Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/17964269-4037-4ed5-aaa5-d2527a564b59.roa
File:                     17964269-4037-4ed5-aaa5-d2527a564b59.roa (raw, json)
Hash identifier:          uAwbRHZRC5eC9xNqe05duAzCKcFMOFic3cOIvGlViEg=
Subject key identifier:   3C:A2:0A:0F:98:87:5E:AE:BA:CA:51:6A:63:FA:1E:C4:04:4A:2D:7C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6545AA553A9489C59F1FDAACC0F7066BCFB33367
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/17964269-4037-4ed5-aaa5-d2527a564b59.roa
Signing time:             Mon 18 Aug 2025 18:22:27 +0000
ROA not before:           Mon 18 Aug 2025 18:22:27 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:6114::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:45:aa:55:3a:94:89:c5:9f:1f:da:ac:c0:f7:06:6b:cf:b3:33:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 18 18:22:27 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=6284ae812b615708c74db2f2f6dc2e5b975a24210eaf34d4b100ca64dabdb235, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:eb:26:46:dd:ed:d8:40:87:48:01:5c:f2:
                    02:16:db:22:0e:a8:50:cf:0b:70:83:54:52:da:c9:
                    08:9e:ae:4d:d0:d2:a6:8d:b6:9a:81:58:87:d4:1e:
                    53:7a:b2:68:52:00:a1:7d:b0:08:10:15:29:79:ef:
                    43:a4:3f:67:64:07:7c:ce:9e:8c:63:f4:05:97:cd:
                    59:98:b6:e9:1e:44:c8:1e:92:44:ae:e2:c8:1f:c8:
                    9b:7a:8e:82:de:00:ef:d2:f2:c1:bd:22:97:0c:b7:
                    1b:a7:87:47:bb:33:6e:98:08:45:a6:f9:76:36:9c:
                    2f:be:90:03:c0:79:6a:f1:49:a7:05:3a:9a:f8:01:
                    9e:9d:c3:51:2c:68:3d:36:21:3f:8d:f8:ce:f3:3f:
                    5f:1c:04:bb:9e:ee:93:47:51:4b:3f:7d:30:a5:5e:
                    52:7a:59:93:ca:17:f4:e4:6b:4e:5f:9a:41:18:0d:
                    f9:f0:1c:82:8b:e6:56:95:62:1f:08:c1:3a:17:93:
                    fe:75:da:24:be:ea:78:0a:ea:83:a1:dc:cb:84:20:
                    58:ca:4e:d2:d2:1f:7e:1e:99:24:f0:b5:3f:87:26:
                    07:2b:ff:d7:b4:29:6b:c7:a2:a1:d7:ca:09:7a:9e:
                    37:62:47:09:35:d4:63:85:a6:f3:70:0a:09:d7:05:
                    82:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A2:0A:0F:98:87:5E:AE:BA:CA:51:6A:63:FA:1E:C4:04:4A:2D:7C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/17964269-4037-4ed5-aaa5-d2527a564b59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6114::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:7f:26:c9:44:ec:f8:cb:cc:31:9c:8e:ca:3a:e8:98:bf:bc:
         0f:f8:c1:24:67:93:bd:a3:58:8e:23:25:17:f8:d1:4e:75:62:
         e0:22:c0:9a:8c:b9:db:0d:9d:54:c1:ac:b5:be:d0:00:3d:65:
         96:ac:26:f0:82:4b:1e:d3:c8:cb:d5:90:04:f2:d3:02:73:48:
         af:f7:bf:bf:52:75:88:17:35:bd:9e:a7:20:04:be:d9:e8:17:
         7a:bb:2f:f8:71:a6:ac:5e:39:22:d1:34:70:f0:26:ec:95:52:
         97:1e:7f:ce:d3:c6:2b:d5:ad:af:41:ae:5c:c4:dd:b1:a3:60:
         04:e2:70:45:70:33:ce:0c:46:c9:fe:16:a7:a5:96:18:fb:a1:
         db:a0:ee:18:9b:91:e2:0d:eb:8e:0d:3b:ec:15:03:7c:75:f8:
         5f:d5:3c:ed:30:4a:6d:f9:f6:33:49:b2:0e:ed:dd:fa:30:f2:
         bd:36:f0:24:a1:4e:71:a1:0e:15:3b:94:9a:56:f0:52:64:4e:
         4b:ed:da:42:c0:39:f3:ae:f8:4f:89:ed:bf:11:29:21:d1:3d:
         f1:62:09:e8:de:57:a4:8d:0c:c9:46:63:42:63:fb:33:a6:2f:
         c8:d7:38:4a:b0:c4:1e:bd:db:68:6e:d0:07:8a:88:97:dd:f9:
         9b:13:a5:74
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUZUWqVTqUicWfH9qswPcGa8+zM2cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODE4MTgyMjI3WhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2Mjg0YWU4MTJiNjE1NzA4Yzc0ZGIyZjJmNmRjMmU1Yjk3
NWEyNDIxMGVhZjM0ZDRiMTAwY2E2NGRhYmRiMjM1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs5+smRt3t2ECHSAFc8gIW2yIOqFDPC3CDVFLayQierk3Q
0qaNtpqBWIfUHlN6smhSAKF9sAgQFSl570OkP2dkB3zOnoxj9AWXzVmYtukeRMge
kkSu4sgfyJt6joLeAO/S8sG9IpcMtxunh0e7M26YCEWm+XY2nC++kAPAeWrxSacF
Opr4AZ6dw1EsaD02IT+N+M7zP18cBLue7pNHUUs/fTClXlJ6WZPKF/Tka05fmkEY
DfnwHIKL5laVYh8IwToXk/512iS+6ngK6oOh3MuEIFjKTtLSH34emSTwtT+HJgcr
/9e0KWvHoqHXygl6njdiRwk11GOFpvNwCgnXBYK1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUPKIKD5iHXq66ylFqY/oexARKLXwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzE3OTY0MjY5LTQwMzctNGVkNS1hYWE1LWQyNTI3YTU2NGI1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYRQwDQYJKoZIhvcNAQELBQADggEBAAJ/JslE7PjLzDGcjso66Ji/
vA/4wSRnk72jWI4jJRf40U51YuAiwJqMudsNnVTBrLW+0AA9ZZasJvCCSx7TyMvV
kATy0wJzSK/3v79SdYgXNb2epyAEvtnoF3q7L/hxpqxeOSLRNHDwJuyVUpcef87T
xivVra9BrlzE3bGjYATicEVwM84MRsn+Fqellhj7odug7hibkeIN644NO+wVA3x1
+F/VPO0wSm359jNJsg7t3fow8r028CShTnGhDhU7lJpW8FJkTkvt2kLAOfOu+E+J
7b8RKSHRPfFiCejeV6SNDMlGY0Jj+zOmL8jXOEqwxB6922hu0AeKiJfd+ZsTpXQ=
-----END CERTIFICATE-----