Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/942359be-660a-411d-a2eb-7723143d6fd3.roa
File:                     942359be-660a-411d-a2eb-7723143d6fd3.roa (raw, json)
Hash identifier:          NcovWPRQp1/itjeWA2qUVr0bZ1qVKE70A+9OkFBLWao=
Subject key identifier:   B6:B3:DD:74:9A:E8:BC:D9:87:C4:03:90:C2:09:E2:57:82:D8:6B:02
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4E6B6A77EBE9997EEF1088F13C5486044FCA446C
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/942359be-660a-411d-a2eb-7723143d6fd3.roa
Signing time:             Mon 06 Oct 2025 17:38:15 +0000
ROA not before:           Mon 06 Oct 2025 17:38:15 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:611e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:6b:6a:77:eb:e9:99:7e:ef:10:88:f1:3c:54:86:04:4f:ca:44:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct  6 17:38:15 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=3fd6807ed520899daa7c47910840e3f4f205cbb314ee6f2ba7d961b213c5e063, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b4:71:bc:0d:95:da:09:85:f9:91:c4:93:4c:
                    f6:d9:9a:81:3a:9d:27:d0:4c:ce:a8:8f:16:e5:0a:
                    2e:32:cc:33:08:d1:44:d0:76:7f:b9:63:46:61:92:
                    b2:c0:91:65:c4:d4:a8:f9:7a:11:3a:78:b2:9c:c1:
                    ed:95:b8:d6:29:41:38:d9:cd:22:c4:26:91:02:40:
                    62:af:5f:d2:5c:dc:f5:db:73:2c:2f:fd:76:30:e8:
                    c9:04:27:ec:47:da:bc:4b:ab:3b:a2:83:bc:62:c7:
                    2e:a1:19:fc:65:c5:86:b2:61:5c:00:c2:74:e9:aa:
                    65:0c:26:52:37:5b:ce:eb:75:d6:5b:74:59:aa:18:
                    cc:f3:70:c9:73:25:08:34:18:e3:bd:c7:15:38:40:
                    63:b2:22:00:8b:48:45:53:41:e0:9d:1c:ad:82:84:
                    29:43:36:3a:2f:5a:b2:89:ff:30:a9:01:1a:fe:dc:
                    b1:eb:5f:39:8b:d4:d1:a4:13:d8:9c:5a:a7:1e:44:
                    aa:90:7b:cf:e7:16:50:85:c7:18:4e:13:a7:8a:43:
                    ef:b8:97:a5:44:01:1c:fe:3b:18:5b:5c:80:49:37:
                    01:30:8f:7d:f7:14:a1:8d:bc:e8:e1:67:6b:32:b5:
                    d6:49:41:ac:01:94:99:63:37:88:8d:2f:00:83:c1:
                    16:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B3:DD:74:9A:E8:BC:D9:87:C4:03:90:C2:09:E2:57:82:D8:6B:02
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/942359be-660a-411d-a2eb-7723143d6fd3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:611e::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:b9:6e:78:b0:7c:f5:a6:75:d9:cf:13:ed:e4:d4:32:77:c7:
         27:16:ab:cf:37:3f:71:b0:54:1a:7a:c0:64:4c:41:4e:bc:90:
         b2:69:2c:23:4a:89:88:e2:a3:e6:79:a6:9e:8a:f8:e3:e9:c2:
         dc:af:1e:34:d1:0a:fa:99:15:8f:77:84:ac:dc:b0:59:57:04:
         20:0c:0d:78:c8:23:d3:4a:80:89:50:bf:47:e6:28:00:4f:79:
         5b:ef:29:8c:64:90:19:d9:d4:ce:d7:d7:68:f2:c6:df:18:8e:
         d5:35:b4:67:24:19:de:24:ec:f8:98:ec:8d:b7:17:e2:e3:88:
         73:f1:bb:aa:90:4e:64:13:19:e7:d9:98:f7:50:ce:3a:5c:eb:
         ed:e9:f1:92:81:15:31:e9:68:57:67:68:9d:f2:12:e0:7a:2d:
         90:64:c3:85:94:d6:cf:33:fe:a7:3a:26:6f:64:f9:f9:91:1c:
         72:98:cc:15:46:85:ee:03:aa:a7:e8:fa:3a:42:09:3b:06:bf:
         0f:37:86:5f:f1:8f:9e:ab:35:0f:f6:8f:14:1e:7d:e8:f1:15:
         5c:e5:7d:19:5a:c3:a6:70:6d:b8:4d:1c:ad:95:33:5d:10:8c:
         34:f8:f7:a0:48:f7:7d:ee:ed:44:6b:94:a3:82:3b:44:73:01:
         4e:19:e6:70
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTmtqd+vpmX7vEIjxPFSGBE/KRGwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDA2MTczODE1WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmQ2ODA3ZWQ1MjA4OTlkYWE3YzQ3OTEwODQwZTNmNGYy
MDVjYmIzMTRlZTZmMmJhN2Q5NjFiMjEzYzVlMDYzMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCztHG8DZXaCYX5kcSTTPbZmoE6nSfQTM6ojxblCi4yzDMI
0UTQdn+5Y0ZhkrLAkWXE1Kj5ehE6eLKcwe2VuNYpQTjZzSLEJpECQGKvX9Jc3PXb
cywv/XYw6MkEJ+xH2rxLqzuig7xixy6hGfxlxYayYVwAwnTpqmUMJlI3W87rddZb
dFmqGMzzcMlzJQg0GOO9xxU4QGOyIgCLSEVTQeCdHK2ChClDNjovWrKJ/zCpARr+
3LHrXzmL1NGkE9icWqceRKqQe8/nFlCFxxhOE6eKQ++4l6VEARz+OxhbXIBJNwEw
j333FKGNvOjhZ2sytdZJQawBlJljN4iNLwCDwRalAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUtrPddJrovNmHxAOQwgniV4LYawIwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2Lzk0MjM1OWJlLTY2MGEtNDExZC1hMmViLTc3MjMxNDNkNmZkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYR4wDQYJKoZIhvcNAQELBQADggEBAEW5bniwfPWmddnPE+3k1DJ3
xycWq883P3GwVBp6wGRMQU68kLJpLCNKiYjio+Z5pp6K+OPpwtyvHjTRCvqZFY93
hKzcsFlXBCAMDXjII9NKgIlQv0fmKABPeVvvKYxkkBnZ1M7X12jyxt8YjtU1tGck
Gd4k7PiY7I23F+LjiHPxu6qQTmQTGefZmPdQzjpc6+3p8ZKBFTHpaFdnaJ3yEuB6
LZBkw4WU1s8z/qc6Jm9k+fmRHHKYzBVGhe4Dqqfo+jpCCTsGvw83hl/xj56rNQ/2
jxQefejxFVzlfRlaw6ZwbbhNHK2VM10QjDT496BI933u7URrlKOCO0RzAU4Z5nA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:02:41 2025 by rpki-client