Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/64dce371-37b2-4fab-9d85-05ea7f2c1aab.roa
File:                     64dce371-37b2-4fab-9d85-05ea7f2c1aab.roa (raw, json)
Hash identifier:          ZqHgcs+CrSX+TcjMYUXGdsF1iNdCmpD04zihAKwsEsw=
Subject key identifier:   B9:F6:DA:4E:D9:75:94:82:D3:E5:CA:08:90:6F:58:42:AE:5E:63:E7
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       71F2EA2ACD76287492AA764F452B04A02296C141
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/64dce371-37b2-4fab-9d85-05ea7f2c1aab.roa
Signing time:             Tue 19 May 2026 04:30:22 +0000
ROA not before:           Tue 19 May 2026 04:30:22 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e300::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f2:ea:2a:cd:76:28:74:92:aa:76:4f:45:2b:04:a0:22:96:c1:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 19 04:30:22 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=403422818d9c4c862d0d0455487ef4dc6bc41883b5522bb12d6e0676b93dbb7a, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:92:60:48:8e:47:60:37:33:be:d8:4a:10:5d:
                    a9:5a:f1:01:49:3d:68:7d:53:1d:bc:60:d7:8d:1a:
                    9c:d7:f3:d7:4a:29:72:7a:20:ff:02:b9:34:30:7d:
                    e7:49:b6:da:f6:a3:82:2a:45:aa:51:59:cc:40:20:
                    2e:dd:6d:9c:b7:71:c2:97:0c:30:1b:aa:02:7c:d4:
                    75:25:07:3d:b6:be:57:01:85:8c:da:0e:19:44:3d:
                    21:71:de:b3:b8:43:28:8f:ec:c1:2f:1b:9a:7c:16:
                    2a:87:b3:b8:b7:57:55:1a:f6:15:6a:40:9b:b8:4d:
                    b1:bf:3d:27:f0:31:3d:e2:56:79:c6:7b:22:ad:86:
                    f7:98:60:7d:ab:db:d5:0d:2b:82:64:c8:92:5d:0b:
                    53:71:54:d3:82:c3:59:fa:4f:67:ee:04:8b:0f:d8:
                    be:d4:96:98:cd:e8:c4:ef:f4:19:7c:62:be:8e:2e:
                    57:d8:fc:52:6b:8b:df:2e:12:39:9e:6a:ab:13:20:
                    8f:0b:00:71:14:81:59:dd:9d:11:b3:26:d2:3e:97:
                    b2:e9:d0:61:1f:2b:e9:32:0b:ef:70:d4:2f:da:ae:
                    c6:e2:46:c2:5e:69:e1:63:a5:db:66:85:54:74:ad:
                    c1:60:89:06:91:4e:e6:dd:2e:1e:1e:82:32:c4:3e:
                    5b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F6:DA:4E:D9:75:94:82:D3:E5:CA:08:90:6F:58:42:AE:5E:63:E7
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/64dce371-37b2-4fab-9d85-05ea7f2c1aab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e300::/42

    Signature Algorithm: sha256WithRSAEncryption
         10:60:1d:84:7f:01:4c:ea:a8:17:fb:ff:bd:de:2b:5c:a5:52:
         f3:2a:0e:a2:88:21:1c:dd:60:d6:aa:aa:df:81:7c:c0:f9:a9:
         aa:1f:01:50:ef:c8:d3:f4:ba:eb:03:2d:42:52:a9:ae:7e:89:
         74:a8:b2:18:b0:df:09:7d:c4:97:7c:8c:70:d9:a4:e6:79:8c:
         d5:84:ca:1e:b9:0b:63:ea:8e:8f:92:91:4e:46:99:fd:86:50:
         a6:06:8b:09:ba:24:03:be:ac:d3:40:7b:48:8a:61:e8:ea:52:
         50:86:bc:a8:ef:86:da:a6:e3:ed:01:d2:07:77:cd:3e:bc:3a:
         63:5d:54:ed:b0:b2:02:d7:d2:e0:50:fd:92:73:93:a1:29:8f:
         19:f2:9d:d7:8d:a5:a9:52:40:97:2c:13:51:47:76:1f:c7:f6:
         25:37:14:04:02:a9:3e:c6:de:3c:25:60:25:6a:9d:13:72:1a:
         d1:00:c3:5b:2b:f0:ff:7e:09:29:c7:4d:bb:c8:6b:35:88:8d:
         1e:5f:21:37:35:1f:7d:8c:66:94:a9:9b:a2:04:2f:7e:c4:19:
         1b:b3:4d:06:54:67:84:dc:c9:b0:fb:dc:c3:41:dc:fe:b6:fd:
         00:a7:f4:f8:1e:6e:93:0b:b6:39:81:96:90:9c:03:ff:c6:83:
         96:78:d4:c5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcfLqKs12KHSSqnZPRSsEoCKWwUEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTE5MDQzMDIyWhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDM0MjI4MThkOWM0Yzg2MmQwZDA0NTU0ODdlZjRkYzZi
YzQxODgzYjU1MjJiYjEyZDZlMDY3NmI5M2RiYjdhMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdkmBIjkdgNzO+2EoQXala8QFJPWh9Ux28YNeNGpzX89dK
KXJ6IP8CuTQwfedJttr2o4IqRapRWcxAIC7dbZy3ccKXDDAbqgJ81HUlBz22vlcB
hYzaDhlEPSFx3rO4QyiP7MEvG5p8FiqHs7i3V1Ua9hVqQJu4TbG/PSfwMT3iVnnG
eyKthveYYH2r29UNK4JkyJJdC1NxVNOCw1n6T2fuBIsP2L7UlpjN6MTv9Bl8Yr6O
LlfY/FJri98uEjmeaqsTII8LAHEUgVndnRGzJtI+l7Lp0GEfK+kyC+9w1C/arsbi
RsJeaeFjpdtmhVR0rcFgiQaRTubdLh4egjLEPlvLAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUufbaTtl1lILT5coIkG9YQq5eY+cwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzY0ZGNlMzcxLTM3YjItNGZhYi05ZDg1LTA1ZWE3ZjJjMWFhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD74wAwDQYJKoZIhvcNAQELBQADggEBABBgHYR/AUzqqBf7/73eK1yl
UvMqDqKIIRzdYNaqqt+BfMD5qaofAVDvyNP0uusDLUJSqa5+iXSoshiw3wl9xJd8
jHDZpOZ5jNWEyh65C2Pqjo+SkU5Gmf2GUKYGiwm6JAO+rNNAe0iKYejqUlCGvKjv
htqm4+0B0gd3zT68OmNdVO2wsgLX0uBQ/ZJzk6EpjxnyndeNpalSQJcsE1FHdh/H
9iU3FAQCqT7G3jwlYCVqnRNyGtEAw1sr8P9+CSnHTbvIazWIjR5fITc1H32MZpSp
m6IEL37EGRuzTQZUZ4TcybD73MNB3P62/QCn9PgebpMLtjmBlpCcA//Gg5Z41MU=
-----END CERTIFICATE-----