Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/16b22ea8-4a7c-431a-bd74-8a2cceaaaf4a.roa
File:                     16b22ea8-4a7c-431a-bd74-8a2cceaaaf4a.roa (raw, json)
Hash identifier:          IGrBftBAzlVbgxhnBzilNtMLHC6QGNCpLyy2WDa8cEU=
Subject key identifier:   86:75:D6:39:F7:71:6F:9F:21:BE:9A:D5:F1:3D:5B:93:64:D6:4D:07
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       41762CB6D4142863E270EF389C795542859C7775
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/16b22ea8-4a7c-431a-bd74-8a2cceaaaf4a.roa
Signing time:             Sat 27 Sep 2025 00:52:45 +0000
ROA not before:           Sat 27 Sep 2025 00:52:45 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:f0f3:f000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:76:2c:b6:d4:14:28:63:e2:70:ef:38:9c:79:55:42:85:9c:77:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 27 00:52:45 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=3e5102c4fd92ba0849ccebbea56b7802da41ca4b4aa3d3244016880bdaaa0bb6, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c2:e8:4f:f9:c9:fe:9e:6e:ba:46:a1:6e:ad:
                    99:01:e5:79:89:48:2c:8f:8d:b6:1c:83:3d:37:3a:
                    15:75:89:b6:2f:58:90:a1:0c:8a:c1:c0:8f:4d:67:
                    28:f9:db:f4:cb:e8:50:2e:3a:65:0e:cc:d8:b7:b5:
                    2f:89:a4:99:05:bf:73:2c:65:9b:16:88:b1:5f:00:
                    c6:e0:90:e5:7f:18:9b:88:35:65:52:87:c2:20:65:
                    0e:67:e3:32:f0:56:12:26:df:b7:ae:8e:7c:d5:60:
                    ac:2b:31:a0:d7:8d:22:2e:7f:ff:ee:c3:e2:57:d6:
                    9b:b7:e9:b0:41:59:a8:6c:6f:66:fe:d4:d0:1d:11:
                    7e:e2:65:96:14:6d:bb:23:6b:3d:15:19:ce:6a:c9:
                    8f:18:22:e9:fe:9b:26:31:bd:0e:39:62:00:7d:5f:
                    e3:73:b5:03:5c:3e:72:0d:d5:23:7d:37:cb:0d:62:
                    f4:2e:7f:49:19:1f:c5:64:cc:24:d8:5e:52:af:8e:
                    c4:7a:33:ce:93:2c:39:0d:00:d8:4c:d4:91:b3:62:
                    9a:bf:7a:51:86:e4:cf:75:9e:bc:e8:53:1b:90:56:
                    35:d9:a5:30:ea:4f:a7:4b:89:be:7f:5a:64:ef:5e:
                    d8:9f:0a:97:6f:0b:cf:ad:ff:8a:64:aa:e4:e4:75:
                    1f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:75:D6:39:F7:71:6F:9F:21:BE:9A:D5:F1:3D:5B:93:64:D6:4D:07
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/16b22ea8-4a7c-431a-bd74-8a2cceaaaf4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f3:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:be:75:d3:5a:72:db:6b:89:3d:9c:b4:ca:67:30:ef:0b:2e:
         2f:43:69:2e:e7:88:8c:10:7e:fa:56:aa:0c:78:a8:fb:1b:35:
         90:2a:88:8c:bd:f1:e2:54:f2:a3:03:a6:81:18:c1:bd:97:ab:
         23:58:ef:25:75:92:31:39:c5:b7:ef:d8:11:19:21:a9:1c:37:
         13:00:69:f1:13:29:99:d3:ee:aa:b8:88:6a:85:40:d7:57:c8:
         f7:7f:6b:ff:e7:c2:f4:41:c2:e1:05:fd:85:8b:e9:52:eb:c6:
         ab:2e:49:e3:70:29:59:3d:89:41:26:96:30:ff:2c:8d:9c:f9:
         19:c3:f2:06:c2:ce:f8:35:1f:5c:c2:19:20:6b:5c:3a:49:ac:
         8f:4d:d3:60:27:ba:57:41:3f:2a:49:e7:b6:3d:b0:f3:77:a8:
         65:db:a7:8d:7c:1b:06:b9:ca:23:de:10:b3:00:06:b0:05:ca:
         ed:a6:10:cc:ab:2a:49:63:00:f6:dc:98:1b:b3:5c:bd:df:84:
         fa:bd:a7:13:5f:dd:c0:06:08:3b:64:ec:36:b9:16:9b:9c:01:
         c3:ea:b1:69:87:db:28:67:a9:fb:df:de:66:b9:b3:70:e0:04:
         66:60:cb:aa:1d:3d:22:ae:cf:b3:05:6a:c3:c5:28:f4:85:8c:
         1a:39:56:5b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQXYsttQUKGPicO84nHlVQoWcd3UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI3MDA1MjQ1WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTUxMDJjNGZkOTJiYTA4NDljY2ViYmVhNTZiNzgwMmRh
NDFjYTRiNGFhM2QzMjQ0MDE2ODgwYmRhYWEwYmI2MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFwuhP+cn+nm66RqFurZkB5XmJSCyPjbYcgz03OhV1ibYv
WJChDIrBwI9NZyj52/TL6FAuOmUOzNi3tS+JpJkFv3MsZZsWiLFfAMbgkOV/GJuI
NWVSh8IgZQ5n4zLwVhIm37eujnzVYKwrMaDXjSIuf//uw+JX1pu36bBBWahsb2b+
1NAdEX7iZZYUbbsjaz0VGc5qyY8YIun+myYxvQ45YgB9X+NztQNcPnIN1SN9N8sN
YvQuf0kZH8VkzCTYXlKvjsR6M86TLDkNANhM1JGzYpq/elGG5M91nrzoUxuQVjXZ
pTDqT6dLib5/WmTvXtifCpdvC8+t/4pkquTkdR/vAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhnXWOfdxb58hvprV8T1bk2TWTQcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzE2YjIyZWE4LTRhN2MtNDMxYS1iZDc0LThhMmNjZWFhYWY0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDz8AAwDQYJKoZIhvcNAQELBQADggEBAIu+ddNacttriT2ctMpnMO8L
Li9DaS7niIwQfvpWqgx4qPsbNZAqiIy98eJU8qMDpoEYwb2XqyNY7yV1kjE5xbfv
2BEZIakcNxMAafETKZnT7qq4iGqFQNdXyPd/a//nwvRBwuEF/YWL6VLrxqsuSeNw
KVk9iUEmljD/LI2c+RnD8gbCzvg1H1zCGSBrXDpJrI9N02AnuldBPypJ57Y9sPN3
qGXbp418Gwa5yiPeELMABrAFyu2mEMyrKkljAPbcmBuzXL3fhPq9pxNf3cAGCDtk
7Da5FpucAcPqsWmH2yhnqfvf3ma5s3DgBGZgy6odPSKuz7MFasPFKPSFjBo5Vls=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:35:21 2025 by rpki-client