Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/d904f993-5ca9-4bad-8c47-2d2c6ef58b2e.roa
File:                     d904f993-5ca9-4bad-8c47-2d2c6ef58b2e.roa (raw, json)
Hash identifier:          5nIJprtnzhHgjOiWyZPmEmQcZTSIJ8neOwIaHwg39RA=
Subject key identifier:   9C:41:1A:FD:F2:9E:72:8F:F5:FB:F3:0E:1F:15:C5:78:05:FA:40:CF
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       26CAE239B71FCAD5DB38CFC904464970BCF19CDD
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/d904f993-5ca9-4bad-8c47-2d2c6ef58b2e.roa
Signing time:             Fri 10 Oct 2025 00:21:07 +0000
ROA not before:           Fri 10 Oct 2025 00:21:07 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/76fe11d4-d352-4994-8f6c-d6c91b0b8415.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ca:e2:39:b7:1f:ca:d5:db:38:cf:c9:04:46:49:70:bc:f1:9c:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Oct 10 00:21:07 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=4a1d5c1f9f0920f44a8faf936aff061c0b497c77db5cfb640c871e2a81fe6806, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d7:c0:82:06:04:27:34:b9:cd:f7:95:3e:ee:
                    4e:bc:81:40:19:dc:a7:34:b0:8c:a0:7b:cb:38:71:
                    a8:e0:fb:9a:df:28:6f:0c:98:dc:cf:49:c5:18:b9:
                    eb:c4:20:3e:03:70:ea:19:e3:e4:f4:b3:a4:02:b2:
                    33:f8:1f:ad:4e:b0:2d:eb:c4:73:c9:b3:89:0a:e6:
                    e8:58:6a:cd:cb:c4:e7:53:e9:2b:d5:d3:54:6e:21:
                    c5:f6:28:7a:17:45:3a:76:f1:29:2d:6c:de:76:f3:
                    92:f5:32:ae:c5:e4:0d:eb:35:e6:7b:08:29:86:fd:
                    9d:e9:0f:93:fb:ac:67:7b:b6:12:54:5f:eb:a5:fa:
                    12:41:b0:5e:14:6e:30:a1:e6:d2:ff:92:f3:6a:d5:
                    83:2a:f6:fa:74:8e:14:5a:78:9a:cd:65:9a:a3:6c:
                    ba:ae:84:66:bb:21:3b:45:ef:a6:14:d3:7d:eb:36:
                    d6:a5:8a:44:81:c6:1f:78:ed:74:c8:c2:f8:1e:a0:
                    05:6d:9f:63:d5:72:d5:65:79:3d:6d:4c:2e:21:6f:
                    89:4f:bf:de:f4:81:31:b8:1f:1f:0a:e0:e0:5e:e1:
                    a2:f2:46:81:02:90:4f:ed:a6:f9:4d:35:ac:73:53:
                    a5:e9:08:d1:6d:8d:3d:09:c8:24:24:fe:8e:1c:08:
                    26:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:41:1A:FD:F2:9E:72:8F:F5:FB:F3:0E:1F:15:C5:78:05:FA:40:CF
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/d904f993-5ca9-4bad-8c47-2d2c6ef58b2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40::/39

    Signature Algorithm: sha256WithRSAEncryption
         38:9b:55:6f:75:4b:ee:8e:86:26:cf:3b:e4:2b:b5:17:46:45:
         5b:17:c5:97:9c:90:8e:38:7a:bd:8c:c7:b6:a6:b7:2a:16:f4:
         99:ba:94:ed:47:53:a5:a6:3b:c4:e1:36:e7:58:7f:25:84:2c:
         fc:55:e2:25:93:51:ff:37:a1:b2:20:0e:ba:ed:b7:7f:a3:ef:
         9d:81:ae:55:c7:c5:4e:c1:aa:f0:ae:98:57:ee:d7:5e:b3:a6:
         d8:33:f1:f9:77:10:4a:4e:e8:d2:d0:2b:2a:e8:21:40:68:d7:
         30:4f:0c:2b:c9:df:0b:46:72:58:34:59:27:5c:15:bc:61:0a:
         4d:eb:af:ff:f5:d4:26:2a:b0:2b:99:69:4f:5f:79:9f:e2:ba:
         f2:2e:a3:f5:ca:1e:32:65:ab:cb:03:1d:cb:8d:04:93:3c:16:
         57:65:91:24:af:51:44:6f:b4:fa:ec:57:04:8d:f8:d4:46:5d:
         44:39:8b:68:31:6d:a6:79:f6:ff:47:1f:89:32:a6:02:68:e2:
         7b:4c:f3:bb:d5:78:ba:2e:34:63:de:82:cf:ca:31:f1:b4:1a:
         c3:d0:4a:81:d7:d0:43:ef:84:d7:87:21:af:29:f0:0b:c3:7d:
         af:dd:18:71:b9:fc:ef:0b:9a:87:8d:6c:c3:34:b0:fd:18:87:
         29:58:db:b8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJsriObcfytXbOM/JBEZJcLzxnN0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUxMDEwMDAyMTA3WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTFkNWMxZjlmMDkyMGY0NGE4ZmFmOTM2YWZmMDYxYzBi
NDk3Yzc3ZGI1Y2ZiNjQwYzg3MWUyYTgxZmU2ODA2MS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDX18CCBgQnNLnN95U+7k68gUAZ3Kc0sIyge8s4cajg+5rf
KG8MmNzPScUYuevEID4DcOoZ4+T0s6QCsjP4H61OsC3rxHPJs4kK5uhYas3LxOdT
6SvV01RuIcX2KHoXRTp28SktbN5285L1Mq7F5A3rNeZ7CCmG/Z3pD5P7rGd7thJU
X+ul+hJBsF4UbjCh5tL/kvNq1YMq9vp0jhRaeJrNZZqjbLquhGa7ITtF76YU033r
NtalikSBxh947XTIwvgeoAVtn2PVctVleT1tTC4hb4lPv970gTG4Hx8K4OBe4aLy
RoECkE/tpvlNNaxzU6XpCNFtjT0JyCQk/o4cCCanAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUnEEa/fKeco/1+/MOHxXFeAX6QM8wHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjL2Q5MDRmOTkzLTVjYTktNGJhZC04YzQ3LTJkMmM2ZWY1OGIyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AADANBgkqhkiG9w0BAQsFAAOCAQEAOJtVb3VL7o6GJs875Cu1F0ZF
WxfFl5yQjjh6vYzHtqa3Khb0mbqU7UdTpaY7xOE251h/JYQs/FXiJZNR/zehsiAO
uu23f6PvnYGuVcfFTsGq8K6YV+7XXrOm2DPx+XcQSk7o0tArKughQGjXME8MK8nf
C0ZyWDRZJ1wVvGEKTeuv//XUJiqwK5lpT195n+K68i6j9coeMmWrywMdy40EkzwW
V2WRJK9RRG+0+uxXBI341EZdRDmLaDFtpnn2/0cfiTKmAmjie0zzu9V4ui40Y96C
z8ox8bQaw9BKgdfQQ++E14chrynwC8N9r90Ycbn87wuah41swzSw/RiHKVjbuA==
-----END CERTIFICATE-----