Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa
File:                     a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa (raw, json)
Hash identifier:          cwlbi6oxTsuexJU2yQCQKHpU52yOcnjecAsgzf/Qw4E=
Subject key identifier:   11:4E:2A:10:BE:E0:D8:9A:F2:7D:B1:5C:52:47:14:BD:FD:D3:36:37
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4DF7BD9B8024A6C5A34B62CA1FF0350027CAC06D
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa
Signing time:             Sat 15 Nov 2025 05:00:07 +0000
ROA not before:           Sat 15 Nov 2025 05:00:07 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:551c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 19 Nov 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:f7:bd:9b:80:24:a6:c5:a3:4b:62:ca:1f:f0:35:00:27:ca:c0:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Nov 15 05:00:07 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=99bb1a55a6bc1c470b8768e709ce1fc38eb446b792e107433c8061ab6ba1e4be, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:54:da:87:ec:cf:2f:76:40:db:af:33:4b:a7:
                    9a:42:51:b1:7f:0f:c7:8b:18:53:d8:5b:1d:b3:66:
                    fa:25:db:1a:b1:15:88:39:5a:6d:be:f7:64:51:dd:
                    39:7b:96:ce:92:99:d5:6a:48:4a:b0:f2:f3:9c:9f:
                    97:cb:57:fe:2d:55:bd:79:1a:f9:1a:d1:a3:e3:84:
                    4d:83:d5:b6:ea:02:9a:0f:db:05:11:ec:a6:88:9a:
                    d4:ca:3d:cd:f8:c4:5f:7a:7a:3d:86:a3:a3:c7:7a:
                    f1:01:21:39:94:da:8d:af:b4:bb:8e:15:2a:55:9f:
                    a2:b9:5b:e2:29:6c:8b:af:33:3a:43:2e:fd:ef:74:
                    38:2b:94:05:85:5a:d3:61:ba:30:1b:61:f6:82:4d:
                    6e:b7:03:f1:73:11:44:39:db:48:81:9d:a2:04:d8:
                    5c:0c:62:40:82:37:47:4d:db:7b:9d:6e:7a:e7:af:
                    66:cd:ab:26:72:3d:32:67:81:bd:37:49:90:37:5c:
                    5f:41:e0:92:33:df:43:48:f7:c9:7b:b8:d7:bf:92:
                    b0:cd:f8:49:70:09:3d:7a:48:92:5f:8c:c8:15:57:
                    ea:b2:6c:19:1c:47:26:64:91:71:e4:65:c5:4a:c1:
                    48:dd:db:9d:c8:e0:ba:cd:12:9d:46:8e:22:0a:08:
                    d0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:4E:2A:10:BE:E0:D8:9A:F2:7D:B1:5C:52:47:14:BD:FD:D3:36:37
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a65dc579-55d0-4640-8ee5-6bd70e3dd724.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:551c::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:36:72:d0:ee:d2:cd:e6:20:f7:7b:e9:82:59:c1:42:d0:b5:
         94:fe:f3:d4:8d:77:b8:d2:63:41:d5:39:30:e4:92:78:dc:5c:
         1a:53:ec:37:4c:16:04:4d:c3:38:19:80:92:06:5b:f4:4d:5d:
         7f:f8:54:c2:a9:b6:a9:2a:84:f7:51:12:31:89:8a:0e:92:1e:
         65:5e:4b:35:45:7d:16:d5:13:64:ba:8d:d2:40:91:ed:b9:91:
         3b:7c:15:06:ba:a2:ea:15:be:69:56:7f:97:44:37:33:d3:c5:
         b8:8a:4f:ed:1c:d1:b6:2b:37:67:e8:66:f6:96:ae:bb:5c:d5:
         a3:cb:e4:23:98:cc:51:64:46:b7:90:5f:6c:41:dd:e4:66:a4:
         0c:2c:1c:b1:0c:84:84:6b:b1:79:98:10:3f:b6:5e:b2:43:2d:
         46:46:88:96:ab:6c:ae:31:8a:47:7a:cf:95:06:50:7e:38:62:
         a1:04:f2:42:31:f9:20:ea:7f:74:0f:b0:0d:2f:cf:e6:1e:fa:
         bb:1c:86:0d:3e:9b:bf:32:d8:57:2f:fd:6b:25:4a:d9:e8:f1:
         f2:d4:79:20:c1:f9:39:f4:26:bc:5b:7d:dc:c1:1f:d1:55:45:
         f9:f8:90:3b:52:47:61:c9:e6:d2:a8:b4:d3:c9:2c:0d:09:20:
         33:88:20:b5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTfe9m4AkpsWjS2LKH/A1ACfKwG0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMTE1MDUwMDA3WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5OWJiMWE1NWE2YmMxYzQ3MGI4NzY4ZTcwOWNlMWZjMzhl
YjQ0NmI3OTJlMTA3NDMzYzgwNjFhYjZiYTFlNGJlMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWVNqH7M8vdkDbrzNLp5pCUbF/D8eLGFPYWx2zZvol2xqx
FYg5Wm2+92RR3Tl7ls6SmdVqSEqw8vOcn5fLV/4tVb15Gvka0aPjhE2D1bbqApoP
2wUR7KaImtTKPc34xF96ej2Go6PHevEBITmU2o2vtLuOFSpVn6K5W+IpbIuvMzpD
Lv3vdDgrlAWFWtNhujAbYfaCTW63A/FzEUQ520iBnaIE2FwMYkCCN0dN23udbnrn
r2bNqyZyPTJngb03SZA3XF9B4JIz30NI98l7uNe/krDN+ElwCT16SJJfjMgVV+qy
bBkcRyZkkXHkZcVKwUjd253I4LrNEp1GjiIKCNDRAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUEU4qEL7g2JryfbFcUkcUvf3TNjcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2E2NWRjNTc5LTU1ZDAtNDY0MC04ZWU1LTZiZDcwZTNkZDcyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRwwDQYJKoZIhvcNAQELBQADggEBAIA2ctDu0s3mIPd76YJZwULQ
tZT+89SNd7jSY0HVOTDkknjcXBpT7DdMFgRNwzgZgJIGW/RNXX/4VMKptqkqhPdR
EjGJig6SHmVeSzVFfRbVE2S6jdJAke25kTt8FQa6ouoVvmlWf5dENzPTxbiKT+0c
0bYrN2foZvaWrrtc1aPL5COYzFFkRreQX2xB3eRmpAwsHLEMhIRrsXmYED+2XrJD
LUZGiJarbK4xikd6z5UGUH44YqEE8kIx+SDqf3QPsA0vz+Ye+rschg0+m78y2Fcv
/WslStno8fLUeSDB+Tn0JrxbfdzBH9FVRfn4kDtSR2HJ5tKotNPJLA0JIDOIILU=
-----END CERTIFICATE-----