Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/1aab309d-d77a-41e6-adae-163d0354f837.roa
File:                     1aab309d-d77a-41e6-adae-163d0354f837.roa (raw, json)
Hash identifier:          Qu6ALX3XjEk3DJdKI6Vp9lotOWLzR5TeRgOMqHyDn3Q=
Subject key identifier:   A7:EE:49:95:17:B9:11:F3:3E:5A:78:08:AA:4E:3E:02:0E:EC:1A:E0
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       0876AF4A72DA6ACFD069ACCB0F3C1464FEB5203C
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/1aab309d-d77a-41e6-adae-163d0354f837.roa
Signing time:             Fri 31 Oct 2025 00:56:39 +0000
ROA not before:           Fri 31 Oct 2025 00:56:39 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:38b8::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 19 Nov 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:76:af:4a:72:da:6a:cf:d0:69:ac:cb:0f:3c:14:64:fe:b5:20:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 00:56:39 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=ea03864b18c33b2628dd4acb9413a69fb2b660603a2f8ba8ca372940d0b2539f, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c9:09:21:6f:de:65:3c:02:a3:4b:7a:c6:be:
                    1b:dc:3a:ac:48:49:5d:0a:47:9b:6a:fe:a4:75:f8:
                    ab:42:ce:7d:c8:94:06:08:2e:c7:38:9b:04:b3:e4:
                    06:da:e7:53:61:c7:74:a9:87:05:36:7b:d1:8b:14:
                    73:c9:11:ce:f0:ee:93:12:70:cd:ef:61:c3:18:29:
                    47:de:29:f5:f8:d4:3c:f1:5d:ac:48:2c:cf:20:80:
                    3c:bd:47:d7:e2:73:31:d8:da:7c:bf:34:60:a6:80:
                    ac:2e:f3:6c:13:13:1d:94:49:36:50:ea:0a:eb:9e:
                    d8:11:02:27:45:c2:d1:72:79:79:3b:87:79:45:30:
                    9d:36:35:d6:37:ae:b2:cd:30:4b:fe:fd:57:24:ad:
                    00:d5:db:14:0f:ef:5f:94:23:72:64:69:ed:12:87:
                    0d:a5:37:af:23:a4:fc:40:02:de:f8:47:c6:b2:13:
                    37:80:35:67:d9:c0:d4:bb:3b:43:e1:ab:aa:77:bc:
                    45:ee:ed:47:01:6a:3f:98:1c:d4:a4:0c:10:53:de:
                    73:f2:62:7a:fc:79:a0:9c:25:fc:d5:50:04:b7:04:
                    bd:92:d7:82:8c:bf:32:63:f2:21:ac:49:21:1f:c2:
                    06:15:e0:0c:1b:8a:11:c2:78:30:48:03:37:ba:8a:
                    fa:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:EE:49:95:17:B9:11:F3:3E:5A:78:08:AA:4E:3E:02:0E:EC:1A:E0
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/1aab309d-d77a-41e6-adae-163d0354f837.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:38b8::/47

    Signature Algorithm: sha256WithRSAEncryption
         46:74:95:e3:ad:93:c7:85:0e:72:9e:cd:16:8f:69:4d:5f:de:
         04:e5:2e:d0:75:2a:bf:64:3e:1a:ee:ca:03:7f:8b:ff:f2:92:
         41:fe:f7:f6:23:16:58:b1:3f:40:1f:13:63:17:2c:a0:58:20:
         4a:39:9f:ef:72:03:7f:c8:93:c0:67:53:e3:11:3c:ec:a5:e9:
         64:2d:4f:55:80:3d:ef:fd:c4:e3:2e:30:f7:78:53:bd:bb:92:
         31:17:e8:4c:2d:63:a1:08:66:1c:b3:d5:da:5c:6b:64:5d:d6:
         8e:2d:26:ab:94:5d:4f:b8:85:04:dd:d2:52:48:fe:cf:3f:e4:
         f6:3f:c6:7d:fb:f9:69:99:f7:7c:cd:0d:bd:66:42:d3:ef:aa:
         ac:00:92:bc:4c:0c:9b:dc:c1:52:00:2f:b7:40:37:16:d1:4a:
         b6:fb:bc:8e:2c:43:88:1e:d4:c0:f7:02:c0:c9:06:d8:9a:54:
         3d:5b:b5:5c:e0:05:4e:ac:96:d4:50:29:25:91:ee:eb:6f:57:
         b9:ab:0b:f9:98:49:fd:1e:7f:60:34:94:5c:41:fc:b1:8b:26:
         af:72:71:02:ad:49:b7:5a:bc:2a:90:1b:ff:14:bc:e1:76:b5:
         e8:42:a2:ff:d5:ab:14:e1:a7:a5:71:1b:ac:9e:c3:52:76:b8:
         db:21:18:d4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCHavSnLaas/QaazLDzwUZP61IDwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDA1NjM5WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTAzODY0YjE4YzMzYjI2MjhkZDRhY2I5NDEzYTY5ZmIy
YjY2MDYwM2EyZjhiYThjYTM3Mjk0MGQwYjI1MzlmMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChyQkhb95lPAKjS3rGvhvcOqxISV0KR5tq/qR1+KtCzn3I
lAYILsc4mwSz5Aba51Nhx3SphwU2e9GLFHPJEc7w7pMScM3vYcMYKUfeKfX41Dzx
XaxILM8ggDy9R9ficzHY2ny/NGCmgKwu82wTEx2USTZQ6grrntgRAidFwtFyeXk7
h3lFMJ02NdY3rrLNMEv+/VckrQDV2xQP71+UI3Jkae0Shw2lN68jpPxAAt74R8ay
EzeANWfZwNS7O0Phq6p3vEXu7UcBaj+YHNSkDBBT3nPyYnr8eaCcJfzVUAS3BL2S
14KMvzJj8iGsSSEfwgYV4AwbihHCeDBIAze6ivrxAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUp+5JlRe5EfM+WngIqk4+Ag7sGuAwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzFhYWIzMDlkLWQ3N2EtNDFlNi1hZGFlLTE2M2QwMzU0ZjgzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAOLgwDQYJKoZIhvcNAQELBQADggEBAEZ0leOtk8eFDnKezRaPaU1f
3gTlLtB1Kr9kPhruygN/i//ykkH+9/YjFlixP0AfE2MXLKBYIEo5n+9yA3/Ik8Bn
U+MRPOyl6WQtT1WAPe/9xOMuMPd4U727kjEX6EwtY6EIZhyz1dpca2Rd1o4tJquU
XU+4hQTd0lJI/s8/5PY/xn37+WmZ93zNDb1mQtPvqqwAkrxMDJvcwVIAL7dANxbR
Srb7vI4sQ4ge1MD3AsDJBtiaVD1btVzgBU6sltRQKSWR7utvV7mrC/mYSf0ef2A0
lFxB/LGLJq9ycQKtSbdavCqQG/8UvOF2tehCov/VqxThp6VxG6yew1J2uNshGNQ=
-----END CERTIFICATE-----