Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/16493254-23cd-454e-98e8-0cfbdb8f499f.roa
File:                     16493254-23cd-454e-98e8-0cfbdb8f499f.roa (raw, json)
Hash identifier:          zSD5HQZB7MPO3NxTxPmjWS3H7n4GCmZHG2Rm946hGDY=
Subject key identifier:   38:93:A1:CB:B5:EB:4B:07:24:54:37:67:4B:09:13:02:37:91:89:9C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3C9C5E79073AC4D7D7627FB8B44F225F8954F283
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/16493254-23cd-454e-98e8-0cfbdb8f499f.roa
Signing time:             Fri 15 Aug 2025 21:23:49 +0000
ROA not before:           Fri 15 Aug 2025 21:23:49 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:611f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:9c:5e:79:07:3a:c4:d7:d7:62:7f:b8:b4:4f:22:5f:89:54:f2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 15 21:23:49 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=8faa0ae61bf618a2a2695b8ba7aa5ccd05118b29759eee72a550545f7683f6e7, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:78:da:fb:7a:ba:37:a7:38:83:b9:23:0a:43:
                    6b:4f:06:df:3b:50:38:34:01:c0:79:76:89:6d:7e:
                    ee:8d:20:c5:9a:63:fc:45:20:4f:8d:5a:42:39:14:
                    96:95:f7:29:49:68:d5:78:f2:d3:8b:41:76:b6:4e:
                    73:fc:13:a9:96:cf:37:48:c0:02:85:2b:4b:d4:c6:
                    1b:0e:bc:4d:0c:8f:7a:7b:c0:66:8d:98:fe:f3:bc:
                    70:fb:f6:41:8e:8d:fe:0a:7a:27:c6:b3:e5:b0:7c:
                    9e:df:55:50:65:b2:e5:3f:40:c0:33:5d:34:1f:89:
                    54:67:78:92:b0:38:59:be:1e:2a:56:41:09:1f:ea:
                    89:10:01:3a:a4:ca:ec:81:a2:30:f6:6a:fe:ab:18:
                    20:af:0c:77:0f:ad:77:70:0b:54:ce:5a:0c:2b:ff:
                    56:be:f8:47:37:75:30:55:d5:46:f0:04:62:05:8c:
                    6b:8a:89:a3:f9:e8:75:78:fe:79:26:4a:5a:56:52:
                    02:77:be:31:09:a6:b8:d0:f1:d8:ff:cf:b1:e1:4d:
                    d5:d8:6e:9c:f9:95:56:58:f1:ad:c0:d5:be:73:2b:
                    ab:d4:dc:88:38:c6:7e:da:6a:dd:d0:42:9b:6e:22:
                    cf:34:55:0d:5a:ab:52:84:2b:01:4a:84:6f:7c:1a:
                    b6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:93:A1:CB:B5:EB:4B:07:24:54:37:67:4B:09:13:02:37:91:89:9C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/16493254-23cd-454e-98e8-0cfbdb8f499f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:611f::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:c5:f4:77:e1:16:ba:18:17:3d:09:8d:dd:46:86:1e:e7:18:
         0e:5f:8a:6e:03:fd:c9:cc:64:30:9f:b8:31:fb:ae:f1:52:7f:
         3b:3d:c2:72:79:10:9e:8c:43:01:84:38:82:98:9e:18:5a:cc:
         f0:25:2c:dd:26:07:f1:dd:98:09:a1:90:bb:3b:6a:87:00:e1:
         c7:0e:d1:02:e5:89:b6:e3:c3:ac:e2:88:d4:84:3a:7a:16:05:
         f7:56:1a:ef:0a:0c:a3:a1:fb:ea:a7:0c:83:47:1a:47:49:72:
         a6:8c:df:c8:f4:da:1c:8e:94:17:c5:7c:21:7c:40:62:2e:41:
         f8:b3:c1:c4:8e:46:8f:fa:76:6f:3e:5b:f5:9f:e9:a1:4a:5e:
         94:ff:31:0f:35:b3:51:32:fb:c7:98:da:21:e2:6b:39:1b:fc:
         51:24:bf:09:e0:d6:c8:58:c3:fe:50:57:f8:2b:d4:82:58:23:
         76:51:16:59:27:d4:4b:c5:48:41:d9:ff:de:0c:cf:3b:ee:26:
         63:94:7a:b6:2f:70:7f:ce:ac:f4:4c:60:04:af:47:96:81:b1:
         d5:74:f6:01:32:4f:27:c7:de:d5:5a:15:c9:bb:1d:ce:bb:0d:
         7e:08:ce:e9:2d:9c:43:7a:1c:81:02:90:11:03:64:98:d7:c5:
         e7:fc:5b:fa
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPJxeeQc6xNfXYn+4tE8iX4lU8oMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODE1MjEyMzQ5WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZmFhMGFlNjFiZjYxOGEyYTI2OTViOGJhN2FhNWNjZDA1
MTE4YjI5NzU5ZWVlNzJhNTUwNTQ1Zjc2ODNmNmU3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeeNr7ero3pziDuSMKQ2tPBt87UDg0AcB5doltfu6NIMWa
Y/xFIE+NWkI5FJaV9ylJaNV48tOLQXa2TnP8E6mWzzdIwAKFK0vUxhsOvE0Mj3p7
wGaNmP7zvHD79kGOjf4KeifGs+WwfJ7fVVBlsuU/QMAzXTQfiVRneJKwOFm+HipW
QQkf6okQATqkyuyBojD2av6rGCCvDHcPrXdwC1TOWgwr/1a++Ec3dTBV1UbwBGIF
jGuKiaP56HV4/nkmSlpWUgJ3vjEJprjQ8dj/z7HhTdXYbpz5lVZY8a3A1b5zK6vU
3Ig4xn7aat3QQptuIs80VQ1aq1KEKwFKhG98GrY3AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUOJOhy7XrSwckVDdnSwkTAjeRiZwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzE2NDkzMjU0LTIzY2QtNDU0ZS05OGU4LTBjZmJkYjhmNDk5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYR8wDQYJKoZIhvcNAQELBQADggEBAAvF9HfhFroYFz0Jjd1Ghh7n
GA5fim4D/cnMZDCfuDH7rvFSfzs9wnJ5EJ6MQwGEOIKYnhhazPAlLN0mB/HdmAmh
kLs7aocA4ccO0QLlibbjw6ziiNSEOnoWBfdWGu8KDKOh++qnDINHGkdJcqaM38j0
2hyOlBfFfCF8QGIuQfizwcSORo/6dm8+W/Wf6aFKXpT/MQ81s1Ey+8eY2iHiazkb
/FEkvwng1shYw/5QV/gr1IJYI3ZRFlkn1EvFSEHZ/94MzzvuJmOUerYvcH/OrPRM
YASvR5aBsdV09gEyTyfH3tVaFcm7Hc67DX4IzuktnEN6HIECkBEDZJjXxef8W/o=
-----END CERTIFICATE-----