Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/14518d87-9a80-47da-80c6-efeb62f0643b.roa
File:                     14518d87-9a80-47da-80c6-efeb62f0643b.roa (raw, json)
Hash identifier:          tYjdMwNEnRpNPG3EidIZ7v41MtGoPKQBCJXm5O/O/v4=
Subject key identifier:   32:D2:82:8E:41:A8:64:6E:5A:19:B8:8B:21:4B:35:39:7B:1C:FA:B0
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       2ED88BE818975CC090B07CCFDEC05D446E54530A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/14518d87-9a80-47da-80c6-efeb62f0643b.roa
Signing time:             Tue 19 May 2026 04:30:07 +0000
ROA not before:           Tue 19 May 2026 04:30:07 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 03 Jun 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:d8:8b:e8:18:97:5c:c0:90:b0:7c:cf:de:c0:5d:44:6e:54:53:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 19 04:30:07 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=541bff2c4d6f601505be1fe564a86d4ef271db9991a4301af1cb9d81e351e6e1, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:61:5f:df:c7:b2:bc:c8:ae:65:6e:68:09:3e:
                    e6:df:4d:03:f8:ec:67:4b:0e:c2:8d:77:b8:22:19:
                    3c:95:07:cc:36:18:b4:fc:65:94:40:93:00:41:64:
                    e4:3c:23:14:8c:cd:e5:4d:a6:b3:01:42:ce:3f:dc:
                    f8:41:39:48:c4:1b:5b:15:cd:fc:a6:0c:3a:0a:9e:
                    2f:c8:36:d1:a1:72:a9:4c:f2:9e:da:7f:2e:26:ac:
                    da:85:8f:1b:fc:e6:0d:b1:28:32:b8:c3:2b:4c:ad:
                    3d:ef:e5:26:1c:bb:94:40:aa:11:71:42:d2:63:ad:
                    e2:86:f6:12:c5:91:cf:3b:24:df:8e:3f:9c:d1:b6:
                    5d:80:fe:58:11:ff:c4:4f:a6:68:0c:b8:e0:52:e8:
                    e9:24:20:0f:5e:b6:7a:ed:be:7b:7a:c1:86:39:d7:
                    dc:e3:01:4b:7f:9d:85:85:31:09:16:27:a9:1e:a4:
                    88:64:35:6c:cd:52:74:8b:1c:76:55:03:ab:21:37:
                    2a:8d:6e:25:24:1d:81:c2:8f:45:76:c4:c9:e9:7b:
                    35:f2:6f:5c:99:13:9f:7d:0f:e9:82:16:a2:b5:2a:
                    b3:70:ca:9a:97:02:c9:3f:a9:c1:72:73:40:17:4d:
                    07:b0:8e:2c:05:3a:cb:ad:7a:01:f3:37:2d:11:bf:
                    7d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D2:82:8E:41:A8:64:6E:5A:19:B8:8B:21:4B:35:39:7B:1C:FA:B0
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/14518d87-9a80-47da-80c6-efeb62f0643b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:0e:81:ee:44:77:52:c3:a6:dc:22:0d:83:ea:a7:ed:d6:e5:
         4d:fa:e3:ea:ab:4e:51:d1:22:31:12:05:4d:72:49:9c:60:b5:
         d3:5c:89:87:75:ed:b3:67:00:64:01:56:6b:68:f4:8a:19:60:
         20:6f:3a:17:be:0e:55:ae:84:62:85:a4:c7:e3:e5:eb:b1:95:
         b3:ba:c9:87:b1:be:2a:60:96:54:55:33:99:15:d3:4b:b7:db:
         eb:d8:cf:d5:aa:a4:d9:c9:da:69:11:ec:90:54:4a:a3:6e:a0:
         43:88:c3:35:0e:76:b7:f7:f9:16:9e:6d:f8:17:3c:4c:ba:44:
         b0:31:e5:ce:7a:95:a8:0f:8f:79:8d:3e:41:d5:33:07:c2:9f:
         df:e0:22:8a:29:b5:6b:b2:e9:05:40:e9:56:ae:98:97:a4:02:
         ab:02:be:5d:70:4b:8a:c5:da:aa:b7:1a:74:6f:1b:01:6a:5f:
         28:a3:8f:37:ae:55:9d:e8:09:8d:0a:a4:61:1b:eb:d3:92:2d:
         8d:e2:b7:c8:51:82:ff:f7:56:ff:88:34:cc:ce:b9:23:cd:d0:
         c6:c1:a8:21:75:11:8d:f9:1f:fa:88:d3:fe:9f:ad:1c:88:fb:
         eb:fc:f3:3b:1e:4f:fc:92:b5:cb:5d:2f:5d:75:68:1d:6f:9c:
         31:b2:53:77
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULtiL6BiXXMCQsHzP3sBdRG5UUwowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTE5MDQzMDA3WhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDFiZmYyYzRkNmY2MDE1MDViZTFmZTU2NGE4NmQ0ZWYy
NzFkYjk5OTFhNDMwMWFmMWNiOWQ4MWUzNTFlNmUxMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmYV/fx7K8yK5lbmgJPubfTQP47GdLDsKNd7giGTyVB8w2
GLT8ZZRAkwBBZOQ8IxSMzeVNprMBQs4/3PhBOUjEG1sVzfymDDoKni/INtGhcqlM
8p7afy4mrNqFjxv85g2xKDK4wytMrT3v5SYcu5RAqhFxQtJjreKG9hLFkc87JN+O
P5zRtl2A/lgR/8RPpmgMuOBS6OkkIA9etnrtvnt6wYY519zjAUt/nYWFMQkWJ6ke
pIhkNWzNUnSLHHZVA6shNyqNbiUkHYHCj0V2xMnpezXyb1yZE599D+mCFqK1KrNw
ypqXAsk/qcFyc0AXTQewjiwFOsutegHzNy0Rv32JAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUMtKCjkGoZG5aGbiLIUs1OXsc+rAwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzE0NTE4ZDg3LTlhODAtNDdkYS04MGM2LWVmZWI2MmYwNjQzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAAMwDQYJKoZIhvcNAQELBQADggEBABwOge5Ed1LDptwiDYPqp+3W
5U364+qrTlHRIjESBU1ySZxgtdNciYd17bNnAGQBVmto9IoZYCBvOhe+DlWuhGKF
pMfj5euxlbO6yYexvipgllRVM5kV00u32+vYz9WqpNnJ2mkR7JBUSqNuoEOIwzUO
drf3+RaebfgXPEy6RLAx5c56lagPj3mNPkHVMwfCn9/gIooptWuy6QVA6VaumJek
AqsCvl1wS4rF2qq3GnRvGwFqXyijjzeuVZ3oCY0KpGEb69OSLY3it8hRgv/3Vv+I
NMzOuSPN0MbBqCF1EY35H/qI0/6frRyI++v88zseT/yStctdL111aB1vnDGyU3c=
-----END CERTIFICATE-----
Generated at Tue Jun 2 23:25:07 2026 by rpki-client