Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa
File:                     a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa (raw, json)
Hash identifier:          uCKpMdqJoMomhrrCkdcihE1Gj4RnHnGBBwXhfkpDzyQ=
Subject key identifier:   C9:96:4B:AE:D2:B9:ED:58:31:73:39:A5:C5:AB:B1:B5:3A:D9:61:B0
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4BB0EF84A12A4AFEBF68961DC2DD38F2CB5101E8
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa
Signing time:             Tue 21 Oct 2025 12:50:44 +0000
ROA not before:           Tue 21 Oct 2025 12:50:44 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:551c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 28 Oct 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:b0:ef:84:a1:2a:4a:fe:bf:68:96:1d:c2:dd:38:f2:cb:51:01:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 21 12:50:44 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=a067bd4483527818bc19d13277df2fa22d51400867de1dd0c61d704f2202481c, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:61:66:0e:46:dc:85:91:04:88:d0:b9:44:5c:
                    1e:5c:24:0d:33:a9:ad:29:df:dd:17:15:9e:fc:6c:
                    e0:c0:75:ec:2a:30:82:b3:7a:21:16:87:3e:4f:5d:
                    ab:55:6b:cb:8c:d6:81:d0:0e:18:bd:63:ad:a7:ec:
                    40:92:38:c1:aa:bd:7d:a6:85:7e:2b:1d:1e:9b:e9:
                    41:ff:0e:8e:56:53:39:bf:06:71:a7:d2:93:6b:81:
                    11:95:f3:67:af:02:ba:ac:cf:4a:ee:52:9e:29:58:
                    cb:a1:46:a2:99:43:db:2b:6d:79:dd:c8:6e:d8:68:
                    ca:8c:cf:dd:a7:52:61:2f:f0:be:f3:ef:91:50:67:
                    23:aa:61:cd:4a:fd:6e:20:ef:23:ed:7e:7d:a0:38:
                    77:f0:40:fc:7c:93:f8:92:e2:95:45:fb:62:7c:1a:
                    f7:41:fe:82:d5:00:ab:12:4f:6e:4f:c8:03:f4:59:
                    e9:42:3a:eb:ce:a7:e9:69:35:33:9e:78:71:82:e1:
                    06:2f:c3:96:26:42:96:49:90:0c:8c:54:fc:fb:70:
                    07:07:a9:ce:71:16:b8:27:36:be:ad:c4:91:b2:67:
                    5b:77:09:28:e5:71:8a:5c:10:06:60:04:f3:d7:2a:
                    3e:fd:ba:51:78:23:f0:56:32:0a:1f:b9:6d:0a:b0:
                    97:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:96:4B:AE:D2:B9:ED:58:31:73:39:A5:C5:AB:B1:B5:3A:D9:61:B0
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:551c::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:3e:b0:ba:f0:10:06:5d:77:01:18:bb:6b:69:dd:6d:ed:ad:
         97:83:79:d7:ce:45:92:68:e6:6e:db:43:d9:2b:0d:10:ab:10:
         46:53:9f:f8:4d:64:b1:c2:5a:79:13:3e:67:db:a5:ca:8a:c5:
         ba:f4:50:82:11:ca:92:f3:a4:a8:5d:28:03:ff:e4:c3:aa:9a:
         80:64:79:ed:ae:65:56:95:b7:9a:69:45:7c:9c:d3:b4:7e:b6:
         df:87:e7:20:fa:f3:93:73:bf:68:c5:a0:db:d7:e8:7e:68:aa:
         39:16:d1:25:fb:2b:99:6c:2d:0a:73:17:aa:0b:d2:63:57:0e:
         1e:2d:5a:f0:74:01:ab:c3:36:03:cf:80:df:06:6f:cc:67:96:
         9a:16:21:9b:a6:ec:b8:7e:77:58:d3:b6:41:c2:5d:a4:f9:24:
         d9:50:c4:03:c8:4e:22:58:05:7f:67:3a:11:2c:f5:5f:cb:15:
         10:45:f0:9a:0a:2a:31:05:90:9c:0d:16:65:52:83:20:db:46:
         cf:01:2d:02:f2:cd:19:46:04:74:08:69:62:79:6f:64:f0:74:
         89:b3:99:c9:63:1f:e5:88:a4:a7:f0:1f:a4:50:a9:92:f0:a8:
         73:ea:ab:51:a1:04:05:cb:0a:b6:b0:e3:8e:a0:3b:59:d6:7a:
         f2:42:e0:58
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUS7DvhKEqSv6/aJYdwt048stRAegwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDIxMTI1MDQ0WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDY3YmQ0NDgzNTI3ODE4YmMxOWQxMzI3N2RmMmZhMjJk
NTE0MDA4NjdkZTFkZDBjNjFkNzA0ZjIyMDI0ODFjMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQYWYORtyFkQSI0LlEXB5cJA0zqa0p390XFZ78bODAdewq
MIKzeiEWhz5PXatVa8uM1oHQDhi9Y62n7ECSOMGqvX2mhX4rHR6b6UH/Do5WUzm/
BnGn0pNrgRGV82evArqsz0ruUp4pWMuhRqKZQ9srbXndyG7YaMqMz92nUmEv8L7z
75FQZyOqYc1K/W4g7yPtfn2gOHfwQPx8k/iS4pVF+2J8GvdB/oLVAKsST25PyAP0
WelCOuvOp+lpNTOeeHGC4QYvw5YmQpZJkAyMVPz7cAcHqc5xFrgnNr6txJGyZ1t3
CSjlcYpcEAZgBPPXKj79ulF4I/BWMgofuW0KsJejAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUyZZLrtK57VgxczmlxauxtTrZYbAwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2E2NWRjNTc5LTU1ZDAtNDY0MC04ZWU1LTZiZDcwZTNkZDcyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRwwDQYJKoZIhvcNAQELBQADggEBACE+sLrwEAZddwEYu2tp3W3t
rZeDedfORZJo5m7bQ9krDRCrEEZTn/hNZLHCWnkTPmfbpcqKxbr0UIIRypLzpKhd
KAP/5MOqmoBkee2uZVaVt5ppRXyc07R+tt+H5yD685Nzv2jFoNvX6H5oqjkW0SX7
K5lsLQpzF6oL0mNXDh4tWvB0AavDNgPPgN8Gb8xnlpoWIZum7Lh+d1jTtkHCXaT5
JNlQxAPITiJYBX9nOhEs9V/LFRBF8JoKKjEFkJwNFmVSgyDbRs8BLQLyzRlGBHQI
aWJ5b2TwdImzmcljH+WIpKfwH6RQqZLwqHPqq1GhBAXLCraw446gO1nWevJC4Fg=
-----END CERTIFICATE-----