Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a24442-56c6-46d4-9923-f4d5b17fd850.roa
File:                     f8a24442-56c6-46d4-9923-f4d5b17fd850.roa (raw, json)
Hash identifier:          9i/GuitfUGiEBbQbcZ9P5DznBFds/hFfFO0SaG1554g=
Subject key identifier:   DB:CB:D5:83:05:56:DD:78:FC:1D:E3:E5:11:A5:3D:84:E9:CC:52:4B
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       523C85103094F4DAF1A359323904565EE687A4DB
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a24442-56c6-46d4-9923-f4d5b17fd850.roa
Signing time:             Fri 26 Sep 2025 18:10:51 +0000
ROA not before:           Fri 26 Sep 2025 18:10:51 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:6010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:3c:85:10:30:94:f4:da:f1:a3:59:32:39:04:56:5e:e6:87:a4:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 26 18:10:51 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e83d5f627055d8325519af664779a3b20e421cf4121947d5df1d08a458e259da, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e8:9a:32:34:68:88:9d:96:2e:af:b0:4a:4d:
                    98:3e:ba:47:6b:f0:45:eb:dc:64:dc:04:fc:33:8e:
                    11:3c:e0:02:18:0d:ab:a3:17:ca:84:75:2c:a6:71:
                    96:d3:45:7f:b9:56:1b:a0:20:05:4a:4c:cf:77:65:
                    09:dd:8c:29:0e:fd:01:7b:56:5d:e5:f4:b9:67:a2:
                    d0:1c:7e:30:dd:fa:c2:ba:f3:9d:2b:64:36:d7:16:
                    24:c1:91:33:ed:a0:6d:d8:b3:a3:40:81:64:97:b3:
                    06:59:e3:4e:fa:47:2c:ea:e1:13:a1:b6:41:76:ed:
                    b8:15:00:17:c2:70:da:bd:e4:46:5c:7c:5c:0e:cf:
                    6f:68:29:56:8b:37:9f:65:8a:19:65:8f:30:e8:51:
                    bd:b9:cd:ee:85:df:7f:d4:8e:63:ff:cf:43:ac:d9:
                    8b:6b:7a:2c:67:35:03:e9:70:f3:4d:18:e6:8a:64:
                    b9:a9:74:c2:30:1f:8c:dc:81:c7:be:68:cf:2f:b6:
                    6c:24:53:67:30:34:5f:24:41:5e:8b:28:0d:03:3d:
                    e6:34:7a:a5:e7:66:9d:a8:d8:47:25:3e:c1:ae:c3:
                    76:ba:0d:58:28:24:41:c6:ac:8a:70:36:4d:b1:b3:
                    b6:05:38:99:ab:00:7c:a9:67:90:5a:d0:04:db:bf:
                    50:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:CB:D5:83:05:56:DD:78:FC:1D:E3:E5:11:A5:3D:84:E9:CC:52:4B
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a24442-56c6-46d4-9923-f4d5b17fd850.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6010::/44

    Signature Algorithm: sha256WithRSAEncryption
         98:2c:dd:78:fc:fa:95:43:bd:c2:0a:b0:1d:18:30:0f:a9:9e:
         7f:58:fb:3c:0b:4a:9f:39:3e:68:60:94:6f:65:ae:7f:32:81:
         06:3e:91:90:4d:70:d5:41:03:1b:9d:7a:d2:03:8d:10:b6:69:
         c8:36:32:43:5b:e1:2f:67:84:7c:2c:04:98:48:3c:fe:04:c2:
         bf:20:45:fa:17:a4:94:4c:69:69:3f:64:65:4a:2f:00:d2:1b:
         f5:7a:85:b6:42:16:ca:8e:30:97:31:a3:b7:f4:38:de:a5:8a:
         70:1a:42:d2:3c:69:18:e0:39:6a:ac:37:01:6a:68:46:e7:b2:
         e4:9a:41:6d:64:62:32:e6:31:9d:80:91:9e:53:0a:64:8c:54:
         e2:05:e9:ad:90:be:de:9f:8c:c5:48:ea:91:a1:62:f6:f9:78:
         4f:f0:55:90:6a:95:46:3f:b5:b0:64:e6:4a:98:4d:60:d7:07:
         ee:fa:13:d8:0c:af:c7:d4:b2:97:1e:f3:c8:7e:be:29:cd:42:
         a8:36:a0:83:2e:37:97:46:ed:dd:61:af:04:6e:da:2b:48:32:
         aa:d6:1f:5b:f6:3d:04:e6:32:d1:60:33:bc:cb:5e:3a:4a:d6:
         53:ee:38:ce:86:05:67:76:48:42:3f:b5:c3:db:d9:a2:8c:a6:
         58:0f:8b:d8
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUUjyFEDCU9Nrxo1kyOQRWXuaHpNswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI2MTgxMDUxWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlODNkNWY2MjcwNTVkODMyNTUxOWFmNjY0Nzc5YTNiMjBl
NDIxY2Y0MTIxOTQ3ZDVkZjFkMDhhNDU4ZTI1OWRhMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDT6JoyNGiInZYur7BKTZg+ukdr8EXr3GTcBPwzjhE84AIY
DaujF8qEdSymcZbTRX+5VhugIAVKTM93ZQndjCkO/QF7Vl3l9LlnotAcfjDd+sK6
850rZDbXFiTBkTPtoG3Ys6NAgWSXswZZ4076Ryzq4ROhtkF27bgVABfCcNq95EZc
fFwOz29oKVaLN59lihlljzDoUb25ze6F33/UjmP/z0Os2YtreixnNQPpcPNNGOaK
ZLmpdMIwH4zcgce+aM8vtmwkU2cwNF8kQV6LKA0DPeY0eqXnZp2o2EclPsGuw3a6
DVgoJEHGrIpwNk2xs7YFOJmrAHypZ5Ba0ATbv1DPAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU28vVgwVW3Xj8HePlEaU9hOnMUkswHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2Y4YTI0NDQyLTU2YzYtNDZkNC05OTIzLWY0ZDViMTdmZDg1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDwYBAwDQYJKoZIhvcNAQELBQADggEBAJgs3Xj8+pVDvcIKsB0YMA+p
nn9Y+zwLSp85PmhglG9lrn8ygQY+kZBNcNVBAxudetIDjRC2acg2MkNb4S9nhHws
BJhIPP4Ewr8gRfoXpJRMaWk/ZGVKLwDSG/V6hbZCFsqOMJcxo7f0ON6linAaQtI8
aRjgOWqsNwFqaEbnsuSaQW1kYjLmMZ2AkZ5TCmSMVOIF6a2Qvt6fjMVI6pGhYvb5
eE/wVZBqlUY/tbBk5kqYTWDXB+76E9gMr8fUspce88h+vinNQqg2oIMuN5dG7d1h
rwRu2itIMqrWH1v2PQTmMtFgM7zLXjpK1lPuOM6GBWd2SEI/tcPb2aKMplgPi9g=
-----END CERTIFICATE-----