Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa
File:                     9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa (raw, json)
Hash identifier:          XjzgBhTTzRYwqCmJqtyEqTPfCdqB6fUl0N/T68Ft/lY=
Subject key identifier:   19:04:D5:0C:41:46:3D:C3:A1:3D:5F:D2:8E:AB:05:43:D7:3B:75:2A
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6A5412EB9EC5CA25578F375D4CA7D899611DF86E
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa
Signing time:             Tue 06 May 2025 00:40:05 +0000
ROA not before:           Tue 06 May 2025 00:40:05 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5503::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 08 May 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:54:12:eb:9e:c5:ca:25:57:8f:37:5d:4c:a7:d8:99:61:1d:f8:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May  6 00:40:05 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=e756c27dbc7e1b19276aa0e2c72a3a39b96fefaa1e6575517e3c0a22fe0a207e, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4b:72:2e:d4:e9:74:25:8a:75:fe:6e:b3:17:
                    9d:8e:53:c0:04:23:a5:6f:a3:75:ae:9e:ef:eb:87:
                    ec:b4:e2:24:2a:47:ce:15:06:e8:66:f0:d2:f1:60:
                    d2:33:b7:37:c1:63:dd:73:a2:32:2d:65:dd:1e:7d:
                    ce:37:b9:70:f3:b0:fd:a5:9f:7a:28:dd:ca:2a:74:
                    64:16:07:f0:ba:1a:e5:52:7b:da:ce:e9:0c:d3:e7:
                    11:55:85:1e:1b:f1:c4:78:13:02:0d:3b:e9:b3:6d:
                    41:cb:3e:8c:71:06:36:fb:88:81:8a:30:eb:b7:ef:
                    3a:58:67:bb:f9:39:01:52:72:47:b5:4d:66:3d:e4:
                    18:a4:55:83:de:b2:9d:87:40:11:c9:7e:1c:eb:5b:
                    6c:f0:f8:2f:bb:6f:06:74:7b:c7:1e:af:42:d6:94:
                    81:96:89:2c:89:a8:5f:53:6b:de:95:fb:af:fa:91:
                    ae:60:9d:fe:8e:6a:f0:c2:b4:98:f2:5d:eb:13:7f:
                    2a:22:e6:4a:92:ce:57:7d:02:ec:39:07:6e:d5:63:
                    ff:93:7f:33:c9:14:4d:98:70:f7:5c:d4:c4:c2:44:
                    da:5c:d1:1f:e0:68:9b:79:d5:aa:cb:26:aa:5a:af:
                    16:2b:4e:85:18:de:38:46:45:1d:f3:4e:78:00:50:
                    b2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:04:D5:0C:41:46:3D:C3:A1:3D:5F:D2:8E:AB:05:43:D7:3B:75:2A
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5503::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:8e:bb:00:72:05:de:2b:d6:df:46:1a:e2:dc:2d:c9:24:bc:
         c6:6b:48:e0:e0:9c:26:01:72:94:aa:b2:8b:a3:0a:12:91:38:
         e5:35:ee:22:02:e8:2d:1f:26:a4:8d:94:d0:b0:9f:a5:1e:22:
         28:9d:cd:e8:c0:3c:75:a2:f5:88:ed:ca:d5:33:65:ff:c6:0f:
         49:ea:f7:b4:92:4f:c8:9a:9c:1f:2f:c6:06:18:90:72:c7:92:
         8b:2f:49:b2:1c:7b:08:01:1a:87:09:41:84:cd:38:4c:ea:d9:
         4a:c2:3f:6c:bd:99:bb:7d:87:10:59:e7:13:17:64:c1:6c:11:
         ad:b7:6e:47:b0:41:e5:44:06:d9:c1:9f:12:08:34:f3:b0:4d:
         64:0d:c2:17:17:a0:32:25:5b:a1:51:3b:fa:13:9c:ac:66:aa:
         30:db:0f:7d:4e:7d:4a:9d:86:b2:b2:9a:56:f9:58:12:f0:7d:
         16:a9:cf:02:3d:96:70:65:1a:84:e1:7e:b9:7c:28:8b:97:47:
         13:25:f7:61:4c:63:bd:e5:53:23:8b:18:5f:59:c3:bb:3c:7b:
         b8:06:89:fa:fa:9f:1c:dc:da:49:2a:f4:ca:1a:e0:1a:dc:78:
         59:44:90:04:b4:cd:c0:84:c7:eb:b8:1e:6d:3a:7c:6b:bc:5d:
         b7:73:7d:c3
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUalQS657FyiVXjzddTKfYmWEd+G4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNTA2MDA0MDA1WhcNMjUwNjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzU2YzI3ZGJjN2UxYjE5Mjc2YWEwZTJjNzJhM2EzOWI5
NmZlZmFhMWU2NTc1NTE3ZTNjMGEyMmZlMGEyMDdlMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtS3Iu1Ol0JYp1/m6zF52OU8AEI6Vvo3Wunu/rh+y04iQq
R84VBuhm8NLxYNIztzfBY91zojItZd0efc43uXDzsP2ln3oo3coqdGQWB/C6GuVS
e9rO6QzT5xFVhR4b8cR4EwINO+mzbUHLPoxxBjb7iIGKMOu37zpYZ7v5OQFScke1
TWY95BikVYPesp2HQBHJfhzrW2zw+C+7bwZ0e8cer0LWlIGWiSyJqF9Ta96V+6/6
ka5gnf6OavDCtJjyXesTfyoi5kqSzld9Auw5B27VY/+TfzPJFE2YcPdc1MTCRNpc
0R/gaJt51arLJqparxYrToUY3jhGRR3zTngAULL3AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUGQTVDEFGPcOhPV/SjqsFQ9c7dSowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2Lzk3MzhiYjBkLTFhODQtNDYwMS1iYzZiLTI1YmE3ZjQ5YzcyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVQMwDQYJKoZIhvcNAQELBQADggEBACuOuwByBd4r1t9GGuLcLckk
vMZrSODgnCYBcpSqsoujChKROOU17iIC6C0fJqSNlNCwn6UeIiidzejAPHWi9Yjt
ytUzZf/GD0nq97SST8ianB8vxgYYkHLHkosvSbIcewgBGocJQYTNOEzq2UrCP2y9
mbt9hxBZ5xMXZMFsEa23bkewQeVEBtnBnxIINPOwTWQNwhcXoDIlW6FRO/oTnKxm
qjDbD31OfUqdhrKymlb5WBLwfRapzwI9lnBlGoThfrl8KIuXRxMl92FMY73lUyOL
GF9Zw7s8e7gGifr6nxzc2kkq9Moa4BrceFlEkAS0zcCEx+u4Hm06fGu8XbdzfcM=
-----END CERTIFICATE-----