Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/48713909-c1f3-4664-9c83-d3f0ba77a7f0.roa
File:                     48713909-c1f3-4664-9c83-d3f0ba77a7f0.roa (raw, json)
Hash identifier:          B3K2nY+qnDAAyxjfJX+fiyBe9K4OQyk7rpmkXOBAKvM=
Subject key identifier:   FE:A7:94:79:8A:13:C7:07:ED:03:51:F2:A3:E0:DD:BD:DD:2C:E7:23
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       0B67475054B120465647DDC7D07BEA05D336F760
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/48713909-c1f3-4664-9c83-d3f0ba77a7f0.roa
Signing time:             Fri 15 Aug 2025 15:30:17 +0000
ROA not before:           Fri 15 Aug 2025 15:30:17 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:108::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:67:47:50:54:b1:20:46:56:47:dd:c7:d0:7b:ea:05:d3:36:f7:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 15 15:30:17 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=520b68608c314ac18908fd8e3b29394c013b7c16682270f4418190bdbd1806fc, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:04:ae:9d:3d:fe:93:37:88:95:cd:d7:89:c2:
                    89:c5:16:ec:b7:ec:16:34:e5:9f:29:12:59:ba:44:
                    02:9d:a7:07:b2:18:19:47:37:2d:e8:e2:0c:35:eb:
                    93:3c:48:33:32:bf:ba:2c:64:a4:0d:e0:fc:9e:95:
                    dc:8f:63:26:c3:3d:33:1b:ac:48:ee:3e:4c:d6:0b:
                    9f:94:b5:dd:4b:5e:cc:9c:73:cf:55:da:c8:86:c8:
                    f8:85:b4:9b:d9:0d:c5:00:82:a0:a2:a7:2c:1c:59:
                    c4:6d:80:8a:76:ae:8d:bb:c2:ec:ee:22:b3:39:52:
                    45:28:a9:26:67:28:e5:9e:a0:79:85:cf:bf:59:f6:
                    0c:5f:98:50:c7:9c:92:07:a7:29:3c:74:be:2e:9a:
                    3d:7e:3b:5f:5c:8d:c4:38:c7:6c:ad:d4:93:1c:ff:
                    45:cd:10:01:0d:95:f9:13:72:a8:b5:5a:8e:23:66:
                    75:93:2c:bf:b9:92:7e:16:70:c7:a1:ce:13:ce:34:
                    2f:ee:2b:3f:9d:c5:55:af:c4:80:09:a9:5f:80:0c:
                    8c:36:a6:a3:eb:a5:11:77:6e:21:cb:b4:e0:18:6f:
                    f7:f4:d7:fe:d9:77:07:c7:12:21:fd:52:18:25:d7:
                    ee:16:26:ee:f2:be:ee:96:1b:32:46:50:0d:15:1f:
                    d2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A7:94:79:8A:13:C7:07:ED:03:51:F2:A3:E0:DD:BD:DD:2C:E7:23
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/48713909-c1f3-4664-9c83-d3f0ba77a7f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:108::/47

    Signature Algorithm: sha256WithRSAEncryption
         7e:03:1e:a4:5e:45:f0:d7:13:70:f5:a9:6c:fb:8e:97:09:9f:
         ca:f2:38:24:f7:6b:86:93:be:fd:ba:54:ad:08:55:e4:e8:71:
         63:f4:98:c6:f8:30:1f:12:1e:21:96:a1:3f:c2:fd:57:f4:3b:
         c9:3a:65:40:e0:a1:99:eb:77:3a:a8:f0:cf:e6:31:6d:db:d9:
         48:27:b3:83:73:28:40:ec:d1:46:c6:bb:a8:9a:56:95:01:e8:
         b4:1a:cb:b6:2f:3e:c2:db:69:9f:9b:9f:03:f2:29:3e:db:a7:
         09:e3:94:38:af:fc:2a:37:09:47:09:a4:c8:92:3f:41:57:4c:
         d9:36:23:b3:26:83:1d:c3:c8:97:ba:b3:0f:72:a5:56:f5:a2:
         74:f4:11:08:2e:f0:c3:e8:0b:5c:9e:28:ee:6d:73:ac:a2:d2:
         b6:be:af:61:2a:78:84:c8:eb:a7:18:61:21:f3:ee:a1:d5:79:
         6d:0f:ef:b1:39:65:2b:69:6f:16:06:21:bd:7e:08:fe:65:3d:
         25:a7:9e:8f:2f:a6:61:f0:5f:aa:6b:b8:6a:00:34:5c:2a:f0:
         ff:94:aa:46:99:ad:e7:4b:ee:48:e8:c8:98:5f:1c:31:e9:4e:
         46:19:75:1d:53:fe:e0:ca:da:81:d1:b1:b4:95:52:bc:f6:43:
         15:2f:2b:e9
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUC2dHUFSxIEZWR93H0HvqBdM292AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODE1MTUzMDE3WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MjBiNjg2MDhjMzE0YWMxODkwOGZkOGUzYjI5Mzk0YzAx
M2I3YzE2NjgyMjcwZjQ0MTgxOTBiZGJkMTgwNmZjMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgBK6dPf6TN4iVzdeJwonFFuy37BY05Z8pElm6RAKdpwey
GBlHNy3o4gw165M8SDMyv7osZKQN4PyeldyPYybDPTMbrEjuPkzWC5+Utd1LXsyc
c89V2siGyPiFtJvZDcUAgqCipywcWcRtgIp2ro27wuzuIrM5UkUoqSZnKOWeoHmF
z79Z9gxfmFDHnJIHpyk8dL4umj1+O19cjcQ4x2yt1JMc/0XNEAENlfkTcqi1Wo4j
ZnWTLL+5kn4WcMehzhPONC/uKz+dxVWvxIAJqV+ADIw2pqPrpRF3biHLtOAYb/f0
1/7ZdwfHEiH9Uhgl1+4WJu7yvu6WGzJGUA0VH9KVAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU/qeUeYoTxwftA1Hyo+Ddvd0s5yMwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzQ4NzEzOTA5LWMxZjMtNDY2NC05YzgzLWQzZjBiYTc3YTdmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAPDwAQgwDQYJKoZIhvcNAQELBQADggEBAH4DHqReRfDXE3D1qWz7jpcJ
n8ryOCT3a4aTvv26VK0IVeTocWP0mMb4MB8SHiGWoT/C/Vf0O8k6ZUDgoZnrdzqo
8M/mMW3b2Ugns4NzKEDs0UbGu6iaVpUB6LQay7YvPsLbaZ+bnwPyKT7bpwnjlDiv
/Co3CUcJpMiSP0FXTNk2I7Mmgx3DyJe6sw9ypVb1onT0EQgu8MPoC1yeKO5tc6yi
0ra+r2EqeITI66cYYSHz7qHVeW0P77E5ZStpbxYGIb1+CP5lPSWnno8vpmHwX6pr
uGoANFwq8P+UqkaZredL7kjoyJhfHDHpTkYZdR1T/uDK2oHRsbSVUrz2QxUvK+k=
-----END CERTIFICATE-----