Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
File:                     a86c8ffa-34ab-4a01-8f63-86207fe44159.roa (raw, json)
Hash identifier:          QZxTL59NuAEyGeUvD1m7yWDCwZjliZB7Vf3OmCvJzfY=
Subject key identifier:   D3:6B:4C:A8:2D:F4:78:9E:A6:71:6F:94:00:C1:20:7F:CA:4B:04:B5
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       1B0BC3374D8486DDCC6B75969290050FA994EE6C
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
Signing time:             Tue 04 Nov 2025 00:00:39 +0000
ROA not before:           Tue 04 Nov 2025 00:00:39 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:f40::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Nov 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:0b:c3:37:4d:84:86:dd:cc:6b:75:96:92:90:05:0f:a9:94:ee:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Nov  4 00:00:39 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=30a2cdd4f4cbe0471edf62d13fe67621f6b23110947b618a38499bf0945d1df5, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4b:91:7e:46:0b:8f:eb:18:88:c3:f2:89:d2:
                    5f:61:50:7a:4d:04:6e:91:4b:21:88:59:24:b2:cd:
                    78:d2:c5:7a:00:6e:ca:7a:06:f7:b6:42:fb:4a:37:
                    f5:7b:5c:51:00:d1:6c:a1:9e:c1:6d:3e:6e:9e:35:
                    47:e3:18:bf:3e:26:f0:15:38:91:4a:d6:e1:44:1b:
                    3c:3c:fb:d6:7f:12:b2:34:04:46:f8:97:fc:4b:21:
                    6d:09:c3:e3:45:be:9b:69:8e:07:6e:76:a7:90:7a:
                    f6:e7:0f:f6:a5:ba:52:49:c7:7a:a5:cc:f5:27:3f:
                    04:7e:b3:f7:5c:ef:26:ab:bc:f1:c7:db:c4:18:c6:
                    d9:d7:63:ae:e2:4e:31:2a:6a:cc:1d:c6:21:a4:39:
                    67:e3:65:db:65:01:9a:b8:b7:20:f2:63:a9:46:74:
                    94:18:08:84:ab:22:64:0f:19:2b:ec:8b:39:a3:9c:
                    d1:70:0d:33:e4:26:3e:8a:7e:ef:0f:a3:77:f5:59:
                    d9:0e:fb:4d:58:50:cc:50:cc:08:5d:b9:41:86:f3:
                    75:5e:be:f9:af:12:1a:2f:c3:24:b9:e1:31:95:3f:
                    23:76:5c:aa:e5:0d:5f:4a:39:29:e9:ea:64:95:8b:
                    6a:bb:2c:6c:7a:f8:f2:2e:75:0f:84:3c:23:9a:7e:
                    98:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6B:4C:A8:2D:F4:78:9E:A6:71:6F:94:00:C1:20:7F:CA:4B:04:B5
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40::/39

    Signature Algorithm: sha256WithRSAEncryption
         a3:e6:c1:9f:b3:53:40:62:30:29:42:cb:c8:47:4e:77:ac:b6:
         fb:d6:7e:51:69:6b:e4:e5:3e:c3:5d:a8:93:99:48:aa:3a:aa:
         82:9d:7a:0d:c6:e0:39:b6:e2:9b:44:9d:75:12:4f:1e:f5:6b:
         c1:8b:4e:f6:d3:d2:3a:7a:e3:d5:fa:ad:17:0c:c1:ff:e0:eb:
         53:a3:ab:e9:69:ce:51:c8:2a:10:c9:e2:fb:46:8d:79:80:0e:
         9b:9c:35:82:cb:ed:c8:5f:51:7e:67:69:cd:ed:cc:45:85:1e:
         45:86:63:6a:95:a3:af:81:b7:b5:c7:f6:43:44:8a:e2:06:3a:
         48:02:35:b3:7a:b9:d4:3b:e6:fb:fc:c7:af:ee:58:99:a7:dd:
         de:48:b5:05:2d:71:54:98:95:4e:5d:02:3f:9d:11:ff:fa:2b:
         20:f5:16:c2:e2:03:27:9b:9a:66:b7:73:3c:1f:fb:98:11:e9:
         7a:39:7a:1e:3d:bb:a1:38:ef:94:e2:ef:d8:c5:8a:f0:c4:ba:
         a6:17:25:1b:23:79:e0:40:05:08:23:bd:ae:ae:26:f4:d8:7a:
         bb:cf:5b:ed:6d:6a:98:44:75:c5:07:ae:7c:0e:b9:68:00:1a:
         98:44:1b:d9:b9:0a:ff:e3:b1:0c:b6:9d:15:44:5e:ba:df:db:
         55:db:3f:39
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGwvDN02Eht3Ma3WWkpAFD6mU7mwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUxMTA0MDAwMDM5WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGEyY2RkNGY0Y2JlMDQ3MWVkZjYyZDEzZmU2NzYyMWY2
YjIzMTEwOTQ3YjYxOGEzODQ5OWJmMDk0NWQxZGY1MS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCCS5F+RguP6xiIw/KJ0l9hUHpNBG6RSyGIWSSyzXjSxXoA
bsp6Bve2QvtKN/V7XFEA0WyhnsFtPm6eNUfjGL8+JvAVOJFK1uFEGzw8+9Z/ErI0
BEb4l/xLIW0Jw+NFvptpjgdudqeQevbnD/alulJJx3qlzPUnPwR+s/dc7yarvPHH
28QYxtnXY67iTjEqaswdxiGkOWfjZdtlAZq4tyDyY6lGdJQYCISrImQPGSvsizmj
nNFwDTPkJj6Kfu8Po3f1WdkO+01YUMxQzAhduUGG83VevvmvEhovwyS54TGVPyN2
XKrlDV9KOSnp6mSVi2q7LGx6+PIudQ+EPCOafpjNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU02tMqC30eJ6mcW+UAMEgf8pLBLUwHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjL2E4NmM4ZmZhLTM0YWItNGEwMS04ZjYzLTg2MjA3ZmU0NDE1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AADANBgkqhkiG9w0BAQsFAAOCAQEAo+bBn7NTQGIwKULLyEdOd6y2
+9Z+UWlr5OU+w12ok5lIqjqqgp16DcbgObbim0SddRJPHvVrwYtO9tPSOnrj1fqt
FwzB/+DrU6Or6WnOUcgqEMni+0aNeYAOm5w1gsvtyF9Rfmdpze3MRYUeRYZjapWj
r4G3tcf2Q0SK4gY6SAI1s3q51Dvm+/zHr+5Ymafd3ki1BS1xVJiVTl0CP50R//or
IPUWwuIDJ5uaZrdzPB/7mBHpejl6Hj27oTjvlOLv2MWK8MS6phclGyN54EAFCCO9
rq4m9Nh6u89b7W1qmER1xQeufA65aAAamEQb2bkK/+OxDLadFUReut/bVds/OQ==
-----END CERTIFICATE-----
Generated at Wed Nov 5 23:34:14 2025 by rpki-client