Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4cdb43dd-1b49-4f22-93e8-b2153c2cac83.roa
File:                     4cdb43dd-1b49-4f22-93e8-b2153c2cac83.roa (raw, json)
Hash identifier:          twVw+Db6ZKggTh5aIU5Yh6CduSyDwcc4dJwhbu9Lojw=
Subject key identifier:   26:6D:BF:FF:5F:F4:0A:83:EF:0A:7F:94:EC:1E:91:C2:3C:0F:30:84
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       11D68F7135FFC1FDAC37081C2001035D6C2CFDBA
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4cdb43dd-1b49-4f22-93e8-b2153c2cac83.roa
Signing time:             Tue 19 May 2026 04:30:08 +0000
ROA not before:           Tue 19 May 2026 04:30:08 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5520::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:d6:8f:71:35:ff:c1:fd:ac:37:08:1c:20:01:03:5d:6c:2c:fd:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 19 04:30:08 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=1ba3241859a7d1c2d9bf3189f6de20f5793130bd790a19ffed448cb1c2336944, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:51:4a:b8:ed:87:ae:f8:3f:7d:2f:03:1c:3a:
                    f2:4b:f9:8b:21:cc:2e:76:30:06:5f:9f:fc:4d:9a:
                    76:90:2d:e9:34:89:95:44:7b:fd:0e:e3:a3:c3:7b:
                    6d:3c:1a:d0:64:b4:8a:65:55:c0:99:f5:6c:e5:89:
                    43:75:33:93:4c:f0:25:1c:6e:2c:dc:f2:86:5c:dc:
                    c9:10:fe:0f:19:07:1a:3d:b6:92:38:8e:67:7e:62:
                    33:18:88:de:15:94:e2:d1:1e:8f:68:f5:01:ae:23:
                    23:1d:c3:f5:9e:79:8d:cc:a3:61:d8:69:3a:64:db:
                    2f:02:02:40:03:6e:0a:86:26:38:c1:df:43:79:39:
                    60:30:97:1f:b7:8f:97:f6:25:cc:36:67:cb:8f:45:
                    67:07:bd:68:9c:0e:3b:70:ac:53:5c:4d:eb:b7:32:
                    a1:71:f2:7b:f1:96:eb:64:c6:c2:c6:46:f1:ca:cd:
                    a4:1c:1e:aa:17:a7:2e:fd:8e:7a:90:ee:bc:1c:87:
                    07:7d:d3:46:9a:15:2f:db:61:37:ea:ff:0e:72:8a:
                    a9:91:2f:64:31:35:7e:8e:fa:13:0f:29:02:3b:aa:
                    f7:88:74:06:3a:1c:6d:42:b2:d9:8d:c9:65:61:ba:
                    09:6f:70:ee:92:6b:ea:f7:33:42:b5:cf:bd:36:97:
                    6b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:6D:BF:FF:5F:F4:0A:83:EF:0A:7F:94:EC:1E:91:C2:3C:0F:30:84
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4cdb43dd-1b49-4f22-93e8-b2153c2cac83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5520::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:c8:f6:70:09:fd:66:2a:9b:22:eb:a8:39:5b:a8:cf:15:ef:
         18:b4:3d:e7:a6:0e:f2:61:4b:d8:86:a5:51:02:d4:24:2d:69:
         03:ef:6b:d6:75:cd:4c:73:7a:f9:4d:36:51:19:8d:0f:db:d5:
         94:25:29:03:78:7a:f3:15:d5:02:20:32:a1:bc:13:c1:9c:ac:
         ed:33:1c:51:36:3a:2a:b2:26:25:ba:e3:45:89:60:bc:9a:b5:
         f4:c6:64:01:8f:b4:4f:e4:52:9c:22:95:b6:9d:09:47:4d:25:
         90:6c:e4:e4:dc:2a:46:b5:b3:63:cd:1f:d3:20:75:90:1d:7e:
         48:1b:d6:57:2a:ee:9a:75:d8:c1:a8:3e:0a:24:1e:9a:05:41:
         2a:72:c1:96:12:3e:16:b0:65:14:36:64:bd:7c:ea:12:7a:95:
         36:aa:36:45:d6:c2:a3:e4:ba:c0:c8:4a:bd:8e:ec:01:77:aa:
         61:7b:16:1c:ac:0d:b9:27:22:66:cb:61:dc:96:b9:cc:e6:ae:
         a6:93:e9:63:79:ef:67:45:b7:a4:41:fe:ff:bb:2f:38:9c:78:
         e7:2e:ca:d6:7e:b5:14:59:22:91:17:00:e3:93:18:9a:44:7e:
         6e:e2:65:4b:9b:fa:6e:0a:ef:5f:bf:7e:9f:ab:aa:49:f6:75:
         10:c5:9f:0f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUEdaPcTX/wf2sNwgcIAEDXWws/bowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTE5MDQzMDA4WhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYmEzMjQxODU5YTdkMWMyZDliZjMxODlmNmRlMjBmNTc5
MzEzMGJkNzkwYTE5ZmZlZDQ0OGNiMWMyMzM2OTQ0MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWUUq47Yeu+D99LwMcOvJL+YshzC52MAZfn/xNmnaQLek0
iZVEe/0O46PDe208GtBktIplVcCZ9WzliUN1M5NM8CUcbizc8oZc3MkQ/g8ZBxo9
tpI4jmd+YjMYiN4VlOLRHo9o9QGuIyMdw/WeeY3Mo2HYaTpk2y8CAkADbgqGJjjB
30N5OWAwlx+3j5f2Jcw2Z8uPRWcHvWicDjtwrFNcTeu3MqFx8nvxlutkxsLGRvHK
zaQcHqoXpy79jnqQ7rwchwd900aaFS/bYTfq/w5yiqmRL2QxNX6O+hMPKQI7qveI
dAY6HG1CstmNyWVhuglvcO6Sa+r3M0K1z702l2v5AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJm2//1/0CoPvCn+U7B6RwjwPMIQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRjZGI0M2RkLTFiNDktNGYyMi05M2U4LWIyMTUzYzJjYWM4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDwVSAwDQYJKoZIhvcNAQELBQADggEBAIrI9nAJ/WYqmyLrqDlbqM8V
7xi0PeemDvJhS9iGpVEC1CQtaQPva9Z1zUxzevlNNlEZjQ/b1ZQlKQN4evMV1QIg
MqG8E8GcrO0zHFE2OiqyJiW640WJYLyatfTGZAGPtE/kUpwilbadCUdNJZBs5OTc
Kka1s2PNH9MgdZAdfkgb1lcq7pp12MGoPgokHpoFQSpywZYSPhawZRQ2ZL186hJ6
lTaqNkXWwqPkusDISr2O7AF3qmF7FhysDbknImbLYdyWuczmrqaT6WN572dFt6RB
/v+7LziceOcuytZ+tRRZIpEXAOOTGJpEfm7iZUub+m4K71+/fp+rqkn2dRDFnw8=
-----END CERTIFICATE-----