Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/20df74ce-1a64-4df1-b616-115d4493a969.roa
File:                     20df74ce-1a64-4df1-b616-115d4493a969.roa (raw, json)
Hash identifier:          yMn3liPFPVJc2mt66GFlqFlKLNSvBvEIdSzd8wGp6TM=
Subject key identifier:   1E:BB:02:0C:34:DF:6B:4E:43:B0:A8:9F:39:35:2E:EB:A7:40:45:2F
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       24D3DE2B8E8949F59CBE66D101B632EF3DF36A7C
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/20df74ce-1a64-4df1-b616-115d4493a969.roa
Signing time:             Fri 26 Sep 2025 18:20:16 +0000
ROA not before:           Fri 26 Sep 2025 18:20:16 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:d3:de:2b:8e:89:49:f5:9c:be:66:d1:01:b6:32:ef:3d:f3:6a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 26 18:20:16 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=8f44a435f569bf9ad5152b9a9c94b18f9b9bc2fb52bf307651e15a2bbeced26b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5d:63:1f:fb:97:b4:2a:51:61:23:e7:1c:67:
                    bb:45:61:cd:dd:8a:23:d5:10:39:59:be:92:a2:48:
                    32:2e:98:f8:0e:fd:a7:71:f0:f2:82:dd:4f:4c:57:
                    c9:60:81:c2:55:23:14:fd:d1:ba:9b:87:ed:b8:d8:
                    47:c5:e5:31:49:2a:ee:60:49:7f:43:a2:ca:7e:84:
                    00:d6:02:de:2c:76:43:81:ad:4a:88:e4:a7:07:48:
                    48:70:98:69:87:be:4b:56:74:5c:13:0e:b4:d5:15:
                    80:53:cf:e4:27:e0:68:e3:17:ef:b3:9e:ca:e6:0b:
                    38:74:df:3e:44:26:8d:f3:d9:3b:b8:f5:a1:25:7f:
                    a4:ab:e5:18:4f:f7:b0:41:af:df:41:78:f6:e3:94:
                    c4:07:f6:9c:b8:f9:9e:99:a5:9e:8d:4b:c9:7e:28:
                    ee:25:95:a6:b8:dc:d7:60:56:57:1a:4f:21:d5:3a:
                    b0:bc:29:4f:3f:f1:72:9c:85:b8:30:72:58:d4:82:
                    92:cc:48:2f:6a:f2:22:3b:fa:96:b7:eb:1a:12:81:
                    a9:43:6e:03:97:e8:e4:97:68:98:93:cb:ec:5c:4c:
                    b6:db:58:44:a9:34:c4:60:a9:8d:d4:38:d6:d2:ea:
                    84:32:45:8e:c0:3d:1b:a8:31:c1:71:61:82:b5:c3:
                    41:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:BB:02:0C:34:DF:6B:4E:43:B0:A8:9F:39:35:2E:EB:A7:40:45:2F
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/20df74ce-1a64-4df1-b616-115d4493a969.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         8d:55:b0:b9:03:3a:19:7e:22:b7:94:da:64:46:fc:bf:da:bd:
         56:d3:e8:af:bb:24:58:ec:e1:fc:7d:14:df:8f:a3:e2:58:be:
         5a:00:44:e3:db:8b:72:c8:ba:2f:e3:be:13:af:53:63:99:37:
         97:f4:05:71:97:3c:7b:b9:58:b7:4a:6a:e1:7a:90:a9:b5:92:
         cc:c8:6b:00:2e:9d:2e:a1:d4:a1:9f:58:1d:bb:83:58:80:d8:
         6c:6b:3a:4c:ab:bc:ce:57:83:31:ba:f2:2d:00:9a:a7:e2:bf:
         8d:66:75:32:71:a9:c9:b4:3f:65:1f:56:0c:7f:21:fd:13:cf:
         be:73:10:9f:96:d4:90:19:6f:64:c8:04:94:75:b5:5a:00:13:
         9c:54:e1:4a:b3:f9:d9:1e:de:0f:3c:ed:1d:6a:95:3d:de:ed:
         43:10:e0:86:44:72:f5:76:1b:6d:02:2e:14:39:0b:c3:89:cf:
         85:cf:82:fe:46:3d:30:54:ea:ca:d0:92:30:88:1e:77:fc:d6:
         7a:05:4c:09:86:a3:a3:2c:89:dc:d8:6e:e5:e6:08:bd:e7:72:
         35:57:6b:25:51:cf:64:d0:86:5a:8b:1c:f0:52:d1:3b:2d:5b:
         ae:94:5b:cc:da:19:c1:9f:28:57:fd:a4:e0:a7:a0:2b:11:c0:
         ee:d0:61:3f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJNPeK46JSfWcvmbRAbYy7z3zanwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI2MTgyMDE2WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjQ0YTQzNWY1NjliZjlhZDUxNTJiOWE5Yzk0YjE4Zjli
OWJjMmZiNTJiZjMwNzY1MWUxNWEyYmJlY2VkMjZiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrXWMf+5e0KlFhI+ccZ7tFYc3diiPVEDlZvpKiSDIumPgO
/adx8PKC3U9MV8lggcJVIxT90bqbh+242EfF5TFJKu5gSX9Dosp+hADWAt4sdkOB
rUqI5KcHSEhwmGmHvktWdFwTDrTVFYBTz+Qn4GjjF++znsrmCzh03z5EJo3z2Tu4
9aElf6Sr5RhP97BBr99BePbjlMQH9py4+Z6ZpZ6NS8l+KO4llaa43NdgVlcaTyHV
OrC8KU8/8XKchbgwcljUgpLMSC9q8iI7+pa36xoSgalDbgOX6OSXaJiTy+xcTLbb
WESpNMRgqY3UONbS6oQyRY7APRuoMcFxYYK1w0G7AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUHrsCDDTfa05DsKifOTUu66dARS8wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzIwZGY3NGNlLTFhNjQtNGRmMS1iNjE2LTExNWQ0NDkzYTk2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwAjANBgkqhkiG9w0BAQsFAAOCAQEAjVWwuQM6GX4it5TaZEb8v9q9
VtPor7skWOzh/H0U34+j4li+WgBE49uLcsi6L+O+E69TY5k3l/QFcZc8e7lYt0pq
4XqQqbWSzMhrAC6dLqHUoZ9YHbuDWIDYbGs6TKu8zleDMbryLQCap+K/jWZ1MnGp
ybQ/ZR9WDH8h/RPPvnMQn5bUkBlvZMgElHW1WgATnFThSrP52R7eDzztHWqVPd7t
QxDghkRy9XYbbQIuFDkLw4nPhc+C/kY9MFTqytCSMIged/zWegVMCYajoyyJ3Nhu
5eYIvedyNVdrJVHPZNCGWosc8FLROy1brpRbzNoZwZ8oV/2k4KegKxHA7tBhPw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:43:58 2025 by rpki-client