Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0d9d03af-42d8-4cd2-b702-c5ecd6988e83.roa
File:                     0d9d03af-42d8-4cd2-b702-c5ecd6988e83.roa (raw, json)
Hash identifier:          bCSYYAvULIcYeGrS+6UCr8ulzwnJjTPCv9LFrGrPgLk=
Subject key identifier:   48:A9:8A:8E:63:DD:00:5D:DC:59:EB:F2:E3:A2:CA:AC:13:8B:E4:1E
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       105106F829EA21FE8F873AC0B91AB9386B610308
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0d9d03af-42d8-4cd2-b702-c5ecd6988e83.roa
Signing time:             Mon 06 Oct 2025 17:37:39 +0000
ROA not before:           Mon 06 Oct 2025 17:37:39 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:610d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:51:06:f8:29:ea:21:fe:8f:87:3a:c0:b9:1a:b9:38:6b:61:03:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct  6 17:37:39 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=df69cb2d6d5a9126b64e6be6aa8162b0ff0f382cd033f400622d883b63b1c5ae, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a5:c6:45:89:dd:c7:ff:8b:e1:c8:6b:d2:3f:
                    b3:63:2e:01:6b:0b:ed:f2:61:6c:81:19:6a:72:dd:
                    a4:ff:ba:04:df:2f:4e:92:f2:da:11:3a:87:e6:33:
                    96:61:2f:75:8d:bb:f5:78:2d:05:7c:f2:80:d7:e5:
                    62:26:05:c1:e2:44:6e:30:08:b1:f0:2a:fa:99:60:
                    a6:e7:92:7c:fa:b8:ac:47:72:bb:b2:59:ce:19:3c:
                    1b:1c:dd:20:b4:8a:09:ac:74:c1:55:b0:0c:bf:7f:
                    6e:4c:ab:eb:ab:4a:9e:e4:03:b6:5a:f7:67:41:77:
                    6a:b4:13:ea:26:11:fc:b9:8e:12:36:fc:15:93:aa:
                    8d:78:1d:1d:d9:a5:2b:ed:5f:6e:37:0b:f4:14:a2:
                    9a:98:0b:22:ad:72:5f:0d:20:27:07:ae:0c:48:af:
                    22:a0:3e:df:03:d5:b1:cc:19:a0:f0:45:90:2b:55:
                    fe:99:38:2d:b5:8f:fb:13:66:57:59:e2:d1:95:51:
                    ba:b4:3e:94:33:65:13:59:2b:8f:f4:a4:04:16:bd:
                    cb:05:72:be:96:c0:89:c2:2e:cd:fb:77:19:4b:aa:
                    8f:94:b4:75:63:30:c1:4b:8a:51:c4:23:6b:0b:f8:
                    57:d0:2e:87:30:81:cf:66:7d:34:63:36:23:82:00:
                    16:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A9:8A:8E:63:DD:00:5D:DC:59:EB:F2:E3:A2:CA:AC:13:8B:E4:1E
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0d9d03af-42d8-4cd2-b702-c5ecd6988e83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:610d::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:4b:c9:72:4c:29:ea:f3:b9:61:12:33:60:9d:44:30:60:c9:
         e8:d8:a9:ba:46:e2:d5:54:91:9e:d3:91:2d:e0:15:0e:68:93:
         49:fa:04:d8:b5:ee:82:f0:4b:fe:8d:f2:55:5c:2b:96:22:6b:
         0e:6e:62:33:83:03:7b:89:f5:93:5c:a8:09:a7:af:11:b5:57:
         37:5c:e7:16:86:6f:11:95:04:28:66:27:47:98:56:c6:c2:c8:
         a3:6d:a8:9b:d3:80:8c:4b:32:92:1b:b2:dd:8f:a0:6b:4f:72:
         63:dd:32:36:de:06:69:e4:3f:98:4d:a6:ec:28:9f:3e:1b:03:
         83:74:ee:a5:d0:73:f7:a9:79:d4:37:57:d5:75:2f:e2:00:bb:
         3a:15:74:84:ca:3a:20:c4:b9:ec:1f:cc:e2:14:15:3f:a3:92:
         96:7c:1a:cf:60:aa:d1:8c:42:43:86:c2:73:ad:a9:38:17:26:
         d6:8c:86:05:ee:e7:43:36:24:a3:b1:d1:56:97:d3:c0:15:fe:
         fd:70:e7:1d:ce:05:9a:fe:89:39:20:1c:80:3e:cb:cc:b2:08:
         42:50:94:06:7e:33:6e:2c:c4:ea:85:c2:19:2a:5e:b2:ca:b6:
         fb:73:0b:0f:d7:2d:9e:18:2b:17:c4:b4:4b:1e:4d:fa:dd:c5:
         43:2f:dc:f6
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUEFEG+CnqIf6PhzrAuRq5OGthAwgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDA2MTczNzM5WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjY5Y2IyZDZkNWE5MTI2YjY0ZTZiZTZhYTgxNjJiMGZm
MGYzODJjZDAzM2Y0MDA2MjJkODgzYjYzYjFjNWFlMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChpcZFid3H/4vhyGvSP7NjLgFrC+3yYWyBGWpy3aT/ugTf
L06S8toROofmM5ZhL3WNu/V4LQV88oDX5WImBcHiRG4wCLHwKvqZYKbnknz6uKxH
cruyWc4ZPBsc3SC0igmsdMFVsAy/f25Mq+urSp7kA7Za92dBd2q0E+omEfy5jhI2
/BWTqo14HR3ZpSvtX243C/QUopqYCyKtcl8NICcHrgxIryKgPt8D1bHMGaDwRZAr
Vf6ZOC21j/sTZldZ4tGVUbq0PpQzZRNZK4/0pAQWvcsFcr6WwInCLs37dxlLqo+U
tHVjMMFLilHEI2sL+FfQLocwgc9mfTRjNiOCABYlAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUSKmKjmPdAF3cWevy46LKrBOL5B4wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzBkOWQwM2FmLTQyZDgtNGNkMi1iNzAyLWM1ZWNkNjk4OGU4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYQ0wDQYJKoZIhvcNAQELBQADggEBAAtLyXJMKerzuWESM2CdRDBg
yejYqbpG4tVUkZ7TkS3gFQ5ok0n6BNi17oLwS/6N8lVcK5Yiaw5uYjODA3uJ9ZNc
qAmnrxG1Vzdc5xaGbxGVBChmJ0eYVsbCyKNtqJvTgIxLMpIbst2PoGtPcmPdMjbe
BmnkP5hNpuwonz4bA4N07qXQc/epedQ3V9V1L+IAuzoVdITKOiDEuewfzOIUFT+j
kpZ8Gs9gqtGMQkOGwnOtqTgXJtaMhgXu50M2JKOx0VaX08AV/v1w5x3OBZr+iTkg
HIA+y8yyCEJQlAZ+M24sxOqFwhkqXrLKtvtzCw/XLZ4YKxfEtEseTfrdxUMv3PY=
-----END CERTIFICATE-----