Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa
File:                     4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa (raw, json)
Hash identifier:          J3a0ZnVQIaBbC8Kcvg8G4kymCWjzfyGs/bawEdY0Yes=
Subject key identifier:   51:CC:4E:40:39:36:90:5C:64:D9:24:F8:43:AB:D7:AC:D4:9D:F3:BF
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       34AB0E6FA8079105B3B36319F1D45F196D05CAC6
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa
Signing time:             Mon 16 Jun 2025 19:30:14 +0000
ROA not before:           Mon 16 Jun 2025 19:30:14 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e500::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:ab:0e:6f:a8:07:91:05:b3:b3:63:19:f1:d4:5f:19:6d:05:ca:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 16 19:30:14 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=773b4f35ec2b75559ec100b9908c7282a6c0e714751c43bc7e134053495b83b0, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f2:35:21:6b:14:95:2a:e8:b0:cc:9d:99:1a:
                    96:ee:4a:5c:81:c3:d7:f8:1c:f1:fa:42:4b:27:c1:
                    c9:33:c7:2e:99:fe:3a:87:3f:4e:c4:6d:0c:c6:7c:
                    ee:b5:8c:9d:ca:ee:cb:c4:ae:e8:9c:d0:62:b4:f3:
                    7b:c3:d9:2a:99:34:ef:40:9d:55:50:9a:83:7d:0b:
                    7a:5d:e2:0b:5e:95:4d:eb:a9:c0:06:56:df:d5:c7:
                    9f:93:5d:28:36:6f:8a:ee:9a:40:c5:90:44:15:e0:
                    d5:37:76:62:e1:32:43:5f:14:dd:9a:41:5a:ed:a4:
                    54:30:9a:a9:24:e3:63:19:ee:e6:c2:2b:d5:92:b2:
                    28:b1:9c:99:d3:88:c2:61:b4:33:20:83:b9:66:56:
                    64:d6:de:46:51:02:04:6a:29:64:71:d8:3a:a2:bd:
                    c2:38:49:51:cd:a8:0c:fe:47:63:29:dc:81:ab:8c:
                    80:c1:99:7c:ff:ed:62:22:bc:13:e6:8e:41:5d:1a:
                    41:d9:9c:0e:c0:d0:72:5d:91:b0:e6:ec:04:f9:d7:
                    71:0e:f2:d3:44:2f:93:25:68:d2:09:7b:b9:c5:be:
                    5b:53:17:bb:5d:4f:fb:41:77:f3:82:3f:90:f5:95:
                    07:34:8a:77:cd:f6:47:e4:6b:d2:fb:c1:4d:aa:05:
                    7c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:CC:4E:40:39:36:90:5C:64:D9:24:F8:43:AB:D7:AC:D4:9D:F3:BF
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e500::/42

    Signature Algorithm: sha256WithRSAEncryption
         02:6e:e7:37:fa:f1:82:63:e4:4a:b5:96:67:e1:b3:56:2d:86:
         72:88:c0:cd:e3:d4:c8:9c:15:b0:a2:57:a7:00:22:1a:73:b1:
         2f:4b:9a:f2:5a:96:5c:39:f7:9b:59:8b:43:c8:19:71:77:b1:
         29:db:d8:fa:ee:93:e6:d8:21:6e:9c:79:1f:13:3f:53:01:83:
         14:54:88:03:0d:4e:ca:f7:5b:05:a0:8e:1f:af:0d:f0:bf:34:
         77:e4:5d:97:97:d7:df:08:76:42:14:93:1a:f2:70:ed:6b:69:
         79:0c:24:1b:f9:45:ba:40:e3:e3:84:be:38:3b:69:ce:6a:fd:
         ac:b7:43:e6:42:b0:c1:c6:b1:a1:c0:02:6e:f7:2d:73:1d:1f:
         9f:ff:2c:62:a1:79:02:04:ae:68:68:49:e6:d5:12:55:b5:e6:
         00:fb:0a:21:7f:a9:76:19:44:85:f4:78:66:78:eb:a5:20:88:
         6d:c6:d8:90:65:a8:74:e3:58:78:d5:0e:28:13:9f:dd:a2:41:
         02:44:ac:13:b8:e1:ac:53:1b:b9:0c:32:a9:5d:05:ee:7b:64:
         57:6f:09:64:74:ff:29:78:89:90:d1:68:0c:fe:bc:2d:56:a6:
         eb:a5:0f:0b:f6:99:fb:37:9a:57:b5:3f:3a:b8:50:e7:16:f5:
         f7:38:c6:86
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUNKsOb6gHkQWzs2MZ8dRfGW0FysYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjE2MTkzMDE0WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NzNiNGYzNWVjMmI3NTU1OWVjMTAwYjk5MDhjNzI4MmE2
YzBlNzE0NzUxYzQzYmM3ZTEzNDA1MzQ5NWI4M2IwMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD8jUhaxSVKuiwzJ2ZGpbuSlyBw9f4HPH6Qksnwckzxy6Z
/jqHP07EbQzGfO61jJ3K7svEruic0GK083vD2SqZNO9AnVVQmoN9C3pd4gtelU3r
qcAGVt/Vx5+TXSg2b4rumkDFkEQV4NU3dmLhMkNfFN2aQVrtpFQwmqkk42MZ7ubC
K9WSsiixnJnTiMJhtDMgg7lmVmTW3kZRAgRqKWRx2DqivcI4SVHNqAz+R2Mp3IGr
jIDBmXz/7WIivBPmjkFdGkHZnA7A0HJdkbDm7AT513EO8tNEL5MlaNIJe7nFvltT
F7tdT/tBd/OCP5D1lQc0infN9kfka9L7wU2qBXzbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUUcxOQDk2kFxk2ST4Q6vXrNSd878wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRjN2MyNmQwLTBlNjItNGNjOC1hZDNjLTNjMTVmZmUzMTRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD75QAwDQYJKoZIhvcNAQELBQADggEBAAJu5zf68YJj5Eq1lmfhs1Yt
hnKIwM3j1MicFbCiV6cAIhpzsS9LmvJallw595tZi0PIGXF3sSnb2Pruk+bYIW6c
eR8TP1MBgxRUiAMNTsr3WwWgjh+vDfC/NHfkXZeX198IdkIUkxrycO1raXkMJBv5
RbpA4+OEvjg7ac5q/ay3Q+ZCsMHGsaHAAm73LXMdH5//LGKheQIErmhoSebVElW1
5gD7CiF/qXYZRIX0eGZ466UgiG3G2JBlqHTjWHjVDigTn92iQQJErBO44axTG7kM
MqldBe57ZFdvCWR0/yl4iZDRaAz+vC1WpuulDwv2mfs3mle1Pzq4UOcW9fc4xoY=
-----END CERTIFICATE-----