Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/37975e87-9196-4469-ae20-4f749fae5aab.roa
File:                     37975e87-9196-4469-ae20-4f749fae5aab.roa (raw, json)
Hash identifier:          zEGTOh0G+8Qddj8yYWXBuJMFdyyrWQ1MkgGJ8/Oe7vg=
Subject key identifier:   47:72:99:2A:DC:4C:C9:E5:88:94:F5:B4:AF:BC:E4:77:7A:73:98:67
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1ED4AE9882AC59F7A142C900F8006F04757DF4
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/37975e87-9196-4469-ae20-4f749fae5aab.roa
Signing time:             Mon 13 Apr 2026 20:21:53 +0000
ROA not before:           Mon 13 Apr 2026 20:21:53 +0000
ROA not after:            Sun 12 Jul 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:6028::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 15 Apr 2026 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:d4:ae:98:82:ac:59:f7:a1:42:c9:00:f8:00:6f:04:75:7d:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Apr 13 20:21:53 2026 GMT
            Not After : Jul 12 23:59:59 2026 GMT
        Subject: serialNumber=27d4398b0a08fc0d26b5db9d977bd5f1f23f8ed2b3e421f439f88ea3e364abb7, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c7:21:e7:57:4a:84:fa:52:3b:fa:32:9f:e7:
                    81:3b:fb:a4:63:04:58:9f:31:01:eb:ff:39:4c:01:
                    2d:7a:46:df:3d:70:23:51:78:57:06:b4:85:b0:39:
                    e9:c5:4f:fa:10:57:e4:5e:a5:2d:48:b5:e2:1d:35:
                    c1:3f:7d:90:88:87:f9:89:02:c1:e5:28:bc:f3:60:
                    a5:af:75:cf:70:f6:74:ed:cd:e7:c5:b7:e9:6d:50:
                    45:f5:fc:9c:2e:45:50:b4:0d:d6:de:36:6c:b7:b7:
                    47:a7:5e:09:2a:03:99:45:bc:12:f8:39:5e:b4:75:
                    a1:73:c4:fc:90:38:04:19:6b:6a:10:44:9e:dd:ef:
                    c6:c8:86:4e:b3:f7:70:c4:70:8b:f7:36:e1:2a:2c:
                    15:d2:57:9e:67:ce:d9:d1:7f:d3:30:ee:9f:71:33:
                    ed:02:8c:98:12:8f:d7:43:e2:e3:9e:1c:2f:20:6f:
                    94:df:bd:09:3e:b8:f5:37:5c:66:dc:ec:17:e6:22:
                    12:93:d4:5d:7d:16:37:31:e0:13:c6:77:aa:5f:91:
                    2c:de:82:f3:96:bf:f5:ad:4a:a7:d0:d3:2a:3b:56:
                    5f:e3:b1:72:60:ca:29:ec:8b:cb:d9:7a:ea:c2:79:
                    f3:db:43:d9:90:08:2b:d3:17:ff:64:fb:e6:3d:39:
                    47:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:72:99:2A:DC:4C:C9:E5:88:94:F5:B4:AF:BC:E4:77:7A:73:98:67
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/37975e87-9196-4469-ae20-4f749fae5aab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6028::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:d1:83:f3:7f:dc:3f:db:63:72:17:d6:4b:72:be:f9:a8:6d:
         4d:38:70:b6:1f:03:4e:ec:26:5b:a7:b1:90:03:12:9a:02:9a:
         c7:37:57:53:2b:c7:04:35:23:05:d5:f8:6c:fa:7e:97:cb:2d:
         96:77:58:48:d2:b0:53:4b:80:cc:fc:73:56:76:3c:f3:bd:9e:
         8c:51:66:75:9d:17:27:c4:20:04:8e:d2:a7:32:1c:22:13:87:
         92:64:73:7d:c4:ed:c4:78:23:91:13:02:d8:1a:a7:9c:ba:d7:
         42:38:c5:95:c7:37:81:07:5a:f7:28:d2:7d:12:09:ec:d9:3a:
         46:0c:3d:3e:89:7e:32:59:ab:31:18:28:ac:b6:54:d0:f6:33:
         15:98:0a:ec:72:d3:b4:39:e9:4d:41:fa:79:4a:4b:1d:b6:e5:
         37:5e:bd:3e:a1:23:a5:84:26:a3:49:bd:fe:1f:2c:a3:f7:77:
         43:a7:57:52:b1:cf:ce:98:17:5a:6f:14:d5:ae:91:5d:f2:da:
         04:ae:6f:fd:3e:1c:47:5f:d0:7e:fc:0b:f1:5c:b6:d8:3e:94:
         94:5e:eb:ed:7e:85:ec:89:24:ff:fa:ec:5f:ff:2c:30:07:29:
         76:6f:c9:12:98:f6:c0:0f:51:cc:1b:35:27:b0:0c:03:97:8e:
         2f:c2:1b:dc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgITHtSumIKsWfehQskA+ABvBHV99DANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJiNTg0NWMzMDdkMGJmNjFiMTM0YjhhYjcxMTU0NTgyNmIx
NzA3ZmQ1ZjBhZjg0ZGEwODAeFw0yNjA0MTMyMDIxNTNaFw0yNjA3MTIyMzU5NTla
MHoxSTBHBgNVBAUTQDI3ZDQzOThiMGEwOGZjMGQyNmI1ZGI5ZDk3N2JkNWYxZjIz
ZjhlZDJiM2U0MjFmNDM5Zjg4ZWEzZTM2NGFiYjcxLTArBgNVBAMTJGZiYjI3NTc2
LWNhYzItNDM4MS05YTUzLTZjMTVlMGRjMjZmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANnHIedXSoT6Ujv6Mp/ngTv7pGMEWJ8xAev/OUwBLXpG3z1w
I1F4Vwa0hbA56cVP+hBX5F6lLUi14h01wT99kIiH+YkCweUovPNgpa91z3D2dO3N
58W36W1QRfX8nC5FULQN1t42bLe3R6deCSoDmUW8Evg5XrR1oXPE/JA4BBlrahBE
nt3vxsiGTrP3cMRwi/c24SosFdJXnmfO2dF/0zDun3Ez7QKMmBKP10Pi454cLyBv
lN+9CT649TdcZtzsF+YiEpPUXX0WNzHgE8Z3ql+RLN6C85a/9a1Kp9DTKjtWX+Ox
cmDKKeyLy9l66sJ589tD2ZAIK9MX/2T75j05R28CAwEAAaOCArQwggKwMB0GA1Ud
DgQWBBRHcpkq3EzJ5YiU9bSvvOR3enOYZzAfBgNVHSMEGDAWgBQuGOIIoYJXGwl9
0iOnFp5A6+mJPTAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
NTIxZWIzM2YtOTY3Mi00Y2Q5LWFjY2UtMTM3MjI3ZTk3MWFjLzZhOTUzN2E4LWE2
ODUtNGI0OC05ZmE4LTgzNjJlNGZjNDdhZS9iNTg0NWMzMDdkMGJmNjFiMTM0Yjhh
YjcxMTU0NTgyNmIxNzA3ZmQ1ZjBhZjg0ZGEwOC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS81MTdmM2VkNy01OGI1LTQ3OTYtYmUzNy0xNGQ2
MmU0OGYwNTYvMzc5NzVlODctOTE5Ni00NDY5LWFlMjAtNGY3NDlmYWU1YWFiLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzct
MTRkNjJlNDhmMDU2L0NfWWJFMHVLdHhGVVdDYXhjSF9WOEstRTJnZy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACYA8PBgKDANBgkqhkiG9w0BAQsFAAOCAQEAOtGD83/cP9tjchfWS3K++aht
TThwth8DTuwmW6exkAMSmgKaxzdXUyvHBDUjBdX4bPp+l8stlndYSNKwU0uAzPxz
VnY8872ejFFmdZ0XJ8QgBI7SpzIcIhOHkmRzfcTtxHgjkRMC2BqnnLrXQjjFlcc3
gQda9yjSfRIJ7Nk6Rgw9Pol+MlmrMRgorLZU0PYzFZgK7HLTtDnpTUH6eUpLHbbl
N169PqEjpYQmo0m9/h8so/d3Q6dXUrHPzpgXWm8U1a6RXfLaBK5v/T4cR1/QfvwL
8Vy22D6UlF7r7X6F7Ikk//rsX/8sMAcpdm/JEpj2wA9RzBs1J7AMA5eOL8Ib3A==
-----END CERTIFICATE-----