Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5549fdb0-617d-43e3-951f-9747f0d27829.roa
File:                     5549fdb0-617d-43e3-951f-9747f0d27829.roa (raw, json)
Hash identifier:          FJnUVmOv/eapxISrW8V5T/FMc2s6fHpYRJDJFkhf82Y=
Subject key identifier:   95:44:39:B2:39:08:5F:1D:F5:20:05:FF:55:BE:4C:B7:66:13:3F:08
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       06D48499682C6E15FDD0BB95937F5A59D390C123
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5549fdb0-617d-43e3-951f-9747f0d27829.roa
Signing time:             Sat 09 Aug 2025 00:10:38 +0000
ROA not before:           Sat 09 Aug 2025 00:10:38 +0000
ROA not after:            Sat 13 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:4140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:d4:84:99:68:2c:6e:15:fd:d0:bb:95:93:7f:5a:59:d3:90:c1:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug  9 00:10:38 2025 GMT
            Not After : Sep 13 23:59:59 2025 GMT
        Subject: serialNumber=dcced78331ded1d01f37531a0da4223a0f8f40cb8605c1b74f6feb60a8772d4f, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0c:8d:a1:7a:4c:fe:cb:93:2f:3f:c0:64:72:
                    6b:c5:88:01:5e:df:d3:42:69:0b:8d:c0:69:3b:78:
                    01:44:2d:d3:7b:3c:41:9f:19:b8:02:c9:00:f8:45:
                    68:80:c5:82:8f:cd:27:f1:17:2a:11:6d:cb:6d:45:
                    4e:4f:9a:23:72:3c:b4:af:98:17:1b:fe:9b:0d:b8:
                    64:4b:34:c4:1a:33:fa:4c:3f:1d:ed:90:07:42:7d:
                    6d:c7:aa:ed:69:46:62:18:a2:58:2d:26:56:b9:4f:
                    f3:20:14:26:54:f9:f8:8c:df:d6:a9:1b:a8:0e:f5:
                    ac:e6:86:c6:de:e9:20:d5:e1:2b:c1:33:5e:d0:f4:
                    37:01:4e:32:b2:e6:86:48:6d:14:e7:d3:a5:10:15:
                    a6:d6:86:c9:9e:6f:ec:2b:20:f4:ba:78:15:f4:fe:
                    cd:05:e5:91:fa:48:3c:af:f1:fc:a1:1b:23:c9:31:
                    2c:cf:06:04:50:50:6b:88:95:59:4c:1b:62:d3:e0:
                    a1:21:5f:c8:15:97:36:44:db:c1:23:03:02:c6:db:
                    35:88:5c:c5:2f:60:7d:d8:e5:33:50:a2:7e:ea:67:
                    b3:3a:ff:7d:3c:88:58:e1:e3:6c:5b:f3:07:a5:65:
                    74:4d:51:ce:98:7c:7c:0b:61:63:1b:a8:23:87:2b:
                    2d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:44:39:B2:39:08:5F:1D:F5:20:05:FF:55:BE:4C:B7:66:13:3F:08
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5549fdb0-617d-43e3-951f-9747f0d27829.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:4140::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:ad:f9:76:a1:47:f8:6a:0d:c7:df:36:b5:81:8c:65:c3:8b:
         ce:5c:0d:2b:df:c1:29:be:f8:43:69:f0:3a:03:e8:f5:14:62:
         0f:01:a6:92:ee:0e:1d:c8:16:b0:39:42:96:6c:df:28:06:f5:
         0c:f8:04:e2:c8:39:64:ae:ca:47:14:47:db:db:69:5a:0f:17:
         70:69:43:e5:3d:3b:70:5d:5f:bb:38:b6:91:44:6a:25:73:10:
         11:6f:d6:d3:9f:c0:b3:ac:5e:6d:58:91:06:ae:c6:3a:20:f9:
         8e:cf:92:73:3e:cd:06:73:df:a3:72:d4:f4:f0:96:c9:43:c2:
         e6:7e:75:e2:6e:78:5c:45:8f:39:7a:02:9e:b6:92:48:53:f2:
         7d:7c:96:b2:da:21:1d:7c:2b:5a:2e:f3:45:31:b8:06:38:63:
         53:03:59:9f:2e:15:6c:c7:c1:62:46:db:c8:da:63:33:e9:be:
         5e:d0:07:a9:17:89:56:cb:2a:e4:89:db:b2:33:44:9f:de:eb:
         15:65:a6:c4:ec:be:19:d2:16:d6:65:61:bc:50:6f:2b:b0:f9:
         21:aa:49:77:e3:ef:61:19:a7:39:a1:35:1c:71:58:22:89:1b:
         2b:71:3a:5e:6e:9b:84:d9:28:0d:aa:42:6b:ef:2a:35:9f:4b:
         f4:b9:d7:72
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUBtSEmWgsbhX90LuVk39aWdOQwSMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODA5MDAxMDM4WhcNMjUwOTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkY2NlZDc4MzMxZGVkMWQwMWYzNzUzMWEwZGE0MjIzYTBm
OGY0MGNiODYwNWMxYjc0ZjZmZWI2MGE4NzcyZDRmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoDI2hekz+y5MvP8BkcmvFiAFe39NCaQuNwGk7eAFELdN7
PEGfGbgCyQD4RWiAxYKPzSfxFyoRbcttRU5PmiNyPLSvmBcb/psNuGRLNMQaM/pM
Px3tkAdCfW3Hqu1pRmIYolgtJla5T/MgFCZU+fiM39apG6gO9azmhsbe6SDV4SvB
M17Q9DcBTjKy5oZIbRTn06UQFabWhsmeb+wrIPS6eBX0/s0F5ZH6SDyv8fyhGyPJ
MSzPBgRQUGuIlVlMG2LT4KEhX8gVlzZE28EjAwLG2zWIXMUvYH3Y5TNQon7qZ7M6
/308iFjh42xb8welZXRNUc6YfHwLYWMbqCOHKy3NAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUlUQ5sjkIXx31IAX/Vb5Mt2YTPwgwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzU1NDlmZGIwLTYxN2QtNDNlMy05NTFmLTk3NDdmMGQyNzgyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwQUAwDQYJKoZIhvcNAQELBQADggEBAD2t+XahR/hqDcffNrWBjGXD
i85cDSvfwSm++ENp8DoD6PUUYg8BppLuDh3IFrA5QpZs3ygG9Qz4BOLIOWSuykcU
R9vbaVoPF3BpQ+U9O3BdX7s4tpFEaiVzEBFv1tOfwLOsXm1YkQauxjog+Y7PknM+
zQZz36Ny1PTwlslDwuZ+deJueFxFjzl6Ap62kkhT8n18lrLaIR18K1ou80UxuAY4
Y1MDWZ8uFWzHwWJG28jaYzPpvl7QB6kXiVbLKuSJ27IzRJ/e6xVlpsTsvhnSFtZl
YbxQbyuw+SGqSXfj72EZpzmhNRxxWCKJGytxOl5um4TZKA2qQmvvKjWfS/S513I=
-----END CERTIFICATE-----