:e2:11:24:62:d1:78:22:28:2e:
                    a6:84:c8:f6:68:f5:59:8f:af:67:d6:20:29:2e:06:
                    26:34:20:3c:12:ce:3f:29:04:35:2a:b1:9c:dc:ca:
                    6e:29:5e:8d:b5:d4:c7:37:a0:6e:44:f8:8b:aa:f5:
                    6c:67:1a:f9:06:85:2e:32:23:ed:94:d1:6c:f2:7c:
                    a9:7f:6e:93:90:3a:e4:92:61:bf:11:3d:b9:47:8c:
                    35:a8:e9:0c:cc:1c:be:82:5b:f5:30:eb:48:c5:81:
                    dc:b7:25:d8:26:74:57:89:67:43:6f:3e:42:60:dc:
                    38:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:80:B4:B1:A9:28:8A:1B:AC:C3:99:BF:86:32:30:35:CC:CE:B6:DA
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2537a9dc-38fe-4282-a7fd-c3f10cbb6270.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f3:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:71:a9:15:3b:d2:96:1f:7a:6d:c4:a4:13:56:d8:23:c2:a0:
         6d:5f:d4:27:f3:6f:36:9d:13:a6:ff:67:21:a2:b8:79:5e:af:
         d1:3f:d3:79:f8:ee:f7:04:6f:f2:b2:05:44:d0:eb:2a:51:f4:
         af:e2:e2:9f:33:91:33:9f:42:03:ea:4d:e5:e7:af:4a:45:88:
         82:dd:05:dc:9f:4e:58:27:42:69:cd:ae:54:f7:ed:57:f8:8e:
         c1:39:70:df:36:d2:fe:50:82:f2:85:66:55:c7:be:52:1e:e4:
         40:c4:0c:28:89:dc:d2:63:61:b6:bd:6e:00:8d:f5:e8:d8:9d:
         71:eb:8a:05:86:b3:41:7a:c9:04:42:1e:35:59:ab:16:6d:0b:
         79:10:dc:23:b1:9b:d0:59:b1:ad:90:ee:97:42:f0:e4:47:55:
         e0:02:f8:49:9d:6d:08:75:df:4b:e9:4a:c0:6a:e1:72:3f:c5:
         f0:34:47:db:7d:74:cf:0e:2e:6e:df:e8:09:81:11:69:d0:1f:
         02:5e:1d:e0:9e:5d:31:a6:5a:ba:bd:78:fa:9f:92:25:79:b8:
         be:31:ae:f3:8a:44:a3:b7:e1:16:90:54:54:84:15:26:b7:42:
         70:8a:08:86:c4:c9:3b:f1:7a:47:ae:cf:ca:55:fc:24:a9:d7:
         eb:00:14:57
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUM0zUhXzaYDINYqJcvuCfHd7uDk4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjE4MDAzMDA3WhcNMjUwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTA0M2JkYjQ2MzRkMjNjMmMyMTQ1NzhmZGVkNDgwZWE5
OTM4MjQ5Y2IxN2E3OTE4NmQxOTYxNGYxODVjZGE0MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx5V331U3o4ZPNwPQKpjqmTHpCBn3JG+Uoe/WgxnTkOCno
G9U2lXYYqADcpwZFpq6gzgv1bxgWVTFQS3mRsM6gPiwzFoM1jGiQaICiXoScQtHr
lrcAqnv3TD3InWc8VzRPYIhPXnBvrFt5uStkNyc0X5A4G29RYGNtPKQ3jx3aaf9d
mg7+c8WlYYLFvOIRJGLReCIoLqaEyPZo9VmPr2fWICkuBiY0IDwSzj8pBDUqsZzc
ym4pXo211Mc3oG5E+Iuq9WxnGvkGhS4yI+2U0WzyfKl/bpOQOuSSYb8RPblHjDWo
6QzMHL6CW/Uw60jFgdy3JdgmdFeJZ0NvPkJg3DhjAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQULoC0sakoihusw5m/hjIwNczOttowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzI1MzdhOWRjLTM4ZmUtNDI4Mi1hN2ZkLWMzZjEwY2JiNjI3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDz8AAwDQYJKoZIhvcNAQELBQADggEBADlxqRU70pYfem3EpBNW2CPC
oG1f1CfzbzadE6b/ZyGiuHler9E/03n47vcEb/KyBUTQ6ypR9K/i4p8zkTOfQgPq
TeXnr0pFiILdBdyfTlgnQmnNrlT37Vf4jsE5cN820v5QgvKFZlXHvlIe5EDEDCiJ
3NJjYba9bgCN9ejYnXHrigWGs0F6yQRCHjVZqxZtC3kQ3COxm9BZsa2Q7pdC8ORH
VeAC+EmdbQh130vpSsBq4XI/xfA0R9t9dM8OLm7f6AmBEWnQHwJeHeCeXTGmWrq9
ePqfkiV5uL4xrvOKRKO34RaQVFSEFSa3QnCKCIbEyTvxekeuz8pV/CSp1+sAFFc=
-----END CERTIFICATE-----