Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/59031a63-ea1a-4943-86ab-19221a23ca42.roa
File:                     59031a63-ea1a-4943-86ab-19221a23ca42.roa (raw, json)
Hash identifier:          QT8TRN1AwFzCh0NqKSgMx7+5EGRN69Y8ECBCmhj1H5E=
Subject key identifier:   0C:F0:C1:F4:46:47:B4:2B:8C:58:35:8A:FF:BF:D2:6F:F9:71:69:6D
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       3530462C1398C02627CCD0909451F4D1F686ED3C
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/59031a63-ea1a-4943-86ab-19221a23ca42.roa
Signing time:             Fri 10 Oct 2025 00:21:07 +0000
ROA not before:           Fri 10 Oct 2025 00:21:07 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:f40:8000::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:30:46:2c:13:98:c0:26:27:cc:d0:90:94:51:f4:d1:f6:86:ed:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Oct 10 00:21:07 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=6ba4912543427055307513155638630dd6b90fc5590fd77048b32a7341d38f68, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f9:7d:f2:79:22:a2:6b:8c:a4:d9:dc:f8:f5:
                    8c:db:6f:d9:10:fa:f3:fc:22:e3:64:5a:df:13:6e:
                    c0:99:e6:86:bc:6b:66:5e:72:e5:ed:6e:ba:1f:56:
                    4c:4a:ab:d3:01:a7:6e:f4:a4:75:08:f4:4b:31:69:
                    71:2a:c4:d5:87:f3:c0:08:0b:69:b3:c6:9d:ff:54:
                    65:d9:ad:f4:d4:a0:86:92:65:d3:cd:c4:ec:9b:11:
                    4e:80:f5:ce:cd:48:16:4b:1d:8c:c7:88:4a:7f:3f:
                    6b:6f:07:88:eb:74:24:92:7c:60:47:69:9d:05:d3:
                    91:1b:4a:58:5d:a2:12:97:0b:cb:84:61:cb:c1:fb:
                    61:ee:de:8b:d4:b4:d9:b6:cf:27:d9:9d:60:e6:01:
                    b9:0c:45:ed:06:3f:07:ce:49:80:81:c9:ce:19:7e:
                    f7:aa:9e:a2:08:32:17:3f:f2:1c:a1:14:01:f0:f3:
                    a9:c9:30:d2:66:62:34:9d:a8:af:7b:be:3a:78:37:
                    06:6b:8e:5b:6f:78:fb:6e:48:18:bd:68:27:92:a7:
                    a9:78:bf:45:e4:2c:69:30:71:d1:f3:6c:2e:1f:04:
                    d7:7c:b8:78:83:18:e0:a5:fb:f0:ee:1b:fa:a8:f7:
                    26:36:73:a1:fb:4b:d7:b3:23:52:00:79:38:c5:28:
                    63:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F0:C1:F4:46:47:B4:2B:8C:58:35:8A:FF:BF:D2:6F:F9:71:69:6D
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/59031a63-ea1a-4943-86ab-19221a23ca42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         22:76:ed:ce:b2:57:15:4e:fc:08:50:b8:77:af:e8:50:44:ca:
         a2:79:6a:b2:13:c9:f9:78:b8:fe:bf:8f:2a:38:44:01:60:98:
         43:d8:4b:86:0f:fa:7a:2b:be:7e:9f:df:8d:eb:fd:db:20:e4:
         a4:d6:b5:82:3f:88:14:4c:99:f0:c1:88:16:e2:a8:52:8f:35:
         5e:c5:47:f9:3e:b2:3f:26:10:27:ca:a2:5e:45:43:af:cf:61:
         3f:53:b8:b1:18:ad:6b:a1:65:a2:a2:bb:35:24:02:f3:43:5b:
         82:7a:e5:4c:13:1b:40:9f:53:d8:a7:57:62:12:26:5f:ac:19:
         41:75:5c:a4:39:8a:59:65:0f:e9:ab:97:02:80:6d:99:b7:94:
         d6:06:b8:4c:33:86:19:76:41:a3:33:8b:f9:df:ed:0b:21:3e:
         30:76:92:af:93:4f:96:cf:b9:19:ac:0c:97:ab:15:bc:cc:e4:
         49:69:70:30:01:f9:57:3a:a9:d9:cb:10:a3:2f:3e:ce:cf:b3:
         d6:5f:ef:1a:4b:5b:be:4b:8a:b3:7c:a4:80:aa:10:c2:b2:da:
         25:0d:93:fd:f8:d7:f5:96:7b:24:5b:b1:cd:57:c0:b6:e3:2b:
         5d:f2:ee:d9:e9:cf:c9:3d:f6:c3:ee:6d:39:24:cc:32:14:20:
         1f:bb:4c:29
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUNTBGLBOYwCYnzNCQlFH00faG7TwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUxMDEwMDAyMTA3WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmE0OTEyNTQzNDI3MDU1MzA3NTEzMTU1NjM4NjMwZGQ2
YjkwZmM1NTkwZmQ3NzA0OGIzMmE3MzQxZDM4ZjY4MS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF+X3yeSKia4yk2dz49Yzbb9kQ+vP8IuNkWt8TbsCZ5oa8
a2ZecuXtbrofVkxKq9MBp270pHUI9EsxaXEqxNWH88AIC2mzxp3/VGXZrfTUoIaS
ZdPNxOybEU6A9c7NSBZLHYzHiEp/P2tvB4jrdCSSfGBHaZ0F05EbSlhdohKXC8uE
YcvB+2Hu3ovUtNm2zyfZnWDmAbkMRe0GPwfOSYCByc4ZfveqnqIIMhc/8hyhFAHw
86nJMNJmYjSdqK97vjp4NwZrjltvePtuSBi9aCeSp6l4v0XkLGkwcdHzbC4fBNd8
uHiDGOCl+/DuG/qo9yY2c6H7S9ezI1IAeTjFKGOVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUDPDB9EZHtCuMWDWK/7/Sb/lxaW0wHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzU5MDMxYTYzLWVhMWEtNDk0My04NmFiLTE5MjIxYTIzY2E0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AgDANBgkqhkiG9w0BAQsFAAOCAQEAInbtzrJXFU78CFC4d6/oUETK
onlqshPJ+Xi4/r+PKjhEAWCYQ9hLhg/6eiu+fp/fjev92yDkpNa1gj+IFEyZ8MGI
FuKoUo81XsVH+T6yPyYQJ8qiXkVDr89hP1O4sRita6FloqK7NSQC80NbgnrlTBMb
QJ9T2KdXYhImX6wZQXVcpDmKWWUP6auXAoBtmbeU1ga4TDOGGXZBozOL+d/tCyE+
MHaSr5NPls+5GawMl6sVvMzkSWlwMAH5Vzqp2csQoy8+zs+z1l/vGktbvkuKs3yk
gKoQwrLaJQ2T/fjX9ZZ7JFuxzVfAtuMrXfLu2enPyT32w+5tOSTMMhQgH7tMKQ==
-----END CERTIFICATE-----