Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3562da89-c8ff-4159-8f92-365721d94405.roa
File:                     3562da89-c8ff-4159-8f92-365721d94405.roa (raw, json)
Hash identifier:          vXEtyPjUR4zUGcmmT8EdKtV91w4WXF+ioOa5Y9nEVh8=
Subject key identifier:   F5:EB:82:74:60:05:A3:A6:C7:52:CC:04:CE:93:BF:25:C4:9B:BE:F0
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6BB8A283D57A2181B1B7B91E953541E8E455CCEB
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3562da89-c8ff-4159-8f92-365721d94405.roa
Signing time:             Fri 15 Aug 2025 15:30:17 +0000
ROA not before:           Fri 15 Aug 2025 15:30:17 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:f030::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:b8:a2:83:d5:7a:21:81:b1:b7:b9:1e:95:35:41:e8:e4:55:cc:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug 15 15:30:17 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=aad323e8c98c5fe429eb35905ce90e2ea1417c8dcef257cde34108f5fbfd0a8f, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c2:b2:8e:50:ba:64:81:21:69:33:30:7e:00:
                    93:b1:d6:c0:d3:c0:6b:c0:2e:05:4b:a4:b9:17:6d:
                    35:55:e3:c2:97:4d:e0:92:43:40:22:3f:8c:a9:2b:
                    b7:f0:52:98:14:9f:03:73:67:89:5f:f7:6f:87:cc:
                    24:95:b5:12:42:2c:55:7c:62:41:7b:f1:e5:5b:80:
                    a0:68:01:c2:6c:a9:2e:83:c0:a9:d5:0e:37:3b:0d:
                    ff:1e:3c:2a:de:b2:b4:13:7d:ce:48:54:83:18:e0:
                    fe:da:f8:1f:c3:75:bb:42:43:64:72:4e:cb:10:f1:
                    99:4c:56:9e:ae:2d:4d:4b:39:7b:d2:24:fc:3f:2a:
                    92:2a:6d:d3:34:cc:95:a6:63:ad:d4:51:4a:88:3a:
                    a2:27:8d:8d:3d:5b:16:b6:33:65:1f:1a:0e:3f:c1:
                    88:7d:92:d0:83:36:18:1e:9b:27:83:b8:45:57:7a:
                    6d:31:50:6d:e4:d5:be:bf:de:98:a4:56:3d:54:b8:
                    7f:c2:51:0a:e7:f9:bf:43:65:ac:29:45:7d:b5:9c:
                    16:02:c2:77:33:e4:e2:01:ee:eb:cd:65:0d:b5:97:
                    9d:b6:f9:dd:f4:7e:70:78:ff:c1:4d:e8:08:9a:71:
                    09:26:a8:7b:40:83:cb:d6:3f:73:27:3a:19:86:5e:
                    6f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:EB:82:74:60:05:A3:A6:C7:52:CC:04:CE:93:BF:25:C4:9B:BE:F0
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3562da89-c8ff-4159-8f92-365721d94405.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:f030::/44

    Signature Algorithm: sha256WithRSAEncryption
         3b:ab:fb:9a:46:e9:ea:61:80:65:91:38:cb:61:d0:fb:67:1d:
         c8:bd:39:d2:aa:95:2a:14:ba:a9:2e:01:91:77:c6:af:60:01:
         58:ab:4b:99:0a:63:4a:37:9d:10:3b:3b:f3:8e:be:84:20:24:
         e1:98:1c:26:42:2a:ce:c3:0c:87:6d:3c:42:46:6c:4a:95:46:
         47:96:e8:3d:89:90:50:87:99:9c:36:57:b0:6c:69:8b:1e:ce:
         6d:db:63:04:ec:a3:ba:59:43:25:f3:df:7b:44:6d:d1:3d:40:
         bd:ed:d8:79:ab:84:b2:15:66:1f:27:fb:08:51:6e:24:7f:bf:
         72:96:b7:d1:b7:71:aa:be:57:a8:01:51:40:35:3f:83:fe:be:
         ab:c1:f9:e1:4f:a3:63:95:71:58:ca:e7:28:72:5f:37:06:16:
         ec:11:61:f8:18:8c:de:1c:a3:32:f2:ee:05:0c:7e:ac:96:94:
         66:fa:cf:9c:9e:b9:6f:93:83:d3:32:3b:50:30:58:3e:5e:76:
         2d:56:be:f3:6a:e1:24:bc:3a:f9:58:2c:94:da:1a:67:4f:9b:
         36:c9:44:89:14:ec:08:e2:66:18:0d:e8:e5:12:99:e5:72:3e:
         b0:76:f6:f8:0a:13:31:25:0d:66:db:2c:8f:2e:f6:fb:e0:f0:
         7f:8a:e7:df
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUa7iig9V6IYGxt7kelTVB6ORVzOswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODE1MTUzMDE3WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYWQzMjNlOGM5OGM1ZmU0MjllYjM1OTA1Y2U5MGUyZWEx
NDE3YzhkY2VmMjU3Y2RlMzQxMDhmNWZiZmQwYThmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtwrKOULpkgSFpMzB+AJOx1sDTwGvALgVLpLkXbTVV48KX
TeCSQ0AiP4ypK7fwUpgUnwNzZ4lf92+HzCSVtRJCLFV8YkF78eVbgKBoAcJsqS6D
wKnVDjc7Df8ePCresrQTfc5IVIMY4P7a+B/DdbtCQ2RyTssQ8ZlMVp6uLU1LOXvS
JPw/KpIqbdM0zJWmY63UUUqIOqInjY09Wxa2M2UfGg4/wYh9ktCDNhgemyeDuEVX
em0xUG3k1b6/3pikVj1UuH/CUQrn+b9DZawpRX21nBYCwncz5OIB7uvNZQ21l522
+d30fnB4/8FN6AiacQkmqHtAg8vWP3MnOhmGXm9xAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU9euCdGAFo6bHUswEzpO/JcSbvvAwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzM1NjJkYTg5LWM4ZmYtNDE1OS04ZjkyLTM2NTcyMWQ5NDQwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPD78DAwDQYJKoZIhvcNAQELBQADggEBADur+5pG6ephgGWROMth0Ptn
Hci9OdKqlSoUuqkuAZF3xq9gAVirS5kKY0o3nRA7O/OOvoQgJOGYHCZCKs7DDIdt
PEJGbEqVRkeW6D2JkFCHmZw2V7BsaYsezm3bYwTso7pZQyXz33tEbdE9QL3t2Hmr
hLIVZh8n+whRbiR/v3KWt9G3caq+V6gBUUA1P4P+vqvB+eFPo2OVcVjK5yhyXzcG
FuwRYfgYjN4cozLy7gUMfqyWlGb6z5yeuW+Tg9MyO1AwWD5edi1WvvNq4SS8OvlY
LJTaGmdPmzbJRIkU7AjiZhgN6OUSmeVyPrB29vgKEzElDWbbLI8u9vvg8H+K598=
-----END CERTIFICATE-----