Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1df4a82a-0875-47b6-9fc0-b67c097bc45c.roa
File:                     1df4a82a-0875-47b6-9fc0-b67c097bc45c.roa (raw, json)
Hash identifier:          cX+yJglk8GOVzIvVmvYpSnz/gchAPyge7hX1gXSW9Bg=
Subject key identifier:   B3:C6:77:FF:76:AB:20:A8:F4:FE:60:EA:FE:E2:DA:EC:6D:1E:CC:C7
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       69B8D9C0548A6B128A72DCCD094C22410797CDA7
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1df4a82a-0875-47b6-9fc0-b67c097bc45c.roa
Signing time:             Wed 20 May 2026 00:50:10 +0000
ROA not before:           Wed 20 May 2026 00:50:10 +0000
ROA not after:            Tue 18 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f1:8800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:b8:d9:c0:54:8a:6b:12:8a:72:dc:cd:09:4c:22:41:07:97:cd:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 00:50:10 2026 GMT
            Not After : Aug 18 23:59:59 2026 GMT
        Subject: serialNumber=aa6b950d9dd53ad2dbab713fb90a473107aae14e8302fd1ac833b9adf00ef35b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5a:57:a1:92:36:87:12:ae:ba:78:87:b9:59:
                    57:f2:52:c4:1d:45:36:99:ba:c0:0d:e9:ce:67:05:
                    f2:9c:f7:19:6e:df:19:7b:bb:88:fd:9f:20:46:c2:
                    68:14:ad:52:c4:a5:cd:4c:f9:09:29:19:c6:9d:a6:
                    6d:d3:30:0e:74:41:76:db:e7:f6:49:09:77:85:9d:
                    4e:8e:1a:bf:82:9d:43:0b:e5:11:65:18:f1:de:61:
                    bd:bb:0a:5f:66:5c:bc:42:2a:d0:c8:34:96:10:0d:
                    71:0f:ef:1c:a0:3a:3c:6c:0c:10:55:33:41:81:a6:
                    15:8e:21:cc:b3:2c:be:25:ff:f8:59:41:c3:a3:17:
                    f8:97:ba:48:89:06:26:0d:3f:1e:9e:6b:87:e9:5a:
                    92:bf:4c:8c:42:f1:46:08:2a:08:2a:85:0d:01:34:
                    62:89:a3:09:1b:15:f4:43:4a:ba:39:d3:ce:d9:7c:
                    5b:e3:16:3f:5f:38:10:80:bc:43:b1:42:fa:5e:ea:
                    10:db:af:a2:be:a8:5f:6f:1a:68:9e:aa:a9:72:bc:
                    b4:9e:a6:a9:b3:2b:ef:81:6d:83:b2:1d:26:57:4d:
                    3b:b9:ea:fb:15:6d:e8:38:c4:57:90:b1:af:c6:25:
                    fc:c7:ce:ad:ee:37:2b:67:e8:62:58:72:dc:bf:6d:
                    b9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C6:77:FF:76:AB:20:A8:F4:FE:60:EA:FE:E2:DA:EC:6D:1E:CC:C7
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1df4a82a-0875-47b6-9fc0-b67c097bc45c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f1:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:fb:8a:15:42:2a:3f:6b:a4:97:8b:3c:ab:9e:f5:33:57:bb:
         4d:12:1c:7f:ca:8c:5d:0f:4e:a5:8c:0c:bd:54:13:82:5f:d6:
         ba:4c:3b:db:29:11:04:c1:b5:5e:4a:6c:5c:3c:8c:0b:98:ad:
         6f:62:a4:43:ce:01:4e:34:79:f0:5f:68:81:cd:ec:5e:21:60:
         59:62:42:c1:c5:b0:42:c9:8b:c6:ac:16:17:3d:52:bb:35:fb:
         95:d6:7b:c5:8a:da:5e:0e:df:44:e3:18:81:f1:85:da:84:a9:
         e2:31:cd:57:72:32:d9:8a:4e:55:d9:ed:0d:a8:17:98:30:8d:
         16:b8:9a:c4:2b:0f:d2:e9:0d:78:e8:41:72:c3:20:93:4f:0e:
         11:b0:18:6f:8f:4e:ab:86:42:46:6e:bc:80:ce:45:38:f2:f7:
         da:0b:c0:a2:47:53:6a:46:2e:d1:7b:44:cd:ff:9d:d2:ee:7e:
         df:3b:bc:b0:61:78:7c:63:cf:5c:be:11:ea:62:8b:9e:2b:fa:
         ae:b8:a0:57:24:a2:a9:8c:80:6f:79:00:d2:69:a6:f3:00:b7:
         02:31:2d:10:01:ca:a0:8f:c7:98:9c:10:7e:17:33:f8:8b:dd:
         c3:9f:c1:bf:dd:28:ec:45:12:6b:63:b3:ff:26:dd:7c:38:e9:
         21:81:ae:36
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUabjZwFSKaxKKctzNCUwiQQeXzacwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTIwMDA1MDEwWhcNMjYwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTZiOTUwZDlkZDUzYWQyZGJhYjcxM2ZiOTBhNDczMTA3
YWFlMTRlODMwMmZkMWFjODMzYjlhZGYwMGVmMzViMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqWlehkjaHEq66eIe5WVfyUsQdRTaZusAN6c5nBfKc9xlu
3xl7u4j9nyBGwmgUrVLEpc1M+QkpGcadpm3TMA50QXbb5/ZJCXeFnU6OGr+CnUML
5RFlGPHeYb27Cl9mXLxCKtDINJYQDXEP7xygOjxsDBBVM0GBphWOIcyzLL4l//hZ
QcOjF/iXukiJBiYNPx6ea4fpWpK/TIxC8UYIKggqhQ0BNGKJowkbFfRDSro5087Z
fFvjFj9fOBCAvEOxQvpe6hDbr6K+qF9vGmieqqlyvLSepqmzK++BbYOyHSZXTTu5
6vsVbeg4xFeQsa/GJfzHzq3uNytn6GJYcty/bbkxAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUs8Z3/3arIKj0/mDq/uLa7G0ezMcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzFkZjRhODJhLTA4NzUtNDdiNi05ZmMwLWI2N2MwOTdiYzQ1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDxiDANBgkqhkiG9w0BAQsFAAOCAQEAdvuKFUIqP2ukl4s8q571M1e7
TRIcf8qMXQ9OpYwMvVQTgl/Wukw72ykRBMG1XkpsXDyMC5itb2KkQ84BTjR58F9o
gc3sXiFgWWJCwcWwQsmLxqwWFz1SuzX7ldZ7xYraXg7fROMYgfGF2oSp4jHNV3Iy
2YpOVdntDagXmDCNFriaxCsP0ukNeOhBcsMgk08OEbAYb49Oq4ZCRm68gM5FOPL3
2gvAokdTakYu0XtEzf+d0u5+3zu8sGF4fGPPXL4R6mKLniv6rrigVySiqYyAb3kA
0mmm8wC3AjEtEAHKoI/HmJwQfhcz+Ivdw5/Bv90o7EUSa2Oz/ybdfDjpIYGuNg==
-----END CERTIFICATE-----