Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
File:                     a86c8ffa-34ab-4a01-8f63-86207fe44159.roa (raw, json)
Hash identifier:          aHFCy+nssm/JdAYP81jJgyBi92DHF2fLZK/tZZE5yhI=
Subject key identifier:   89:98:71:55:AD:11:D1:AC:E2:CC:52:39:B8:F8:06:2C:DB:FC:80:ED
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       014E98D03DA15E338647C5AAFD479CC2305C55BC
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
Signing time:             Fri 10 Oct 2025 00:21:06 +0000
ROA not before:           Fri 10 Oct 2025 00:21:06 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:f40::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:4e:98:d0:3d:a1:5e:33:86:47:c5:aa:fd:47:9c:c2:30:5c:55:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Oct 10 00:21:06 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=e36582fceaef1cb8fe1aea6abc0c922294e30a4d2cfe34b26474e23a6cbdfced, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8e:cd:83:47:67:13:e1:1a:58:bb:06:32:e7:
                    30:65:ab:f5:bf:ed:d3:41:81:f1:38:33:dc:cd:47:
                    aa:91:89:92:4a:20:15:a4:e9:5c:9a:42:96:b6:0c:
                    a0:2e:83:29:3f:02:7c:14:30:6a:a1:51:90:1e:90:
                    70:23:bd:bf:a3:0f:24:51:35:aa:40:59:6d:90:fe:
                    46:45:5f:45:f2:d6:23:f9:43:97:14:27:7a:a4:08:
                    30:d1:6a:47:14:14:89:49:2b:1d:3a:13:e4:91:f4:
                    68:51:4a:f6:6e:31:44:55:7f:cc:c6:ab:33:2b:b9:
                    b8:f7:1c:f1:b4:9f:45:97:c0:5b:e4:b2:a7:6f:58:
                    07:92:d1:4c:e9:e8:cc:e3:fe:dd:24:d7:92:f1:ce:
                    27:3c:e1:35:e9:c2:90:93:ab:8e:ca:fc:2f:09:ef:
                    5c:7d:5c:43:ba:c8:6e:8c:ce:e1:d7:68:f9:fd:57:
                    12:e7:d0:ee:2f:49:4b:ed:89:42:98:d5:21:c2:b4:
                    b1:25:37:53:8f:82:50:38:ac:9b:e7:ce:ff:86:34:
                    f3:b0:44:de:1f:db:91:08:2a:36:fe:a1:71:06:5a:
                    61:d7:a8:d8:d3:73:8f:36:6a:e5:9f:aa:9e:a7:09:
                    d4:d9:a6:43:57:db:cd:93:91:ef:ac:d8:03:ee:7f:
                    4d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:98:71:55:AD:11:D1:AC:E2:CC:52:39:B8:F8:06:2C:DB:FC:80:ED
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40::/39

    Signature Algorithm: sha256WithRSAEncryption
         7d:04:c8:a0:55:cc:7d:17:86:a8:17:77:1d:51:71:0d:57:42:
         a7:76:eb:d8:5f:ce:93:df:e8:98:db:3e:c8:8a:2d:60:a6:26:
         42:72:65:69:45:65:0b:54:cb:f3:8d:7c:41:fb:c3:c4:06:11:
         ef:1d:01:d5:f8:e6:9c:cd:a8:4f:63:e0:2e:33:6e:76:90:36:
         78:c7:07:14:6d:32:c8:8f:39:92:e7:50:5d:6b:24:c0:74:3b:
         c2:59:25:51:96:40:9e:13:95:01:6f:6b:b3:3b:4c:1b:03:3f:
         4c:f8:05:22:6e:69:dd:7c:0e:bc:f1:54:a3:01:43:27:f4:9b:
         3d:ca:4f:dc:0d:fd:27:d4:a0:29:60:83:63:22:d3:20:41:52:
         c3:a9:4e:c5:44:58:68:db:8e:a5:b6:7c:c5:55:a4:a7:ed:66:
         37:ef:a9:8d:0b:b9:81:ab:0f:55:5f:50:e9:7b:db:c5:2c:08:
         fc:bc:09:a3:82:70:04:11:d7:ab:0e:9c:97:d8:85:19:51:28:
         3a:3a:61:9c:93:1d:c1:18:2b:10:46:41:28:c2:96:c4:1c:b0:
         3a:0a:7f:c5:6a:68:2b:79:c4:c9:e4:b3:50:4d:ef:f0:f5:1c:
         4f:2a:0d:c3:e9:55:57:ca:9f:c1:7d:44:10:d5:05:7b:a8:fa:
         7e:7f:bf:c1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUAU6Y0D2hXjOGR8Wq/UecwjBcVbwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUxMDEwMDAyMTA2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzY1ODJmY2VhZWYxY2I4ZmUxYWVhNmFiYzBjOTIyMjk0
ZTMwYTRkMmNmZTM0YjI2NDc0ZTIzYTZjYmRmY2VkMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqjs2DR2cT4RpYuwYy5zBlq/W/7dNBgfE4M9zNR6qRiZJK
IBWk6VyaQpa2DKAugyk/AnwUMGqhUZAekHAjvb+jDyRRNapAWW2Q/kZFX0Xy1iP5
Q5cUJ3qkCDDRakcUFIlJKx06E+SR9GhRSvZuMURVf8zGqzMrubj3HPG0n0WXwFvk
sqdvWAeS0Uzp6Mzj/t0k15Lxzic84TXpwpCTq47K/C8J71x9XEO6yG6MzuHXaPn9
VxLn0O4vSUvtiUKY1SHCtLElN1OPglA4rJvnzv+GNPOwRN4f25EIKjb+oXEGWmHX
qNjTc482auWfqp6nCdTZpkNX282Tke+s2APuf001AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUiZhxVa0R0azizFI5uPgGLNv8gO0wHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjL2E4NmM4ZmZhLTM0YWItNGEwMS04ZjYzLTg2MjA3ZmU0NDE1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AADANBgkqhkiG9w0BAQsFAAOCAQEAfQTIoFXMfReGqBd3HVFxDVdC
p3br2F/Ok9/omNs+yIotYKYmQnJlaUVlC1TL8418QfvDxAYR7x0B1fjmnM2oT2Pg
LjNudpA2eMcHFG0yyI85kudQXWskwHQ7wlklUZZAnhOVAW9rsztMGwM/TPgFIm5p
3XwOvPFUowFDJ/SbPcpP3A39J9SgKWCDYyLTIEFSw6lOxURYaNuOpbZ8xVWkp+1m
N++pjQu5gasPVV9Q6XvbxSwI/LwJo4JwBBHXqw6cl9iFGVEoOjphnJMdwRgrEEZB
KMKWxBywOgp/xWpoK3nEyeSzUE3v8PUcTyoNw+lVV8qfwX1EENUFe6j6fn+/wQ==
-----END CERTIFICATE-----