Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/100ca166-7317-4d78-8102-ea1dfe26d0e3.roa
File:                     100ca166-7317-4d78-8102-ea1dfe26d0e3.roa (raw, json)
Hash identifier:          j2NXvLN5Auh4kYVStPR9s66jet5geWTXnEpbX+yEyhM=
Subject key identifier:   B0:96:24:DA:41:21:55:60:05:C5:F1:43:F5:E4:05:7E:83:20:67:DF
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       163C1199EA8EB398680C6FA712FBBD7DB57B9B57
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/100ca166-7317-4d78-8102-ea1dfe26d0e3.roa
Signing time:             Sat 15 Nov 2025 05:00:34 +0000
ROA not before:           Sat 15 Nov 2025 05:00:34 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:551a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 18 Nov 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:3c:11:99:ea:8e:b3:98:68:0c:6f:a7:12:fb:bd:7d:b5:7b:9b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Nov 15 05:00:34 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=02c9de52c8c236f4bbbef69ee40299dad75a5f81ff2ca409bf39cd078c1fbaf0, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:8b:f3:b4:53:bf:b3:48:a9:ae:dc:35:f8:af:
                    68:84:7f:94:27:e8:1f:d4:33:20:b1:94:0e:c9:14:
                    e7:43:65:b7:99:99:31:c1:76:1b:93:e0:69:20:76:
                    a6:34:95:21:bf:40:6d:c0:ec:e9:00:08:7b:98:2c:
                    8b:34:21:cc:37:65:d9:2f:74:22:b3:b0:47:df:ea:
                    5c:18:c2:4b:2d:ed:2c:48:c5:cc:a9:fe:c7:69:f7:
                    4f:35:68:4d:88:7f:a6:89:0d:bd:b9:b5:c3:cb:98:
                    bd:60:00:50:ef:33:2d:7d:61:29:0b:d3:89:1c:ee:
                    c7:64:03:c9:a0:72:dd:69:75:fc:ae:5b:96:fa:60:
                    b7:c1:7e:1a:6a:2b:20:0d:31:10:b9:b9:49:a2:cb:
                    4b:13:d0:8a:36:79:a0:2b:23:4f:d1:0e:62:94:d4:
                    8e:c8:51:df:bd:a1:01:46:c3:b7:a3:76:45:4d:d4:
                    d5:d9:10:2d:89:e2:4d:32:64:c0:bd:08:35:fa:c0:
                    46:ec:bc:33:77:86:73:ed:a0:dd:89:15:a8:cb:43:
                    24:1a:b4:0c:87:cb:94:e7:4f:b4:8d:b7:49:e8:52:
                    af:5e:21:2d:39:26:60:5e:6d:c1:ac:34:ba:74:e3:
                    44:ca:04:4f:b9:bc:3a:f4:5f:5e:b0:61:4f:33:27:
                    d0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:96:24:DA:41:21:55:60:05:C5:F1:43:F5:E4:05:7E:83:20:67:DF
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/100ca166-7317-4d78-8102-ea1dfe26d0e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:551a::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:f9:dc:b6:91:a4:5f:18:6b:1e:3b:37:3b:c0:01:98:fe:bc:
         48:e7:9d:95:5d:e3:77:8f:a7:03:87:4f:44:f7:d8:06:6f:5a:
         2a:ed:df:7a:66:5e:0c:b1:20:31:be:12:c5:c4:7b:50:2b:a8:
         a4:9c:6d:cd:41:e8:70:7b:d6:94:47:2d:8f:56:4a:db:c7:ed:
         e1:35:04:29:c4:27:00:52:95:2b:9e:72:06:81:e3:87:7d:b3:
         0c:85:d1:0b:6b:c9:dc:d8:4f:01:08:e5:39:84:bc:a1:30:0e:
         04:44:50:d6:6d:2f:da:56:e5:b4:a8:3b:cd:5c:d6:d6:bd:3e:
         de:41:26:e6:ae:ec:2b:ab:be:ac:13:1d:76:68:f3:05:4b:fe:
         d1:15:97:10:44:c6:d1:d0:5f:6a:84:26:cf:c3:cd:ca:4e:dc:
         5f:59:88:cf:74:3a:75:29:64:1b:d3:d8:82:86:83:34:f6:27:
         f1:e5:25:c1:ce:f2:c0:d7:d7:fe:5e:39:ca:29:82:37:4c:91:
         45:ed:2f:eb:b1:3f:7c:92:f1:66:a7:43:2b:36:8c:69:1b:42:
         85:0d:6a:56:b5:29:8d:a8:7d:cb:8f:a2:21:92:a7:10:80:bb:
         23:ef:b8:d3:4e:19:24:48:79:12:1b:6b:27:fb:03:0d:65:e4:
         60:32:17:d0
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUFjwRmeqOs5hoDG+nEvu9fbV7m1cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMTE1MDUwMDM0WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMmM5ZGU1MmM4YzIzNmY0YmJiZWY2OWVlNDAyOTlkYWQ3
NWE1ZjgxZmYyY2E0MDliZjM5Y2QwNzhjMWZiYWYwMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPi/O0U7+zSKmu3DX4r2iEf5Qn6B/UMyCxlA7JFOdDZbeZ
mTHBdhuT4GkgdqY0lSG/QG3A7OkACHuYLIs0Icw3ZdkvdCKzsEff6lwYwkst7SxI
xcyp/sdp9081aE2If6aJDb25tcPLmL1gAFDvMy19YSkL04kc7sdkA8mgct1pdfyu
W5b6YLfBfhpqKyANMRC5uUmiy0sT0Io2eaArI0/RDmKU1I7IUd+9oQFGw7ejdkVN
1NXZEC2J4k0yZMC9CDX6wEbsvDN3hnPtoN2JFajLQyQatAyHy5TnT7SNt0noUq9e
IS05JmBebcGsNLp040TKBE+5vDr0X16wYU8zJ9CZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUsJYk2kEhVWAFxfFD9eQFfoMgZ98wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzEwMGNhMTY2LTczMTctNGQ3OC04MTAyLWVhMWRmZTI2ZDBlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRowDQYJKoZIhvcNAQELBQADggEBABT53LaRpF8Yax47NzvAAZj+
vEjnnZVd43ePpwOHT0T32AZvWirt33pmXgyxIDG+EsXEe1ArqKScbc1B6HB71pRH
LY9WStvH7eE1BCnEJwBSlSuecgaB44d9swyF0QtrydzYTwEI5TmEvKEwDgREUNZt
L9pW5bSoO81c1ta9Pt5BJuau7CurvqwTHXZo8wVL/tEVlxBExtHQX2qEJs/DzcpO
3F9ZiM90OnUpZBvT2IKGgzT2J/HlJcHO8sDX1/5eOcopgjdMkUXtL+uxP3yS8Wan
Qys2jGkbQoUNala1KY2ofcuPoiGSpxCAuyPvuNNOGSRIeRIbayf7Aw1l5GAyF9A=
-----END CERTIFICATE-----