Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e0124927-afa7-4267-814d-16ec9e0135d2.roa
File:                     e0124927-afa7-4267-814d-16ec9e0135d2.roa (raw, json)
Hash identifier:          LqN5ezhNBSTjLoCIm6Ly2+/R3QIBIoV0klshFcuaYGw=
Subject key identifier:   F5:37:32:E0:C7:AB:02:97:E2:C4:BC:88:2B:D1:DD:F0:80:7B:E1:29
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       13F4B7D934D851AB78185BC7CA3896296443205A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e0124927-afa7-4267-814d-16ec9e0135d2.roa
Signing time:             Tue 21 Oct 2025 12:50:05 +0000
ROA not before:           Tue 21 Oct 2025 12:50:05 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:f4:b7:d9:34:d8:51:ab:78:18:5b:c7:ca:38:96:29:64:43:20:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 21 12:50:05 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=7a3e000ef55506d1cd13913f1bcdb9411bdb93aa1f5fdb993a131bd5342235e9, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d5:a2:5a:48:89:20:20:96:e9:06:eb:ac:b7:
                    6f:57:5b:41:75:ac:1d:c9:5c:7b:ee:82:e5:fe:cf:
                    0d:f7:79:56:75:a7:72:9d:3f:7e:ae:9f:54:25:19:
                    b0:44:f9:f0:b1:53:b9:a4:ba:2c:ee:64:30:ef:ce:
                    a1:a5:6e:fb:88:37:d8:58:4f:4a:56:15:ac:d3:59:
                    ce:ba:42:59:24:46:be:6e:42:6d:6d:5f:bd:68:01:
                    ec:aa:1d:10:8a:76:f7:90:59:cd:c7:f3:88:34:c3:
                    39:a8:e6:0b:e2:39:d8:9d:0e:37:06:80:e2:78:d5:
                    6f:ac:81:12:24:0e:df:df:bb:e3:9a:a9:97:47:3e:
                    d0:11:fd:2a:24:cd:d9:4d:78:73:0e:dc:db:97:64:
                    9d:ff:ac:4c:a9:bd:6d:d0:8a:88:11:d5:2b:54:44:
                    04:d9:3b:14:d3:b6:8f:0f:d6:f0:c9:f1:88:2c:0b:
                    34:a9:e4:33:46:9d:93:6c:32:d3:ca:16:4a:7f:cf:
                    86:08:94:fb:1c:98:46:ad:94:d8:80:d2:e7:b1:68:
                    89:e8:06:cb:47:af:72:f3:1a:ee:f7:88:29:3c:a5:
                    c3:f1:0f:db:29:90:c0:06:8e:6d:6d:78:46:33:90:
                    dc:11:ef:96:6f:c6:a8:9f:6c:e0:dd:c6:a0:92:15:
                    b1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:37:32:E0:C7:AB:02:97:E2:C4:BC:88:2B:D1:DD:F0:80:7B:E1:29
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e0124927-afa7-4267-814d-16ec9e0135d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:80:6c:44:49:d9:f9:6e:56:c8:92:76:01:f1:cb:ad:d5:e8:
         2a:8f:90:66:3b:0a:03:f8:5b:46:2b:2a:a1:9c:74:c6:45:43:
         d7:ae:82:e8:1c:a8:c3:25:73:7d:c0:1e:1c:22:77:93:fc:54:
         d8:6f:19:27:de:4f:b3:e4:45:87:6e:87:5d:c5:3b:0e:c9:91:
         8b:c7:c8:58:4e:88:34:dc:b0:47:4c:e4:6b:e1:aa:47:43:5a:
         24:25:95:66:29:37:45:35:6d:bf:d7:fb:60:32:f1:7e:ba:83:
         76:3f:16:2f:c1:cd:12:ed:92:5d:71:aa:cf:21:66:ca:3a:2c:
         9c:d2:d3:a3:8d:16:a3:1e:15:56:2b:e2:41:6b:f3:24:90:1d:
         19:76:50:6a:72:7a:a8:77:94:e3:7c:34:03:b1:52:76:60:f8:
         a8:16:6b:3d:22:ed:60:0f:d3:c1:bb:89:fb:13:d6:b6:5a:6b:
         2d:f4:69:f9:8e:40:ae:62:f4:72:0f:bc:06:1d:48:d2:9f:6a:
         6a:44:72:19:70:a8:da:f3:c8:f3:4c:3a:3c:5b:7d:5e:c9:f5:
         c3:c9:3e:e5:67:27:71:b0:c4:b8:a2:04:10:99:81:3d:05:06:
         f2:70:d5:0f:91:cd:81:e4:f6:4e:67:c3:b2:93:8a:d6:12:b1:
         ac:8b:56:f0
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUE/S32TTYUat4GFvHyjiWKWRDIFowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDIxMTI1MDA1WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTNlMDAwZWY1NTUwNmQxY2QxMzkxM2YxYmNkYjk0MTFi
ZGI5M2FhMWY1ZmRiOTkzYTEzMWJkNTM0MjIzNWU5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF1aJaSIkgIJbpBuust29XW0F1rB3JXHvuguX+zw33eVZ1
p3KdP36un1QlGbBE+fCxU7mkuizuZDDvzqGlbvuIN9hYT0pWFazTWc66QlkkRr5u
Qm1tX71oAeyqHRCKdveQWc3H84g0wzmo5gviOdidDjcGgOJ41W+sgRIkDt/fu+Oa
qZdHPtAR/SokzdlNeHMO3NuXZJ3/rEypvW3QiogR1StURATZOxTTto8P1vDJ8Ygs
CzSp5DNGnZNsMtPKFkp/z4YIlPscmEatlNiA0uexaInoBstHr3LzGu73iCk8pcPx
D9spkMAGjm1teEYzkNwR75ZvxqifbODdxqCSFbHRAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU9Tcy4MerApfixLyIK9Hd8IB74SkwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2UwMTI0OTI3LWFmYTctNDI2Ny04MTRkLTE2ZWM5ZTAxMzVkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAAIwDQYJKoZIhvcNAQELBQADggEBAFuAbERJ2fluVsiSdgHxy63V
6CqPkGY7CgP4W0YrKqGcdMZFQ9eugugcqMMlc33AHhwid5P8VNhvGSfeT7PkRYdu
h13FOw7JkYvHyFhOiDTcsEdM5GvhqkdDWiQllWYpN0U1bb/X+2Ay8X66g3Y/Fi/B
zRLtkl1xqs8hZso6LJzS06ONFqMeFVYr4kFr8ySQHRl2UGpyeqh3lON8NAOxUnZg
+KgWaz0i7WAP08G7ifsT1rZaay30afmOQK5i9HIPvAYdSNKfampEchlwqNrzyPNM
OjxbfV7J9cPJPuVnJ3GwxLiiBBCZgT0FBvJw1Q+RzYHk9k5nw7KTitYSsayLVvA=
-----END CERTIFICATE-----