Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa
File:                     a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa (raw, json)
Hash identifier:          8kb5nOq3Rgj6e1QKsuF4c72Tf1cEQoNVR2ihoIR+MNI=
Subject key identifier:   CB:01:E0:E6:C0:4E:83:48:9F:EB:35:AB:E5:54:E7:95:B0:20:75:32
Certificate issuer:       /CN=6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267
Certificate serial:       7E1FF59C776865BCF4220E367EAF24484D4FB4A6
Authority key identifier: 6D:CA:65:D0:71:4D:7E:F2:56:90:BC:09:13:D3:54:DB:AC:89:2A:5E
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa
Signing time:             Tue 21 Oct 2025 00:20:28 +0000
ROA not before:           Tue 21 Oct 2025 00:20:28 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:c940::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/5d7wm5lPjPYLrYyQKcAGV3ULImc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/5d7wm5lPjPYLrYyQKcAGV3ULImc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/7276b2fa-548d-4970-8314-8d73945c34d8.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/7276b2fa-548d-4970-8314-8d73945c34d8.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/746e0111-fafb-430f-b778-d204cfcd99a8.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/746e0111-fafb-430f-b778-d204cfcd99a8.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 06:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:1f:f5:9c:77:68:65:bc:f4:22:0e:36:7e:af:24:48:4d:4f:b4:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267
        Validity
            Not Before: Oct 21 00:20:28 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=9f8e1a43f3b8a830e5fdd82fc786993eff18b21bf71188f7fcde72c5b32f5171, CN=15f1683a-c0c2-4266-9a96-ecf9eba3239c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9e:91:85:5f:f4:b6:e0:37:62:0c:e1:17:1c:
                    70:09:af:ac:41:69:3e:6e:0b:d7:cd:2e:24:db:90:
                    6f:fd:bd:07:c6:c8:21:9b:26:78:ce:90:64:7f:92:
                    9b:31:09:a3:c8:39:e8:94:45:8f:0c:af:e3:1e:0c:
                    6a:56:39:fb:24:b5:d8:b6:ef:2c:01:a8:af:29:20:
                    12:be:11:61:30:36:37:78:54:42:5f:ba:e2:c9:37:
                    41:de:d3:29:c0:b8:2d:a4:24:ca:a1:ea:a3:2e:64:
                    62:7e:c9:ca:3c:43:fd:1f:25:dc:a7:5a:17:07:81:
                    41:57:fc:02:22:11:cd:65:ee:a3:09:c3:d4:fc:2a:
                    fc:cc:6d:e5:d5:b9:5e:18:0e:81:00:f1:d5:68:fb:
                    90:e5:e2:e5:da:a1:80:06:6b:64:3a:aa:f2:0b:6c:
                    ec:3d:c0:43:63:8d:1b:c4:fc:42:e7:9c:42:0b:ae:
                    39:ee:63:c0:25:a1:e3:56:07:97:b3:41:a2:f0:7f:
                    f0:62:bd:20:28:62:c7:70:ec:b6:37:b7:ec:e9:fe:
                    ae:e2:f2:d3:3f:8a:61:ec:8a:2a:fb:3e:c6:e7:ed:
                    e3:2b:98:ab:23:c4:2f:c1:f6:b4:05:a1:ee:f6:45:
                    dd:06:a0:58:30:29:be:f0:59:32:d0:47:0c:c3:72:
                    05:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:01:E0:E6:C0:4E:83:48:9F:EB:35:AB:E5:54:E7:95:B0:20:75:32
            X509v3 Authority Key Identifier:
                keyid:6D:CA:65:D0:71:4D:7E:F2:56:90:BC:09:13:D3:54:DB:AC:89:2A:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/a8ff9337-21d8-4d5e-b988-d1a983d73aea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/5d7wm5lPjPYLrYyQKcAGV3ULImc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:c940::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:18:f1:1f:52:bc:c3:e1:0d:57:24:94:2d:96:35:3b:28:66:
         77:10:47:41:3c:b8:0f:ee:b7:86:ab:e8:44:f3:af:86:db:2c:
         97:37:33:0d:93:61:0e:5c:4e:f2:83:60:df:3c:fc:60:bf:e3:
         f6:5a:0f:18:48:6f:1b:85:49:a0:d9:6b:9f:4a:f5:df:48:3c:
         28:b2:f7:ca:90:d9:f4:80:d2:66:39:c3:10:f9:4f:be:78:85:
         c1:f9:d3:fe:68:d0:03:3f:15:15:65:50:2e:52:72:57:c0:3b:
         68:ee:49:46:3e:70:da:70:c8:f7:63:e6:31:01:79:16:1d:78:
         67:fa:4f:fc:42:26:55:e8:a7:13:4b:30:f3:12:45:08:96:9c:
         a1:5c:0a:6a:88:75:17:f7:f9:c1:1d:29:85:67:b8:29:a0:bb:
         02:8d:49:00:b6:25:21:8d:7d:32:90:39:68:f7:bd:49:f7:ad:
         45:50:74:9f:35:d1:15:5a:f0:c2:33:a0:fb:46:98:5e:c0:48:
         d1:be:df:2c:b6:fc:69:a5:b2:73:22:d1:bc:50:99:54:53:f3:
         04:1f:0a:97:61:4d:91:5c:b1:ef:8b:9d:a7:de:1d:02:8a:f7:
         e2:8e:72:d6:3b:3f:4e:87:43:52:d5:54:a7:73:de:ba:8b:fb:
         7b:9a:d3:bc
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUfh/1nHdoZbz0Ig42fq8kSE1PtKYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmY5Yjk4NWIwZmU1ZGVmMDliOTk0ZjhjZjYwYmFkOGM5
MDI5YzAwNjU3NzUwYjIyNjcwHhcNMjUxMDIxMDAyMDI4WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjhlMWE0M2YzYjhhODMwZTVmZGQ4MmZjNzg2OTkzZWZm
MThiMjFiZjcxMTg4ZjdmY2RlNzJjNWIzMmY1MTcxMS0wKwYDVQQDEyQxNWYxNjgz
YS1jMGMyLTQyNjYtOWE5Ni1lY2Y5ZWJhMzIzOWMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDnpGFX/S24DdiDOEXHHAJr6xBaT5uC9fNLiTbkG/9vQfG
yCGbJnjOkGR/kpsxCaPIOeiURY8Mr+MeDGpWOfsktdi27ywBqK8pIBK+EWEwNjd4
VEJfuuLJN0He0ynAuC2kJMqh6qMuZGJ+yco8Q/0fJdynWhcHgUFX/AIiEc1l7qMJ
w9T8KvzMbeXVuV4YDoEA8dVo+5Dl4uXaoYAGa2Q6qvILbOw9wENjjRvE/ELnnEIL
rjnuY8AloeNWB5ezQaLwf/BivSAoYsdw7LY3t+zp/q7i8tM/imHsiir7Psbn7eMr
mKsjxC/B9rQFoe72Rd0GoFgwKb7wWTLQRwzDcgXxAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUywHg5sBOg0if6zWr5VTnlbAgdTIwHwYDVR0jBBgwFoAUbcpl0HFNfvJW
kLwJE9NU26yJKl4wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83Mjc2YjJmYS01
NDhkLTQ5NzAtODMxNC04ZDczOTQ1YzM0ZDgvNmY5Yjk4NWIwZmU1ZGVmMDliOTk0
ZjhjZjYwYmFkOGM5MDI5YzAwNjU3NzUwYjIyNjcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjNmNmI2ODgtY2ZmNC00MDJmLTk3ZDUtMDJm
NmYxODg2YjdlL2E4ZmY5MzM3LTIxZDgtNGQ1ZS1iOTg4LWQxYTk4M2Q3M2FlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2IzZjZiNjg4LWNmZjQtNDAyZi05N2Q1
LTAyZjZmMTg4NmI3ZS81ZDd3bTVsUGpQWUxyWXlRS2NBR1YzVUxJbWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmBclAMA0GCSqGSIb3DQEBCwUAA4IBAQAfGPEfUrzD4Q1XJJQtljU7KGZ3
EEdBPLgP7reGq+hE86+G2yyXNzMNk2EOXE7yg2DfPPxgv+P2Wg8YSG8bhUmg2Wuf
SvXfSDwosvfKkNn0gNJmOcMQ+U++eIXB+dP+aNADPxUVZVAuUnJXwDto7klGPnDa
cMj3Y+YxAXkWHXhn+k/8QiZV6KcTSzDzEkUIlpyhXApqiHUX9/nBHSmFZ7gpoLsC
jUkAtiUhjX0ykDlo971J961FUHSfNdEVWvDCM6D7RphewEjRvt8stvxppbJzItG8
UJlUU/MEHwqXYU2RXLHvi52n3h0CivfijnLWOz9Oh0NS1VSnc966i/t7mtO8
-----END CERTIFICATE-----