Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d15a05ff-c7dc-4ae1-a379-030aa5939dc3.roa
File:                     d15a05ff-c7dc-4ae1-a379-030aa5939dc3.roa (raw, json)
Hash identifier:          2tcbuZ8lAEQUT7jDmRZqZNO1GQgaT0F1zcqo+qrHu64=
Subject key identifier:   63:BC:11:A5:A8:96:C8:72:DD:ED:7F:A0:1E:AF:DB:D0:A2:59:95:37
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       683E2EA32A73C096554C98E73F30E140184266BA
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d15a05ff-c7dc-4ae1-a379-030aa5939dc3.roa
Signing time:             Fri 15 Aug 2025 21:22:19 +0000
ROA not before:           Fri 15 Aug 2025 21:22:19 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:610f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:3e:2e:a3:2a:73:c0:96:55:4c:98:e7:3f:30:e1:40:18:42:66:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 15 21:22:19 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=30c900fc4910447f5f46972e7137fb40a880703c4c39de0254cda44e10749e54, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e0:08:7e:a3:e4:e2:5f:59:09:dd:ef:e8:dc:
                    1b:a4:e0:8a:59:d2:b7:73:5f:7e:d0:4b:b3:e0:d9:
                    d4:f3:f4:c2:92:48:5c:3f:7a:cb:e8:c8:f6:f6:76:
                    8b:42:4a:0d:d1:ed:7d:fa:17:5a:4a:4f:ca:5e:78:
                    e9:95:3c:f5:ca:de:6c:8b:d3:85:f5:bf:9a:9a:4e:
                    64:77:56:7d:40:a8:92:61:f6:af:9b:db:57:1f:2c:
                    92:a1:63:02:80:ac:55:68:12:32:fb:23:76:ef:7b:
                    07:1b:ea:d5:e8:c6:c1:6b:7b:32:4b:bd:7f:90:f5:
                    b1:cc:d8:ec:51:c8:59:b7:f6:2d:9b:f0:9d:67:27:
                    9f:b4:84:8c:96:36:38:73:df:28:ca:9b:65:d8:80:
                    67:43:98:67:75:96:2b:a9:18:b0:e5:9c:77:f5:30:
                    ca:7c:f7:f5:e6:e5:73:6c:60:3e:7f:fc:b0:a3:2d:
                    3d:30:0f:db:fb:19:88:16:a4:87:9c:ad:f6:30:c9:
                    53:e7:07:b6:92:ec:ad:d0:16:5a:5d:12:28:bb:4e:
                    b8:76:cb:55:10:8f:7b:f7:ce:c6:5c:eb:16:74:07:
                    26:29:46:2d:cb:d4:6b:85:47:0b:d7:10:cc:4d:90:
                    32:8c:09:58:5d:14:a0:55:f3:a8:df:36:7a:a5:e2:
                    0a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BC:11:A5:A8:96:C8:72:DD:ED:7F:A0:1E:AF:DB:D0:A2:59:95:37
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d15a05ff-c7dc-4ae1-a379-030aa5939dc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:610f::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:df:c0:fb:89:8c:1c:ce:d2:3a:54:88:dc:23:60:83:79:1e:
         6d:21:69:13:76:95:56:57:36:ea:dd:70:8b:0c:9b:7b:8c:50:
         ed:e6:33:1f:0e:b5:53:6f:c8:f1:f2:39:af:d4:01:40:f6:2b:
         b4:5c:f6:be:06:6a:7c:0f:d5:81:ab:97:97:e5:ee:87:69:c9:
         ba:b0:c3:bd:b2:99:d6:17:24:8b:05:f2:65:bd:42:a1:32:0f:
         40:1b:6c:ec:68:11:ca:ac:ba:77:01:55:ac:34:c7:2b:e5:16:
         1c:38:35:cc:62:af:da:7f:76:c6:95:cf:1e:da:d5:4b:68:0b:
         98:92:08:4b:4f:00:eb:93:0c:53:81:42:18:f9:a0:e5:a2:e0:
         3b:f2:be:bb:e0:57:7c:6c:e1:82:fb:1a:f4:33:7c:83:9c:87:
         bd:a7:3a:18:36:21:11:a0:d0:cc:b0:0d:86:27:87:ef:ef:97:
         3c:db:8a:e4:50:f9:08:75:24:b3:39:96:ab:a5:c7:99:0d:5c:
         5c:53:d1:a7:27:e7:51:66:bb:98:39:73:d5:43:8e:96:f3:74:
         5c:74:46:ee:2f:f7:40:f6:fa:b7:c8:5d:31:be:d4:2d:11:cb:
         4f:f1:b2:67:b8:2e:99:00:ad:59:1f:e5:b2:d7:4f:3d:2c:bf:
         de:9a:06:61
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUaD4uoypzwJZVTJjnPzDhQBhCZrowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODE1MjEyMjE5WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGM5MDBmYzQ5MTA0NDdmNWY0Njk3MmU3MTM3ZmI0MGE4
ODA3MDNjNGMzOWRlMDI1NGNkYTQ0ZTEwNzQ5ZTU0MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC04Ah+o+TiX1kJ3e/o3Buk4IpZ0rdzX37QS7Pg2dTz9MKS
SFw/esvoyPb2dotCSg3R7X36F1pKT8peeOmVPPXK3myL04X1v5qaTmR3Vn1AqJJh
9q+b21cfLJKhYwKArFVoEjL7I3bvewcb6tXoxsFrezJLvX+Q9bHM2OxRyFm39i2b
8J1nJ5+0hIyWNjhz3yjKm2XYgGdDmGd1liupGLDlnHf1MMp89/Xm5XNsYD5//LCj
LT0wD9v7GYgWpIecrfYwyVPnB7aS7K3QFlpdEii7Trh2y1UQj3v3zsZc6xZ0ByYp
Ri3L1GuFRwvXEMxNkDKMCVhdFKBV86jfNnql4gp7AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUY7wRpaiWyHLd7X+gHq/b0KJZlTcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2QxNWEwNWZmLWM3ZGMtNGFlMS1hMzc5LTAzMGFhNTkzOWRjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYQ8wDQYJKoZIhvcNAQELBQADggEBAHrfwPuJjBzO0jpUiNwjYIN5
Hm0haRN2lVZXNurdcIsMm3uMUO3mMx8OtVNvyPHyOa/UAUD2K7Rc9r4GanwP1YGr
l5fl7odpybqww72ymdYXJIsF8mW9QqEyD0AbbOxoEcqsuncBVaw0xyvlFhw4Ncxi
r9p/dsaVzx7a1UtoC5iSCEtPAOuTDFOBQhj5oOWi4DvyvrvgV3xs4YL7GvQzfIOc
h72nOhg2IRGg0MywDYYnh+/vlzzbiuRQ+Qh1JLM5lqulx5kNXFxT0acn51Fmu5g5
c9VDjpbzdFx0Ru4v90D2+rfIXTG+1C0Ry0/xsme4LpkArVkf5bLXTz0sv96aBmE=
-----END CERTIFICATE-----