Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d21d01d2-e477-40e0-a950-5c0cc4c51caf.roa
File:                     d21d01d2-e477-40e0-a950-5c0cc4c51caf.roa (raw, json)
Hash identifier:          4ye2BJ9tO0R1mOxYhmYuxdLyth1wBAMfOkjJq2eYSHA=
Subject key identifier:   E6:5F:31:B0:7A:79:88:64:AE:B2:E5:75:D2:0C:98:E7:99:C3:14:20
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       08A3B6B441F931E0D76305A74B5D34056F0AB394
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d21d01d2-e477-40e0-a950-5c0cc4c51caf.roa
Signing time:             Mon 06 Oct 2025 17:37:41 +0000
ROA not before:           Mon 06 Oct 2025 17:37:41 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:6105::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:a3:b6:b4:41:f9:31:e0:d7:63:05:a7:4b:5d:34:05:6f:0a:b3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct  6 17:37:41 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=5ba6f7b38a36127d99f8e7563e18e3a3c16d5f4fdf9f458fd5db8d99e24dea62, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:d1:c2:37:8d:ef:dc:92:4f:52:e5:12:0e:
                    df:98:bc:c8:9b:7f:b1:fb:39:b1:b1:f6:92:42:61:
                    08:25:6e:5d:27:7a:06:ee:39:6e:30:32:93:ef:86:
                    e3:ca:82:76:e7:5c:75:b5:6e:99:fd:f4:77:73:5c:
                    21:91:23:56:6f:19:af:d6:8b:3b:02:6d:c6:13:b1:
                    5e:6a:6b:94:e5:ac:72:ed:23:a8:fd:ca:19:8f:74:
                    22:de:cb:24:60:64:bc:3f:3c:be:c1:50:e7:d6:dd:
                    d7:69:a1:22:58:45:61:cc:de:10:60:1e:7d:4b:5e:
                    c6:9d:f5:51:01:12:0a:41:15:96:27:a7:7b:6f:8c:
                    7c:97:7f:e2:52:b5:d9:ee:b5:3a:af:2b:63:8d:f4:
                    e7:87:68:68:0c:e4:36:4c:d3:b4:8b:49:b1:87:e4:
                    d0:69:7c:e9:d2:2a:3c:b2:61:84:5d:0b:95:14:61:
                    60:a1:08:3c:3d:32:0a:91:65:b6:3a:cb:d1:7d:a9:
                    c1:d9:34:79:f8:5c:cd:23:70:6d:08:9d:9b:c3:88:
                    c1:02:88:df:61:a4:a0:08:71:f7:d2:06:47:a6:bc:
                    8b:22:6b:d6:ab:81:23:86:dd:a7:72:d8:40:6e:94:
                    02:ce:06:2e:38:e8:39:6f:4d:c0:3b:52:7a:c0:1c:
                    a9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:5F:31:B0:7A:79:88:64:AE:B2:E5:75:D2:0C:98:E7:99:C3:14:20
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d21d01d2-e477-40e0-a950-5c0cc4c51caf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6105::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:32:d7:ee:b8:30:79:67:a2:5e:ec:f2:04:09:76:30:55:ae:
         72:f6:e8:cd:96:29:b8:40:ce:0d:f8:ce:3a:c1:b3:33:30:69:
         5e:1d:5d:03:17:28:d8:42:74:bb:87:8f:6f:81:85:a8:3b:66:
         85:db:ee:34:ff:4b:23:5a:62:6a:51:67:3c:e0:ef:7c:34:9a:
         71:c0:78:90:63:9e:cb:62:ab:31:99:cb:18:0d:89:6d:c9:47:
         93:34:6f:a8:a9:44:44:83:59:f7:61:06:a6:c3:83:c7:79:6c:
         59:05:72:76:a2:69:6c:0d:f0:d8:9c:7e:ea:c2:d1:d6:57:e9:
         96:e2:84:3b:9c:b2:22:b3:b8:c4:5a:1b:dc:4d:cd:6d:db:da:
         6e:d8:d3:a2:b4:72:62:b0:76:fa:1c:2d:8c:5d:ec:06:8e:ab:
         ca:66:d4:17:be:03:2a:f2:10:30:fe:ea:a0:91:2f:19:d2:36:
         84:73:04:02:32:e2:f4:e2:53:c0:b1:06:f7:1f:2f:ff:44:de:
         e7:ad:4c:90:d9:40:7e:10:5d:b1:fb:02:eb:26:4e:54:eb:23:
         b4:75:35:41:91:12:ca:8f:46:3d:95:1a:7b:46:c3:b4:75:3d:
         b9:e2:9c:62:2d:f0:2e:60:98:72:f9:fb:a9:7b:fd:48:2e:1d:
         e7:dd:33:5b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCKO2tEH5MeDXYwWnS100BW8Ks5QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDA2MTczNzQxWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YmE2ZjdiMzhhMzYxMjdkOTlmOGU3NTYzZTE4ZTNhM2Mx
NmQ1ZjRmZGY5ZjQ1OGZkNWRiOGQ5OWUyNGRlYTYyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs59HCN43v3JJPUuUSDt+YvMibf7H7ObGx9pJCYQglbl0n
egbuOW4wMpPvhuPKgnbnXHW1bpn99HdzXCGRI1ZvGa/WizsCbcYTsV5qa5TlrHLt
I6j9yhmPdCLeyyRgZLw/PL7BUOfW3ddpoSJYRWHM3hBgHn1LXsad9VEBEgpBFZYn
p3tvjHyXf+JStdnutTqvK2ON9OeHaGgM5DZM07SLSbGH5NBpfOnSKjyyYYRdC5UU
YWChCDw9MgqRZbY6y9F9qcHZNHn4XM0jcG0InZvDiMECiN9hpKAIcffSBkemvIsi
a9argSOG3ady2EBulALOBi446DlvTcA7UnrAHKkPAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU5l8xsHp5iGSusuV10gyY55nDFCAwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2QyMWQwMWQyLWU0NzctNDBlMC1hOTUwLTVjMGNjNGM1MWNhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYQUwDQYJKoZIhvcNAQELBQADggEBAHAy1+64MHlnol7s8gQJdjBV
rnL26M2WKbhAzg34zjrBszMwaV4dXQMXKNhCdLuHj2+Bhag7ZoXb7jT/SyNaYmpR
Zzzg73w0mnHAeJBjnstiqzGZyxgNiW3JR5M0b6ipRESDWfdhBqbDg8d5bFkFcnai
aWwN8NicfurC0dZX6ZbihDucsiKzuMRaG9xNzW3b2m7Y06K0cmKwdvocLYxd7AaO
q8pm1Be+AyryEDD+6qCRLxnSNoRzBAIy4vTiU8CxBvcfL/9E3uetTJDZQH4QXbH7
AusmTlTrI7R1NUGREsqPRj2VGntGw7R1PbninGIt8C5gmHL5+6l7/UguHefdM1s=
-----END CERTIFICATE-----