Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/adb258f2-061e-4e94-b6ee-d4de9405ec61.roa
File:                     adb258f2-061e-4e94-b6ee-d4de9405ec61.roa (raw, json)
Hash identifier:          DmcmtIzdKxKGIZvCSQSgGBG0aTTjmscbz5yB7d1B5yg=
Subject key identifier:   2E:2A:63:EC:9D:90:4D:DA:BB:3C:E4:B7:D3:92:B9:84:19:51:4C:99
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1A2B4F4DC09F7C5F8D977B77DBDE12D8D64AAB01
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/adb258f2-061e-4e94-b6ee-d4de9405ec61.roa
Signing time:             Fri 26 Sep 2025 18:20:17 +0000
ROA not before:           Fri 26 Sep 2025 18:20:17 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:2b:4f:4d:c0:9f:7c:5f:8d:97:7b:77:db:de:12:d8:d6:4a:ab:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 26 18:20:17 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=b80d8fc1ed13bb059d0f6c140afe5610e36f45a0a42d401d42c625119079e432, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fd:f2:9f:41:57:42:70:a4:23:ae:3f:1c:e5:
                    12:7c:c2:96:42:90:fc:3e:e4:c1:f0:7d:89:9f:cd:
                    33:e2:b1:78:54:49:11:e7:9d:34:2c:62:ca:b8:ff:
                    fd:fd:60:25:ac:53:59:e2:79:f6:95:40:f9:3e:31:
                    90:0b:eb:bb:09:c4:e4:8a:88:ab:4a:d1:4b:84:93:
                    23:cc:15:a3:26:c0:15:a7:22:6b:b0:c9:cc:d8:e9:
                    5a:86:9e:6f:6d:09:75:ad:b5:f2:b6:af:58:e7:ab:
                    69:32:e1:66:bb:c2:ed:fe:c5:ec:7c:1c:97:5f:ff:
                    2c:77:10:08:54:33:87:8d:56:5d:16:1a:81:09:0d:
                    c3:39:70:cd:26:28:14:25:c4:73:d0:d0:47:ae:9b:
                    8e:40:c9:0d:03:47:0b:40:a8:54:14:98:f6:f7:87:
                    16:f8:0d:70:cb:b4:d4:fd:0e:16:6f:1c:1e:3a:61:
                    30:28:48:3b:16:28:87:89:37:da:35:ee:28:a7:33:
                    96:73:0a:05:8f:fa:5f:97:1e:a6:f7:c2:f6:c2:55:
                    8e:15:7d:f5:88:56:67:b9:2c:ab:57:31:e3:96:c1:
                    b5:cf:e8:d3:44:c3:df:22:10:c8:9d:88:b8:c8:a6:
                    df:36:c7:a2:44:74:6f:bb:9d:e0:cd:74:02:9f:07:
                    a8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:2A:63:EC:9D:90:4D:DA:BB:3C:E4:B7:D3:92:B9:84:19:51:4C:99
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/adb258f2-061e-4e94-b6ee-d4de9405ec61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:cc:78:08:32:66:a1:2d:66:bc:be:09:c4:c6:af:f2:4e:11:
         f0:ee:d8:e1:5d:c9:06:b5:c1:0b:e2:f1:e8:a8:fd:e6:c5:71:
         a6:f8:79:6a:18:d2:98:65:75:93:4e:e9:04:8e:bc:13:d6:2d:
         df:92:11:1d:c2:8b:be:f2:2e:c2:26:ef:fe:8e:7a:1e:ed:ab:
         2b:ad:68:b9:f1:b6:b4:16:76:e4:4d:7d:f1:dd:fd:2d:82:48:
         19:33:75:13:f2:6d:c1:e4:e6:87:8b:16:57:37:af:55:e8:a6:
         1b:a2:b9:e6:79:23:af:72:af:1a:73:e3:1b:ba:3b:71:c7:88:
         6a:c7:7d:b6:60:ca:7e:fd:9d:b0:3b:8f:26:48:88:53:83:10:
         dc:98:ad:7e:d7:7a:f6:4f:29:64:0f:bf:1c:d9:e6:0a:ce:fb:
         12:88:aa:c7:3e:89:44:1f:f6:74:6d:b0:f1:93:aa:52:dc:35:
         f1:44:69:bb:cd:06:36:f8:08:04:37:c4:22:e8:b7:67:78:6a:
         64:fe:e3:d9:bc:b9:2a:45:66:b0:c3:d6:71:2b:c9:81:16:03:
         39:d1:74:74:08:bb:8c:04:71:73:a7:12:d3:23:bd:0f:03:2a:
         87:99:21:b1:da:a5:49:93:f8:21:1c:26:1e:3b:6e:f6:42:7f:
         1f:ca:64:87
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGitPTcCffF+Nl3t3294S2NZKqwEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI2MTgyMDE3WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiODBkOGZjMWVkMTNiYjA1OWQwZjZjMTQwYWZlNTYxMGUz
NmY0NWEwYTQyZDQwMWQ0MmM2MjUxMTkwNzllNDMyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE/fKfQVdCcKQjrj8c5RJ8wpZCkPw+5MHwfYmfzTPisXhU
SRHnnTQsYsq4//39YCWsU1niefaVQPk+MZAL67sJxOSKiKtK0UuEkyPMFaMmwBWn
ImuwyczY6VqGnm9tCXWttfK2r1jnq2ky4Wa7wu3+xex8HJdf/yx3EAhUM4eNVl0W
GoEJDcM5cM0mKBQlxHPQ0Eeum45AyQ0DRwtAqFQUmPb3hxb4DXDLtNT9DhZvHB46
YTAoSDsWKIeJN9o17iinM5ZzCgWP+l+XHqb3wvbCVY4VffWIVme5LKtXMeOWwbXP
6NNEw98iEMidiLjIpt82x6JEdG+7neDNdAKfB6hNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQULipj7J2QTdq7POS305K5hBlRTJkwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2FkYjI1OGYyLTA2MWUtNGU5NC1iNmVlLWQ0ZGU5NDA1ZWM2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwgDANBgkqhkiG9w0BAQsFAAOCAQEAo8x4CDJmoS1mvL4JxMav8k4R
8O7Y4V3JBrXBC+Lx6Kj95sVxpvh5ahjSmGV1k07pBI68E9Yt35IRHcKLvvIuwibv
/o56Hu2rK61oufG2tBZ25E198d39LYJIGTN1E/JtweTmh4sWVzevVeimG6K55nkj
r3KvGnPjG7o7cceIasd9tmDKfv2dsDuPJkiIU4MQ3Jitftd69k8pZA+/HNnmCs77
Eoiqxz6JRB/2dG2w8ZOqUtw18URpu80GNvgIBDfEIui3Z3hqZP7j2by5KkVmsMPW
cSvJgRYDOdF0dAi7jARxc6cS0yO9DwMqh5khsdqlSZP4IRwmHjtu9kJ/H8pkhw==
-----END CERTIFICATE-----