Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
File:                     a86c8ffa-34ab-4a01-8f63-86207fe44159.roa (raw, json)
Hash identifier:          gy3tPrcTKGbywu78iAoREJFOziqPlcJGJLIbQ9Mpnok=
Subject key identifier:   A4:C2:02:BD:7E:0E:D4:7B:1D:FC:13:CF:43:5F:13:2B:48:62:87:1A
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       425D125527E9602F20D1233AF272DE46E7AB2F59
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
Signing time:             Wed 20 Aug 2025 00:20:45 +0000
ROA not before:           Wed 20 Aug 2025 00:20:45 +0000
ROA not after:            Wed 24 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:f40::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:5d:12:55:27:e9:60:2f:20:d1:23:3a:f2:72:de:46:e7:ab:2f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Aug 20 00:20:45 2025 GMT
            Not After : Sep 24 23:59:59 2025 GMT
        Subject: serialNumber=e3805905025eb83d9eec673ded5e66eba379d5aa7b480ca2b15c8a44601400d1, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c4:c5:85:d5:48:e8:16:39:ff:5a:74:d7:e0:
                    c5:4a:d2:1e:af:8a:25:6d:ec:60:52:09:30:07:6b:
                    05:2d:39:76:ec:8a:a4:9b:32:52:62:f9:b3:40:a4:
                    29:3a:2f:6f:c8:b5:95:5d:8a:95:90:f4:23:0e:68:
                    eb:1d:76:04:8b:f5:d7:65:7e:81:85:36:00:12:31:
                    fd:f9:ab:05:d0:92:c4:f2:c9:46:81:6b:28:95:61:
                    3f:84:cf:39:24:c9:0e:14:6e:6f:1d:bd:79:26:49:
                    66:e0:34:07:21:22:7b:90:a3:f1:7f:4b:1b:ff:3d:
                    d5:ae:c0:56:eb:b0:94:cc:7e:7f:ac:be:e1:06:90:
                    f4:50:84:0b:58:0f:e8:9f:37:47:78:8d:88:3f:b3:
                    ee:f9:6c:79:eb:8b:3a:5e:a7:d2:1c:bb:bb:50:72:
                    f4:df:8e:6d:72:88:15:d8:d9:d8:f1:e6:17:6e:34:
                    1f:1f:d2:a3:09:05:2a:93:5b:40:e9:0f:c0:53:2f:
                    14:ff:2c:58:da:95:27:7d:8c:15:65:cc:45:64:60:
                    62:93:1a:c8:f2:2c:37:63:a9:12:24:d6:20:c0:0c:
                    69:5f:fd:d7:1b:0b:bc:1d:20:f3:35:44:23:d2:ac:
                    8a:5d:28:aa:5e:8b:3b:61:25:89:1b:9d:e9:f4:cf:
                    58:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C2:02:BD:7E:0E:D4:7B:1D:FC:13:CF:43:5F:13:2B:48:62:87:1A
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40::/39

    Signature Algorithm: sha256WithRSAEncryption
         b0:da:c8:f9:c1:68:39:8e:93:7e:52:f4:39:be:73:f0:94:bd:
         c6:05:8a:2c:a9:19:17:2d:fe:76:bb:34:76:50:57:22:f7:49:
         f6:12:33:60:9b:01:15:fd:4f:70:46:cf:59:0b:79:f4:78:cd:
         70:12:bc:4f:24:1e:98:8e:9f:17:65:0b:35:6c:66:3a:40:a4:
         d0:df:ba:52:6c:32:7c:f6:b4:68:9a:5a:17:c7:5f:7a:c0:8b:
         2e:48:6b:6b:6d:1b:20:8a:1b:1a:5b:60:62:6a:4f:27:e2:1f:
         e4:e3:bf:2b:a8:5e:2e:ed:d6:29:4f:d7:5d:a2:35:28:a5:ac:
         46:70:6e:6b:fe:d6:52:b2:3a:27:0e:7f:88:f7:36:fb:d3:c4:
         3c:e4:e3:2f:5c:e6:8f:73:c4:85:a0:d1:bb:6c:63:e8:df:27:
         38:f5:fd:9d:43:ee:d7:04:eb:78:82:37:21:5e:3f:28:c3:f3:
         dc:3d:36:6c:4b:bc:1c:10:4d:4d:6f:36:9d:14:27:ca:87:7b:
         86:50:c6:8b:6e:4b:74:2e:07:c1:ec:c8:df:36:5b:54:04:67:
         b4:f2:24:1d:79:b2:43:63:0c:0b:de:ea:bb:0a:01:5b:26:e6:
         50:a9:6c:e3:1a:06:58:75:ca:7a:4e:9d:41:c0:f0:8f:0d:7b:
         af:ef:ba:30
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQl0SVSfpYC8g0SM68nLeRuerL1kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUwODIwMDAyMDQ1WhcNMjUwOTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzgwNTkwNTAyNWViODNkOWVlYzY3M2RlZDVlNjZlYmEz
NzlkNWFhN2I0ODBjYTJiMTVjOGE0NDYwMTQwMGQxMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4xMWF1UjoFjn/WnTX4MVK0h6viiVt7GBSCTAHawUtOXbs
iqSbMlJi+bNApCk6L2/ItZVdipWQ9CMOaOsddgSL9ddlfoGFNgASMf35qwXQksTy
yUaBayiVYT+EzzkkyQ4Ubm8dvXkmSWbgNAchInuQo/F/Sxv/PdWuwFbrsJTMfn+s
vuEGkPRQhAtYD+ifN0d4jYg/s+75bHnrizpep9Icu7tQcvTfjm1yiBXY2djx5hdu
NB8f0qMJBSqTW0DpD8BTLxT/LFjalSd9jBVlzEVkYGKTGsjyLDdjqRIk1iDADGlf
/dcbC7wdIPM1RCPSrIpdKKpeizthJYkbnen0z1iBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUpMICvX4O1Hsd/BPPQ18TK0hihxowHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjL2E4NmM4ZmZhLTM0YWItNGEwMS04ZjYzLTg2MjA3ZmU0NDE1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AADANBgkqhkiG9w0BAQsFAAOCAQEAsNrI+cFoOY6TflL0Ob5z8JS9
xgWKLKkZFy3+drs0dlBXIvdJ9hIzYJsBFf1PcEbPWQt59HjNcBK8TyQemI6fF2UL
NWxmOkCk0N+6UmwyfPa0aJpaF8dfesCLLkhra20bIIobGltgYmpPJ+If5OO/K6he
Lu3WKU/XXaI1KKWsRnBua/7WUrI6Jw5/iPc2+9PEPOTjL1zmj3PEhaDRu2xj6N8n
OPX9nUPu1wTreII3IV4/KMPz3D02bEu8HBBNTW82nRQnyod7hlDGi25LdC4HwezI
3zZbVARntPIkHXmyQ2MMC97quwoBWybmUKls4xoGWHXKek6dQcDwjw17r++6MA==
-----END CERTIFICATE-----