Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b6f8c745-8807-42bd-924e-8afc5f67cb0c.roa
File:                     b6f8c745-8807-42bd-924e-8afc5f67cb0c.roa (raw, json)
Hash identifier:          MLZUFdpTMKICBG06uWmWy4hYCF3EKeGQlWDeS/aqQA4=
Subject key identifier:   57:5C:6F:98:62:FE:F5:0C:24:11:B5:99:0E:56:0A:34:A4:76:1E:BB
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       78954EF9DE45C3B7BE32947BC958356325D5CFFD
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b6f8c745-8807-42bd-924e-8afc5f67cb0c.roa
Signing time:             Fri 08 Aug 2025 00:30:53 +0000
ROA not before:           Fri 08 Aug 2025 00:30:53 +0000
ROA not after:            Fri 12 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:e00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:95:4e:f9:de:45:c3:b7:be:32:94:7b:c9:58:35:63:25:d5:cf:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug  8 00:30:53 2025 GMT
            Not After : Sep 12 23:59:59 2025 GMT
        Subject: serialNumber=03a2e550525d7e3e83b54fc60b0de5e8665819586298c44e6dd1175e9d8129e7, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:27:bf:03:c0:90:c9:5d:d6:32:94:33:23:b3:
                    a7:77:2a:52:4c:a1:5f:58:7f:ef:c0:4b:a7:be:61:
                    70:8f:06:e7:9f:83:ce:f0:d9:9c:a4:d0:66:bf:47:
                    bd:33:c5:47:0e:4e:f7:77:96:c6:bd:1e:4e:dc:1d:
                    b5:35:c9:05:fd:f0:9b:08:8e:19:13:37:fc:a9:65:
                    da:54:b3:93:5e:91:f8:64:62:38:ca:3f:53:55:a8:
                    a9:73:51:01:b6:db:68:94:c9:5c:11:2a:76:fe:30:
                    97:a6:c1:b5:80:34:ad:c3:64:60:79:cd:b7:fe:4b:
                    2e:dd:80:31:1d:f0:6f:df:63:ec:64:2f:31:ff:5b:
                    c8:64:b7:b3:2f:69:f7:ea:2a:c5:cf:ff:27:43:df:
                    13:9b:00:9c:d8:7e:fb:14:07:ef:79:31:2d:b8:14:
                    21:e5:61:7a:a8:05:5e:7a:70:58:eb:07:b2:4b:ad:
                    2b:fc:5e:a8:3f:35:3c:c3:88:44:c9:ef:aa:27:56:
                    25:96:80:f9:f1:68:ca:51:7f:a0:f0:6e:e1:a8:51:
                    fe:3f:a5:67:62:7a:fd:63:9d:2a:bd:5c:e5:ab:f9:
                    30:4f:c9:c6:bd:99:96:d4:e5:59:cc:1a:ef:cf:97:
                    a8:2e:4b:c6:04:5b:ef:49:4b:63:cd:43:f5:0b:c8:
                    a8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5C:6F:98:62:FE:F5:0C:24:11:B5:99:0E:56:0A:34:A4:76:1E:BB
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b6f8c745-8807-42bd-924e-8afc5f67cb0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:ba:ae:80:35:7f:19:8f:75:bb:fb:04:a0:69:73:c0:b2:d0:
         27:4e:3f:7b:e1:cb:aa:e7:5a:89:d0:89:80:cc:2d:24:47:db:
         c2:5a:f0:88:60:a3:1d:c9:76:52:32:14:7c:99:74:5f:58:fb:
         23:03:7c:1d:7d:63:98:12:70:72:78:0b:a0:80:b3:c0:a5:60:
         1c:8e:dc:3b:cf:d7:73:b5:b8:e9:06:0f:e1:2e:c0:be:80:fd:
         27:3f:a8:14:3c:0e:a9:69:4b:07:19:c5:a8:c2:8f:e2:a1:29:
         19:f6:93:01:c6:e8:12:e0:d2:6c:91:29:e1:12:6a:48:e8:d3:
         3e:fd:74:86:a5:e1:e4:21:11:93:34:6f:82:7e:ef:ea:b7:8d:
         f1:5c:de:b3:09:55:0c:c7:48:14:8a:2a:e9:0e:ae:64:6e:5a:
         f2:a4:a9:da:91:24:67:4b:64:d2:77:79:6f:21:b4:e2:b1:32:
         03:20:11:74:f3:00:3d:4b:15:31:19:22:73:ae:3f:d8:8b:ee:
         73:1c:61:62:f6:7a:a3:7e:ab:26:47:c1:d6:25:7f:2b:41:cb:
         54:98:e1:e0:4c:95:f5:2d:31:36:70:bb:70:48:07:68:b7:41:
         f5:47:13:11:6f:10:bb:f9:55:59:53:9e:09:4b:12:ee:f7:cd:
         3b:1a:64:3e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUeJVO+d5Fw7e+MpR7yVg1YyXVz/0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODA4MDAzMDUzWhcNMjUwOTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2EyZTU1MDUyNWQ3ZTNlODNiNTRmYzYwYjBkZTVlODY2
NTgxOTU4NjI5OGM0NGU2ZGQxMTc1ZTlkODEyOWU3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwJ78DwJDJXdYylDMjs6d3KlJMoV9Yf+/AS6e+YXCPBuef
g87w2Zyk0Ga/R70zxUcOTvd3lsa9Hk7cHbU1yQX98JsIjhkTN/ypZdpUs5Nekfhk
YjjKP1NVqKlzUQG222iUyVwRKnb+MJemwbWANK3DZGB5zbf+Sy7dgDEd8G/fY+xk
LzH/W8hkt7MvaffqKsXP/ydD3xObAJzYfvsUB+95MS24FCHlYXqoBV56cFjrB7JL
rSv8Xqg/NTzDiETJ76onViWWgPnxaMpRf6DwbuGoUf4/pWdiev1jnSq9XOWr+TBP
yca9mZbU5VnMGu/Pl6guS8YEW+9JS2PNQ/ULyKi5AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUV1xvmGL+9QwkEbWZDlYKNKR2HrswHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2I2ZjhjNzQ1LTg4MDctNDJiZC05MjRlLThhZmM1ZjY3Y2IwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwDjANBgkqhkiG9w0BAQsFAAOCAQEAi7qugDV/GY91u/sEoGlzwLLQ
J04/e+HLqudaidCJgMwtJEfbwlrwiGCjHcl2UjIUfJl0X1j7IwN8HX1jmBJwcngL
oICzwKVgHI7cO8/Xc7W46QYP4S7AvoD9Jz+oFDwOqWlLBxnFqMKP4qEpGfaTAcbo
EuDSbJEp4RJqSOjTPv10hqXh5CERkzRvgn7v6reN8VzeswlVDMdIFIoq6Q6uZG5a
8qSp2pEkZ0tk0nd5byG04rEyAyARdPMAPUsVMRkic64/2IvucxxhYvZ6o36rJkfB
1iV/K0HLVJjh4EyV9S0xNnC7cEgHaLdB9UcTEW8Qu/lVWVOeCUsS7vfNOxpkPg==
-----END CERTIFICATE-----