Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/28dabfe2-3770-4fc6-a7a9-5b0a8edaf11b.roa
File:                     28dabfe2-3770-4fc6-a7a9-5b0a8edaf11b.roa (raw, json)
Hash identifier:          LsKNeUtRtG5sehT2WVUKgh/gzuSgrDwfUKYKINsYsDU=
Subject key identifier:   76:1F:59:A4:27:C6:5E:FC:99:48:05:A5:38:FA:3C:1B:BA:64:DF:66
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3EC0606CF15C4DBC75ABD5707434E1A905614C0D
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/28dabfe2-3770-4fc6-a7a9-5b0a8edaf11b.roa
Signing time:             Tue 12 Aug 2025 15:00:18 +0000
ROA not before:           Tue 12 Aug 2025 15:00:18 +0000
ROA not after:            Tue 16 Sep 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:f0f2:7100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:c0:60:6c:f1:5c:4d:bc:75:ab:d5:70:74:34:e1:a9:05:61:4c:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 12 15:00:18 2025 GMT
            Not After : Sep 16 23:59:59 2025 GMT
        Subject: serialNumber=dc4f214d543243f90508108c4036c4704431336bd0fdbbc52eabf9d5d671fb35, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:03:da:87:fb:a7:26:36:43:79:f2:73:26:af:
                    7b:07:f2:d0:56:d9:49:32:f3:72:65:21:de:b0:9d:
                    05:1c:14:f2:ff:21:85:f4:a8:d7:ba:db:92:c1:c2:
                    09:fd:09:43:db:b8:f2:6e:96:75:30:3f:f7:1c:4e:
                    8e:b8:2e:9f:35:a7:c4:a5:8c:98:f3:8f:3f:15:04:
                    fc:03:4d:ef:4c:87:49:55:fe:59:18:db:37:78:60:
                    57:1a:c9:90:a5:2b:bb:4a:1f:11:bf:ce:ac:1b:65:
                    40:fb:29:e4:dd:48:a4:ba:48:62:c9:f0:34:c3:66:
                    e1:d0:0b:dd:a4:9f:06:8c:3f:d8:4f:fd:48:50:0e:
                    74:d4:98:ae:83:9b:02:cd:a2:ca:d0:c0:9b:22:5d:
                    97:21:51:06:96:da:61:98:99:81:06:aa:68:9d:ba:
                    a9:42:16:89:98:7f:e7:f8:5f:7e:a9:88:cc:c1:3b:
                    2e:82:f0:fc:e9:b1:e9:83:d2:ea:a7:43:94:7a:b0:
                    4f:63:06:53:bb:f6:f6:8c:67:e4:f7:6b:b3:c3:f9:
                    c8:a2:b5:1e:2e:66:d9:1e:30:5c:37:82:06:31:15:
                    6b:c3:63:4b:a0:67:fa:7d:3a:b6:fc:ae:22:92:ec:
                    e1:ce:09:97:0c:78:dd:de:15:d7:3d:5c:30:23:47:
                    6d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1F:59:A4:27:C6:5E:FC:99:48:05:A5:38:FA:3C:1B:BA:64:DF:66
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/28dabfe2-3770-4fc6-a7a9-5b0a8edaf11b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f2:7100::/40

    Signature Algorithm: sha256WithRSAEncryption
         64:4e:6a:54:91:c1:64:26:46:33:e2:b5:43:37:32:2d:f9:11:
         27:4e:99:92:e8:f1:9c:fc:27:f4:5d:12:f7:06:b8:8b:3c:ef:
         26:b6:82:30:7b:4a:ea:42:75:ef:b1:bb:31:7f:45:72:f5:32:
         3b:43:e1:de:d5:61:2c:b0:65:e1:86:c5:e5:e0:47:dc:6e:ae:
         94:a7:ee:d2:97:40:0a:f8:b1:c3:ad:e6:25:88:92:0d:da:fa:
         08:a8:bb:6c:de:aa:f1:d2:a1:11:e0:a5:fb:44:5e:fb:7d:d7:
         a5:b2:4f:43:5b:87:ce:22:85:82:97:49:98:31:6b:dd:b8:5d:
         0c:94:a7:a4:7b:03:23:24:a8:41:f7:7b:93:e2:de:46:12:d5:
         b1:06:00:24:07:fd:09:92:0e:88:88:cf:1f:15:de:13:27:6e:
         92:64:43:b8:d4:34:0f:32:3b:da:a5:53:59:5b:ed:d1:83:ae:
         c7:cc:f0:e3:75:b7:aa:df:7a:4e:c5:97:11:f5:2d:45:9d:cf:
         d3:3b:31:24:40:11:d4:c2:1e:9e:23:14:11:2c:ab:77:f7:9c:
         c4:e3:1a:23:16:4c:63:8c:ed:92:a6:54:c9:c7:7a:a5:ed:34:
         22:9a:bc:7a:62:10:48:fa:ee:3c:25:70:3d:b0:05:3c:a9:8e:
         45:aa:7c:73
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPsBgbPFcTbx1q9VwdDThqQVhTA0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODEyMTUwMDE4WhcNMjUwOTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzRmMjE0ZDU0MzI0M2Y5MDUwODEwOGM0MDM2YzQ3MDQ0
MzEzMzZiZDBmZGJiYzUyZWFiZjlkNWQ2NzFmYjM1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaA9qH+6cmNkN58nMmr3sH8tBW2Uky83JlId6wnQUcFPL/
IYX0qNe625LBwgn9CUPbuPJulnUwP/ccTo64Lp81p8SljJjzjz8VBPwDTe9Mh0lV
/lkY2zd4YFcayZClK7tKHxG/zqwbZUD7KeTdSKS6SGLJ8DTDZuHQC92knwaMP9hP
/UhQDnTUmK6DmwLNosrQwJsiXZchUQaW2mGYmYEGqmiduqlCFomYf+f4X36piMzB
Oy6C8PzpsemD0uqnQ5R6sE9jBlO79vaMZ+T3a7PD+ciitR4uZtkeMFw3ggYxFWvD
Y0ugZ/p9Orb8riKS7OHOCZcMeN3eFdc9XDAjR22NAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUdh9ZpCfGXvyZSAWlOPo8G7pk32YwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzI4ZGFiZmUyLTM3NzAtNGZjNi1hN2E5LTViMGE4ZWRhZjExYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDycTANBgkqhkiG9w0BAQsFAAOCAQEAZE5qVJHBZCZGM+K1QzcyLfkR
J06ZkujxnPwn9F0S9wa4izzvJraCMHtK6kJ177G7MX9FcvUyO0Ph3tVhLLBl4YbF
5eBH3G6ulKfu0pdACvixw63mJYiSDdr6CKi7bN6q8dKhEeCl+0Re+33XpbJPQ1uH
ziKFgpdJmDFr3bhdDJSnpHsDIySoQfd7k+LeRhLVsQYAJAf9CZIOiIjPHxXeEydu
kmRDuNQ0DzI72qVTWVvt0YOux8zw43W3qt96TsWXEfUtRZ3P0zsxJEAR1MIeniMU
ESyrd/ecxOMaIxZMY4ztkqZUycd6pe00Ipq8emIQSPruPCVwPbAFPKmORap8cw==
-----END CERTIFICATE-----