Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa
File:                     cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa (raw, json)
Hash identifier:          s5cm+fE21pfh8Rdt2ctW3ZwsL/no/Kg/afDzAh8weuo=
Subject key identifier:   F7:94:F3:53:B7:C1:22:3E:A4:9C:0E:D8:06:41:BC:43:04:DB:ED:EF
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       344A2B8D8093FE94B2C0D8CA8F2A5B6B1553A97C
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa
Signing time:             Mon 16 Jun 2025 19:10:19 +0000
ROA not before:           Mon 16 Jun 2025 19:10:19 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5518::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4a:2b:8d:80:93:fe:94:b2:c0:d8:ca:8f:2a:5b:6b:15:53:a9:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 16 19:10:19 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=5c75f1d2c6b40856095b9aa7e98b002c8eda57236165c4e9549cb2b12a4c555d, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f7:d3:8e:d1:f3:c8:ca:63:7f:9a:84:02:79:
                    8b:7a:f1:41:8f:5d:5b:99:11:a6:53:18:e8:93:2d:
                    0a:25:a4:fa:c6:d2:04:55:16:56:de:c1:21:58:a1:
                    7b:f6:f0:67:30:88:16:dd:4e:36:bd:fd:ab:40:0f:
                    ac:01:d4:2f:70:c6:a5:53:36:a5:5b:a4:f5:70:88:
                    58:61:1f:9b:53:07:d5:e6:c7:4f:3e:6e:b6:72:bb:
                    ac:d4:44:a0:76:cf:ef:1d:27:3a:fd:2f:52:09:13:
                    21:7e:f6:a4:15:5e:98:3d:b7:d0:5c:8b:69:89:6b:
                    3f:04:2b:27:5a:e7:cf:34:9a:56:ad:f1:be:85:2c:
                    7e:f5:f5:60:1e:19:80:e2:a7:88:ef:0e:4a:13:26:
                    31:a2:a9:47:78:41:76:15:60:01:b1:f5:09:61:95:
                    8a:c4:a0:e0:75:83:de:fc:6a:ce:0b:d1:dd:21:21:
                    b5:9c:68:40:92:6c:03:2c:0d:49:9a:3d:17:6f:31:
                    e2:93:a7:ee:2a:29:02:24:0a:59:c8:2c:7d:bc:d0:
                    42:2d:93:42:d9:a9:7a:1c:74:f9:e5:e3:8b:c4:14:
                    6d:49:0d:2a:b1:03:21:48:3c:fe:b9:a5:ce:86:2a:
                    ce:38:c7:8d:e5:db:9e:9e:55:53:fa:1b:6a:5c:ae:
                    7f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:94:F3:53:B7:C1:22:3E:A4:9C:0E:D8:06:41:BC:43:04:DB:ED:EF
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5518::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:c2:40:aa:b8:4e:e1:d1:65:8c:64:d9:e7:8f:f8:7d:d9:65:
         79:22:2b:0b:f9:55:86:03:df:e9:cb:e7:b2:34:3d:dc:18:2e:
         65:15:96:b3:c3:cb:34:51:6f:48:a9:13:fe:78:31:20:07:cd:
         3a:13:31:12:03:06:48:de:97:06:60:6a:ac:8b:ee:08:f6:cd:
         69:ce:9d:6c:6d:b9:98:3a:08:8e:10:59:75:5f:d4:2a:0c:ac:
         fa:6e:81:0a:d2:27:0e:15:a8:56:15:00:76:0a:75:12:16:ad:
         f4:96:f3:48:ee:ab:db:b3:a8:68:75:7e:01:f6:ff:cf:1a:ed:
         60:aa:a1:a9:68:0a:c0:97:b5:9d:b0:f5:4e:bc:21:a3:32:59:
         1c:5c:f3:18:0b:56:c5:98:e1:cc:b3:8f:9a:cf:41:d5:a6:ac:
         82:db:38:ba:fa:11:f3:3a:5b:c7:e2:08:9e:fe:6b:44:0e:a5:
         16:fb:6c:3a:aa:05:a5:71:ff:78:a6:e8:e7:83:6d:fd:b2:74:
         71:95:03:6d:2f:67:81:f8:2f:84:22:af:5c:a1:c7:0b:7e:5a:
         20:6e:11:f5:55:6e:fd:b2:28:82:75:39:5a:45:76:bb:88:15:
         0b:34:b6:1a:2c:74:69:98:6d:3f:cd:27:8d:d3:d9:8c:b3:ed:
         03:75:e3:82
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUNEorjYCT/pSywNjKjypbaxVTqXwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjE2MTkxMDE5WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Yzc1ZjFkMmM2YjQwODU2MDk1YjlhYTdlOThiMDAyYzhl
ZGE1NzIzNjE2NWM0ZTk1NDljYjJiMTJhNGM1NTVkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDU99OO0fPIymN/moQCeYt68UGPXVuZEaZTGOiTLQolpPrG
0gRVFlbewSFYoXv28GcwiBbdTja9/atAD6wB1C9wxqVTNqVbpPVwiFhhH5tTB9Xm
x08+brZyu6zURKB2z+8dJzr9L1IJEyF+9qQVXpg9t9Bci2mJaz8EKyda5880mlat
8b6FLH719WAeGYDip4jvDkoTJjGiqUd4QXYVYAGx9QlhlYrEoOB1g978as4L0d0h
IbWcaECSbAMsDUmaPRdvMeKTp+4qKQIkClnILH280EItk0LZqXocdPnl44vEFG1J
DSqxAyFIPP65pc6GKs44x43l256eVVP6G2pcrn8VAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU95TzU7fBIj6knA7YBkG8QwTb7e8wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2NiZjQzZDk5LTRkMDEtNGQyNC1hZGE5LTZlMzQzNjhkMWQ3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRgwDQYJKoZIhvcNAQELBQADggEBAFTCQKq4TuHRZYxk2eeP+H3Z
ZXkiKwv5VYYD3+nL57I0PdwYLmUVlrPDyzRRb0ipE/54MSAHzToTMRIDBkjelwZg
aqyL7gj2zWnOnWxtuZg6CI4QWXVf1CoMrPpugQrSJw4VqFYVAHYKdRIWrfSW80ju
q9uzqGh1fgH2/88a7WCqoaloCsCXtZ2w9U68IaMyWRxc8xgLVsWY4cyzj5rPQdWm
rILbOLr6EfM6W8fiCJ7+a0QOpRb7bDqqBaVx/3im6OeDbf2ydHGVA20vZ4H4L4Qi
r1yhxwt+WiBuEfVVbv2yKIJ1OVpFdruIFQs0thosdGmYbT/NJ43T2Yyz7QN144I=
-----END CERTIFICATE-----
Generated at Mon Jun 30 19:52:14 2025 by rpki-client