Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/8897ce36-4222-47c3-aea1-39b6d945af11.roa
File:                     8897ce36-4222-47c3-aea1-39b6d945af11.roa (raw, json)
Hash identifier:          f9TBQ6V4QRmFxKpPuvkTYcohLS5mSe1dLKg70LBZi9k=
Subject key identifier:   6E:10:88:15:03:96:42:8D:21:EA:18:13:DA:36:3F:0D:A8:90:13:90
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       258A50A7810D5B88C124BB7C9A067EAF7FB45B07
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/8897ce36-4222-47c3-aea1-39b6d945af11.roa
Signing time:             Sun 03 May 2026 00:11:07 +0000
ROA not before:           Sun 03 May 2026 00:11:07 +0000
ROA not after:            Sat 01 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:291e::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 04 May 2026 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:8a:50:a7:81:0d:5b:88:c1:24:bb:7c:9a:06:7e:af:7f:b4:5b:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: May  3 00:11:07 2026 GMT
            Not After : Aug  1 23:59:59 2026 GMT
        Subject: serialNumber=c7b8493c01eac7cd90b383af988aaf6f76cac5c6cf6331dbfe9159c66d170bf2, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:53:d6:fb:dc:de:3d:c8:89:ec:c5:df:ac:2d:
                    8b:c5:69:90:4d:09:d9:18:dd:f6:1d:9a:f8:e3:89:
                    63:23:cb:55:ec:18:04:39:72:ea:fd:ee:6c:88:d8:
                    e6:fe:31:9e:1d:a0:6c:86:e7:80:cf:b4:41:6b:72:
                    f4:79:c8:0d:33:a3:82:07:49:ba:6e:8c:13:00:67:
                    c7:c2:49:77:e0:a6:15:0d:db:7e:35:64:71:38:e7:
                    db:75:ec:99:1f:94:df:f9:f7:e9:1b:16:fa:a6:73:
                    aa:e7:bb:62:a6:c1:c9:fb:0b:33:a3:61:bd:14:57:
                    4f:b8:80:71:3d:85:83:13:21:4d:fb:38:ef:25:7b:
                    7b:ce:05:77:1f:a3:2a:de:eb:d1:51:85:09:f9:cf:
                    a2:eb:b6:34:c2:3b:1d:23:a2:0e:79:13:03:48:b8:
                    4a:d5:2d:e1:ae:98:0e:b6:26:eb:ce:82:56:7f:39:
                    e3:cc:e4:e6:31:3e:cd:4a:5a:0a:e3:66:ef:6e:2a:
                    5e:d3:2c:9c:55:e4:7e:88:b2:bf:19:68:5a:cd:8a:
                    67:a2:a6:3e:9b:b2:2f:62:e8:e9:aa:c3:cd:64:ff:
                    1b:82:e6:cd:b2:d9:4e:05:0b:36:37:69:35:34:c8:
                    39:31:63:84:dc:ca:a2:d1:4f:21:5b:1f:2c:88:12:
                    f7:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:10:88:15:03:96:42:8D:21:EA:18:13:DA:36:3F:0D:A8:90:13:90
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/8897ce36-4222-47c3-aea1-39b6d945af11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:291e::/47

    Signature Algorithm: sha256WithRSAEncryption
         75:57:e2:13:a0:de:1c:f5:9a:5c:b2:57:1a:ff:1e:3b:73:53:
         62:14:f5:00:d8:d7:55:b3:73:60:28:0c:40:ff:81:be:c7:22:
         5e:34:a9:c6:8e:e2:f8:45:a4:df:df:93:7e:50:58:c6:3d:6d:
         5e:1f:f0:9a:17:51:e1:a7:82:c2:ca:5a:1a:a7:e9:3a:2e:e3:
         0a:93:c0:0e:dd:40:3f:29:96:e8:f3:98:ff:a5:ef:79:40:0e:
         11:91:f3:1e:fc:35:78:1e:95:c4:32:e5:4a:65:e8:f9:ff:8e:
         31:90:ea:92:a8:32:1f:27:6b:b4:a9:31:3b:1b:27:95:83:f1:
         1f:a9:4c:8a:2b:12:ca:7b:63:76:3a:8a:0b:be:06:ad:ce:0f:
         dc:95:12:32:6f:a9:17:d3:48:f6:67:f4:04:ec:43:7f:63:d9:
         ea:16:b2:2a:a0:da:f0:d6:7e:78:7a:46:a8:c0:e3:57:b7:c0:
         4b:5f:45:6c:d6:5d:bd:e6:4d:96:42:9a:04:fe:a0:92:3e:6f:
         2b:3f:88:db:39:7a:7a:98:28:ec:0a:ee:7b:a6:d9:c0:c5:fa:
         21:df:f8:8b:20:c9:c6:88:0f:a0:ce:8f:f2:4b:9a:f5:da:bd:
         31:e8:b8:1d:b3:e6:53:d7:f9:db:dc:53:2a:0c:da:0e:b8:66:
         ec:7c:ea:f9
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJYpQp4ENW4jBJLt8mgZ+r3+0WwcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjYwNTAzMDAxMTA3WhcNMjYwODAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjN2I4NDkzYzAxZWFjN2NkOTBiMzgzYWY5ODhhYWY2Zjc2
Y2FjNWM2Y2Y2MzMxZGJmZTkxNTljNjZkMTcwYmYyMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPU9b73N49yInsxd+sLYvFaZBNCdkY3fYdmvjjiWMjy1Xs
GAQ5cur97myI2Ob+MZ4doGyG54DPtEFrcvR5yA0zo4IHSbpujBMAZ8fCSXfgphUN
2341ZHE459t17JkflN/59+kbFvqmc6rnu2Kmwcn7CzOjYb0UV0+4gHE9hYMTIU37
OO8le3vOBXcfoyre69FRhQn5z6LrtjTCOx0jog55EwNIuErVLeGumA62JuvOglZ/
OePM5OYxPs1KWgrjZu9uKl7TLJxV5H6Isr8ZaFrNimeipj6bsi9i6Omqw81k/xuC
5s2y2U4FCzY3aTU0yDkxY4TcyqLRTyFbHyyIEvclAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUbhCIFQOWQo0h6hgT2jY/DaiQE5AwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1Lzg4OTdjZTM2LTQyMjItNDdjMy1hZWExLTM5YjZkOTQ1YWYxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAKR4wDQYJKoZIhvcNAQELBQADggEBAHVX4hOg3hz1mlyyVxr/Hjtz
U2IU9QDY11Wzc2AoDED/gb7HIl40qcaO4vhFpN/fk35QWMY9bV4f8JoXUeGngsLK
Whqn6Tou4wqTwA7dQD8plujzmP+l73lADhGR8x78NXgelcQy5Upl6Pn/jjGQ6pKo
Mh8na7SpMTsbJ5WD8R+pTIorEsp7Y3Y6igu+Bq3OD9yVEjJvqRfTSPZn9ATsQ39j
2eoWsiqg2vDWfnh6RqjA41e3wEtfRWzWXb3mTZZCmgT+oJI+bys/iNs5enqYKOwK
7num2cDF+iHf+IsgycaID6DOj/JLmvXavTHouB2z5lPX+dvcUyoM2g64Zux86vk=
-----END CERTIFICATE-----