Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/6d0592fe-1739-47a3-b178-e4736351b625.roa
File:                     6d0592fe-1739-47a3-b178-e4736351b625.roa (raw, json)
Hash identifier:          kcb06ftKKZTdu/MpqKEEsOb25IimHLjJT3IRYj+lleM=
Subject key identifier:   2E:3E:9C:BF:02:81:BD:1E:DB:41:9E:89:9B:CD:CD:B2:AF:E9:2E:CD
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       2F3B4F13BD72D54A082A158D485A8D0ED53D01E0
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/6d0592fe-1739-47a3-b178-e4736351b625.roa
Signing time:             Fri 22 Aug 2025 15:00:13 +0000
ROA not before:           Fri 22 Aug 2025 15:00:13 +0000
ROA not after:            Fri 26 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f2:7010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:3b:4f:13:bd:72:d5:4a:08:2a:15:8d:48:5a:8d:0e:d5:3d:01:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 22 15:00:13 2025 GMT
            Not After : Sep 26 23:59:59 2025 GMT
        Subject: serialNumber=177a8c5661bea6d0317096f341c7a10edc12df5a70fef48e9b1db1a615909b21, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8c:45:81:57:37:af:cc:0e:d2:4f:fc:fe:b5:
                    67:26:45:d4:56:5f:a0:1e:08:5e:a5:a8:c2:84:38:
                    0d:d1:cd:f2:33:78:5a:2f:98:80:77:cd:78:82:d9:
                    3e:1e:be:c9:b7:ae:73:81:5d:7b:c8:e8:de:1b:b7:
                    03:9a:e0:bf:14:86:d8:22:a3:0e:73:c3:ed:55:7d:
                    04:ad:5c:d0:b6:6a:7f:7f:e8:0a:09:2f:9d:8b:19:
                    39:7e:be:c5:da:24:ac:85:26:2f:8b:1d:79:fd:bf:
                    2c:68:f4:58:81:dd:c2:56:ac:5e:6e:4a:74:81:f5:
                    37:cf:0b:96:17:2b:1f:8a:24:0f:07:76:2e:b7:80:
                    df:49:85:72:cc:f7:09:b5:90:fa:46:85:0f:57:01:
                    37:d5:1f:b3:73:de:67:6f:8a:4f:14:97:0a:33:4d:
                    13:15:58:0c:37:6b:0b:3e:d9:2b:af:f0:a5:e9:2e:
                    d7:ef:99:75:cf:1b:8f:80:3a:80:e4:79:15:50:3c:
                    27:1d:7d:b9:63:68:8c:3c:a5:11:34:bb:9d:ad:05:
                    44:eb:98:19:c9:84:2d:b7:17:c6:b6:b4:7c:f3:34:
                    e5:1d:ce:f7:c5:b6:7a:50:49:94:38:06:5e:53:71:
                    0b:9f:85:b8:ea:04:5f:0b:5c:ff:fc:2e:85:16:f4:
                    0b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3E:9C:BF:02:81:BD:1E:DB:41:9E:89:9B:CD:CD:B2:AF:E9:2E:CD
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/6d0592fe-1739-47a3-b178-e4736351b625.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f2:7010::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:b3:7f:95:71:e2:df:d1:53:88:03:7c:a8:0a:68:a7:1a:02:
         65:36:01:c6:ba:b3:ae:f7:e0:96:2e:d9:1e:c3:cd:37:da:7e:
         2b:05:f4:48:12:87:8d:60:a6:6f:9d:03:06:15:9d:7f:33:10:
         49:e8:de:1e:37:a9:75:3c:58:4c:e8:69:3a:2c:f4:4d:b8:74:
         b7:31:f9:7f:e5:c6:3e:22:6b:07:68:c3:c3:cd:f8:26:43:7f:
         f8:00:69:7d:11:2e:0a:6e:46:2e:3a:1c:48:d2:76:e8:e9:de:
         7e:e6:98:88:e7:b3:62:dc:a4:34:ab:b3:5e:ba:86:df:eb:e4:
         51:03:83:ce:ec:28:64:f3:87:54:29:82:f7:fd:ba:f3:78:61:
         f4:f3:5d:7c:47:fb:bc:a3:0a:37:f8:02:15:ea:c3:54:2e:b5:
         49:89:1f:b7:e7:ee:97:82:16:6b:94:f1:2a:18:c8:7c:d5:02:
         c2:c3:de:b0:09:41:6e:e9:9f:b7:66:e5:83:67:2b:9a:23:42:
         fa:37:83:7a:8a:91:3d:21:f2:11:82:22:69:67:24:d0:ba:48:
         a1:2a:3f:0c:f0:d3:1b:50:ed:30:b8:89:1b:99:b0:01:93:0b:
         62:f0:fd:b1:70:7b:75:c4:b4:93:eb:d5:ab:30:25:61:81:62:
         f8:da:a1:2e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULztPE71y1UoIKhWNSFqNDtU9AeAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODIyMTUwMDEzWhcNMjUwOTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzdhOGM1NjYxYmVhNmQwMzE3MDk2ZjM0MWM3YTEwZWRj
MTJkZjVhNzBmZWY0OGU5YjFkYjFhNjE1OTA5YjIxMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzjEWBVzevzA7ST/z+tWcmRdRWX6AeCF6lqMKEOA3RzfIz
eFovmIB3zXiC2T4evsm3rnOBXXvI6N4btwOa4L8Uhtgiow5zw+1VfQStXNC2an9/
6AoJL52LGTl+vsXaJKyFJi+LHXn9vyxo9FiB3cJWrF5uSnSB9TfPC5YXKx+KJA8H
di63gN9JhXLM9wm1kPpGhQ9XATfVH7Nz3mdvik8UlwozTRMVWAw3aws+2Suv8KXp
LtfvmXXPG4+AOoDkeRVQPCcdfbljaIw8pRE0u52tBUTrmBnJhC23F8a2tHzzNOUd
zvfFtnpQSZQ4Bl5TcQufhbjqBF8LXP/8LoUW9AuLAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQULj6cvwKBvR7bQZ6Jm83Nsq/pLs0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzZkMDU5MmZlLTE3MzktNDdhMy1iMTc4LWU0NzM2MzUxYjYyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDycBAwDQYJKoZIhvcNAQELBQADggEBAE2zf5Vx4t/RU4gDfKgKaKca
AmU2Aca6s6734JYu2R7DzTfafisF9EgSh41gpm+dAwYVnX8zEEno3h43qXU8WEzo
aTos9E24dLcx+X/lxj4iawdow8PN+CZDf/gAaX0RLgpuRi46HEjSdujp3n7mmIjn
s2LcpDSrs166ht/r5FEDg87sKGTzh1Qpgvf9uvN4YfTzXXxH+7yjCjf4AhXqw1Qu
tUmJH7fn7peCFmuU8SoYyHzVAsLD3rAJQW7pn7dm5YNnK5ojQvo3g3qKkT0h8hGC
ImlnJNC6SKEqPwzw0xtQ7TC4iRuZsAGTC2Lw/bFwe3XEtJPr1aswJWGBYvjaoS4=
-----END CERTIFICATE-----