Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c49749c5-4263-443f-a5d1-f0fc1a27edc1.roa
File:                     c49749c5-4263-443f-a5d1-f0fc1a27edc1.roa (raw, json)
Hash identifier:          qqtexjOwg0xoMwY6fwJNLyPmqTdyCQsErVuVz5l+ZRk=
Subject key identifier:   55:FB:7F:CE:54:DB:A1:BD:EE:9B:6F:E1:5E:F0:0A:E9:95:79:26:15
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       18E04EBD73062D50C88C93D6DE754F6E5692DC2A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c49749c5-4263-443f-a5d1-f0fc1a27edc1.roa
Signing time:             Wed 18 Jun 2025 00:30:04 +0000
ROA not before:           Wed 18 Jun 2025 00:30:04 +0000
ROA not after:            Wed 23 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f1:8801::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:e0:4e:bd:73:06:2d:50:c8:8c:93:d6:de:75:4f:6e:56:92:dc:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 18 00:30:04 2025 GMT
            Not After : Jul 23 23:59:59 2025 GMT
        Subject: serialNumber=6bbec5b91c44fdfbd55557f8232e0c952c5d76b49cdbfdf6008293e76d9c098b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:97:f8:61:ce:8c:55:59:b6:9c:20:6a:4f:3c:
                    79:d4:79:f8:c7:32:f8:58:df:32:88:ec:ea:65:d9:
                    3d:8d:82:ae:be:b1:20:61:10:2b:cd:76:44:b1:75:
                    cd:47:f2:53:55:06:b6:0a:56:7c:31:f0:d7:7d:79:
                    95:b1:29:33:a9:30:e7:f4:6e:df:b0:04:6a:a2:86:
                    fc:f9:de:08:60:59:5d:4a:6b:02:fe:ef:f9:56:f4:
                    c6:16:35:d2:90:01:59:1c:28:20:5f:31:d1:0c:10:
                    90:94:7c:43:b6:26:1b:2b:ec:22:1e:4c:4c:8b:ea:
                    6a:b1:14:ba:b9:dd:6b:ff:03:21:24:12:86:6b:6e:
                    76:da:29:3d:88:8c:17:55:d4:76:2a:01:af:24:bc:
                    c9:f3:bb:42:60:cc:c5:af:a6:22:1a:90:fc:eb:57:
                    13:de:3b:51:e3:b6:29:cb:b3:cb:a9:3d:55:47:c5:
                    d3:a3:77:0b:90:a2:24:c4:b4:3e:a0:45:b1:80:fc:
                    ce:1e:23:59:2b:73:90:a6:28:0f:65:2e:0e:d2:f5:
                    2c:51:91:5d:7b:77:86:c4:e3:76:4c:75:0b:fe:cd:
                    d2:fe:32:52:a6:20:5f:21:1c:0f:cf:c4:5e:72:c7:
                    cc:3a:7c:0b:67:cc:99:81:cb:b1:c9:3f:c4:9a:dc:
                    7d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FB:7F:CE:54:DB:A1:BD:EE:9B:6F:E1:5E:F0:0A:E9:95:79:26:15
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c49749c5-4263-443f-a5d1-f0fc1a27edc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f1:8801::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:bb:3f:d1:49:fa:00:ff:af:e0:4b:08:40:92:3d:f9:11:0b:
         8a:6a:11:b4:b5:7f:dc:01:de:c8:b0:8d:db:e4:b8:4f:e8:b8:
         81:d9:29:b3:f1:15:f9:b1:83:12:32:0c:68:13:a2:cc:5e:71:
         4f:15:5f:40:18:ad:0b:fa:33:ed:b1:37:5a:1d:b3:bb:41:01:
         5f:6b:2d:2b:5b:a6:a5:82:61:60:04:6e:1c:cf:4f:a4:60:63:
         94:b2:fc:23:eb:5e:c1:73:18:c7:c5:57:dc:41:dd:68:a3:24:
         83:11:50:16:9b:45:b4:36:b7:44:af:50:c0:fb:06:bf:56:c2:
         84:91:b4:e5:38:af:8f:c5:da:e9:c0:6d:0c:39:5c:f2:8f:ba:
         44:99:22:5a:ae:4f:2a:f5:df:fb:a1:11:7c:5f:22:c7:67:44:
         8b:86:37:77:78:d1:bf:89:c2:94:ad:e5:21:84:6a:82:f5:6c:
         61:34:59:27:53:70:6a:89:e1:d3:0c:b4:72:b3:64:b9:f5:ef:
         87:28:02:5c:f2:16:72:18:0d:14:c0:b1:2e:ec:63:b1:84:cf:
         49:20:9b:b4:38:f7:d9:45:45:f5:0f:ea:bb:65:30:c4:72:b0:
         05:4b:8c:a4:1d:e8:cd:f8:06:c7:58:ad:61:70:6f:4e:2c:3c:
         53:8e:69:70
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUGOBOvXMGLVDIjJPW3nVPblaS3CowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjE4MDAzMDA0WhcNMjUwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmJlYzViOTFjNDRmZGZiZDU1NTU3ZjgyMzJlMGM5NTJj
NWQ3NmI0OWNkYmZkZjYwMDgyOTNlNzZkOWMwOThiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNl/hhzoxVWbacIGpPPHnUefjHMvhY3zKI7Opl2T2Ngq6+
sSBhECvNdkSxdc1H8lNVBrYKVnwx8Nd9eZWxKTOpMOf0bt+wBGqihvz53ghgWV1K
awL+7/lW9MYWNdKQAVkcKCBfMdEMEJCUfEO2Jhsr7CIeTEyL6mqxFLq53Wv/AyEk
EoZrbnbaKT2IjBdV1HYqAa8kvMnzu0JgzMWvpiIakPzrVxPeO1HjtinLs8upPVVH
xdOjdwuQoiTEtD6gRbGA/M4eI1krc5CmKA9lLg7S9SxRkV17d4bE43ZMdQv+zdL+
MlKmIF8hHA/PxF5yx8w6fAtnzJmBy7HJP8Sa3H11AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUVft/zlTbob3um2/hXvAK6ZV5JhUwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2M0OTc0OWM1LTQyNjMtNDQzZi1hNWQxLWYwZmMxYTI3ZWRjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDxiAEwDQYJKoZIhvcNAQELBQADggEBAEi7P9FJ+gD/r+BLCECSPfkR
C4pqEbS1f9wB3siwjdvkuE/ouIHZKbPxFfmxgxIyDGgTosxecU8VX0AYrQv6M+2x
N1ods7tBAV9rLStbpqWCYWAEbhzPT6RgY5Sy/CPrXsFzGMfFV9xB3WijJIMRUBab
RbQ2t0SvUMD7Br9WwoSRtOU4r4/F2unAbQw5XPKPukSZIlquTyr13/uhEXxfIsdn
RIuGN3d40b+JwpSt5SGEaoL1bGE0WSdTcGqJ4dMMtHKzZLn174coAlzyFnIYDRTA
sS7sY7GEz0kgm7Q499lFRfUP6rtlMMRysAVLjKQd6M34BsdYrWFwb04sPFOOaXA=
-----END CERTIFICATE-----