Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/373de46b-0532-424d-b3f0-749aec3cab9c.roa
File:                     373de46b-0532-424d-b3f0-749aec3cab9c.roa (raw, json)
Hash identifier:          kUdBNir6NLxg8iaKSd9/sMuJd/+uqD1gLYHDAigJkE8=
Subject key identifier:   BB:21:CB:85:AC:1B:5A:DA:D0:BB:A6:19:1E:46:12:2E:72:07:EA:BF
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       70292150D76A5F5B60321DFF10E8599D79B692AE
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/373de46b-0532-424d-b3f0-749aec3cab9c.roa
Signing time:             Mon 18 Aug 2025 18:22:29 +0000
ROA not before:           Mon 18 Aug 2025 18:22:29 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:6116::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:29:21:50:d7:6a:5f:5b:60:32:1d:ff:10:e8:59:9d:79:b6:92:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 18 18:22:29 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=632065aa047e09b453c55274c643bc86334b8b0bc953f8f59e4868187b5caed4, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:57:f4:6c:af:a3:1e:50:e4:5b:46:3e:5a:c4:
                    ee:a9:75:4b:61:99:8d:8b:c9:f2:df:3d:eb:1d:70:
                    58:6e:96:34:c4:16:e3:c1:0a:c5:28:60:36:e2:9f:
                    d9:91:c6:2c:7e:c3:5e:b0:56:8b:8e:5a:2c:41:b7:
                    99:75:15:f1:45:28:b6:f4:94:d8:ab:34:b0:ed:d5:
                    69:ef:2a:3c:48:ac:31:12:58:d9:3d:a0:84:2d:16:
                    84:97:f1:72:92:7f:76:c3:8c:f1:a7:64:9a:dd:92:
                    5b:fb:ea:0a:5f:e2:1a:d5:5f:e2:0f:24:e8:72:39:
                    7b:a0:2c:8c:52:8e:ea:75:f1:08:ac:f3:28:50:28:
                    c3:3b:34:21:00:75:80:2e:4f:a0:e4:d8:e8:9d:cd:
                    75:c1:80:cb:91:ab:64:55:5b:42:10:66:a7:3b:62:
                    6f:28:e3:2b:b4:92:b7:2e:4b:6f:a0:f4:5d:98:ce:
                    bd:2e:dd:a2:f2:ce:bf:1a:7a:51:28:ab:45:e8:95:
                    43:e1:e4:95:35:91:3a:3b:4e:d2:fd:bb:a3:ce:ce:
                    d5:1a:5c:56:a1:13:9e:8f:5b:df:60:47:ed:3b:d9:
                    23:bd:9d:11:63:40:c8:2e:45:d7:e8:87:cc:2d:58:
                    00:aa:b4:e4:bb:fe:b0:ca:2b:06:aa:0e:05:35:f5:
                    db:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:21:CB:85:AC:1B:5A:DA:D0:BB:A6:19:1E:46:12:2E:72:07:EA:BF
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/373de46b-0532-424d-b3f0-749aec3cab9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6116::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:aa:f5:1b:89:8a:78:ed:0f:9a:77:44:e0:e3:84:a7:30:b0:
         e7:b7:fb:56:22:ca:e0:b2:8f:44:fa:b4:3d:9a:98:ac:86:95:
         e7:f0:fd:62:a3:61:d9:3b:1c:01:ca:e1:4a:19:11:6c:1d:af:
         33:59:11:cf:19:1d:39:75:62:18:e9:68:68:3b:e3:e4:be:60:
         60:77:2d:7d:d9:7b:e5:f9:fa:a2:cb:19:e9:33:68:3b:90:a3:
         6e:cb:7e:78:00:9d:78:4e:62:8f:a0:4e:53:3f:36:b5:55:d5:
         dc:ab:90:ab:80:e5:b1:27:b2:80:e3:fe:69:5d:1d:d8:9d:15:
         58:d0:05:b0:b3:ac:b5:1f:cb:cd:c0:e7:b1:6e:a8:7f:f0:28:
         91:cc:97:26:c4:d4:1e:8b:38:4d:4f:c6:5b:84:ce:cd:45:03:
         10:1d:b6:b6:63:80:1f:10:3d:31:bd:48:a1:d6:0b:b6:02:d0:
         84:55:26:83:8f:36:fc:42:e1:88:e6:82:71:b7:60:a5:3d:6e:
         3c:17:0e:89:7d:66:61:24:c5:80:0d:fe:32:6c:24:a3:57:ca:
         0f:30:d5:44:e0:14:f4:bb:7f:62:d3:36:00:94:bf:3e:39:8a:
         19:39:a6:15:b3:3c:52:6b:26:39:1a:e9:13:c2:b3:c7:5a:2a:
         54:03:63:30
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcCkhUNdqX1tgMh3/EOhZnXm2kq4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODE4MTgyMjI5WhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MzIwNjVhYTA0N2UwOWI0NTNjNTUyNzRjNjQzYmM4NjMz
NGI4YjBiYzk1M2Y4ZjU5ZTQ4NjgxODdiNWNhZWQ0MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGV/Rsr6MeUORbRj5axO6pdUthmY2LyfLfPesdcFhuljTE
FuPBCsUoYDbin9mRxix+w16wVouOWixBt5l1FfFFKLb0lNirNLDt1WnvKjxIrDES
WNk9oIQtFoSX8XKSf3bDjPGnZJrdklv76gpf4hrVX+IPJOhyOXugLIxSjup18Qis
8yhQKMM7NCEAdYAuT6Dk2OidzXXBgMuRq2RVW0IQZqc7Ym8o4yu0krcuS2+g9F2Y
zr0u3aLyzr8aelEoq0XolUPh5JU1kTo7TtL9u6POztUaXFahE56PW99gR+072SO9
nRFjQMguRdfoh8wtWACqtOS7/rDKKwaqDgU19dtZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUuyHLhawbWtrQu6YZHkYSLnIH6r8wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzM3M2RlNDZiLTA1MzItNDI0ZC1iM2YwLTc0OWFlYzNjYWI5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYRYwDQYJKoZIhvcNAQELBQADggEBABqq9RuJinjtD5p3RODjhKcw
sOe3+1YiyuCyj0T6tD2amKyGlefw/WKjYdk7HAHK4UoZEWwdrzNZEc8ZHTl1Yhjp
aGg74+S+YGB3LX3Ze+X5+qLLGekzaDuQo27LfngAnXhOYo+gTlM/NrVV1dyrkKuA
5bEnsoDj/mldHdidFVjQBbCzrLUfy83A57FuqH/wKJHMlybE1B6LOE1PxluEzs1F
AxAdtrZjgB8QPTG9SKHWC7YC0IRVJoOPNvxC4YjmgnG3YKU9bjwXDol9ZmEkxYAN
/jJsJKNXyg8w1UTgFPS7f2LTNgCUvz45ihk5phWzPFJrJjka6RPCs8daKlQDYzA=
-----END CERTIFICATE-----