Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa
File:                     4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa (raw, json)
Hash identifier:          q78lHIFAaT6HI0V1l7rDbSt2fHrv0Ib6H31I93oTkPY=
Subject key identifier:   5F:16:A7:12:A4:3A:41:46:37:53:93:BB:25:77:F1:CE:39:31:51:6C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       55A925F3F8FFC3E252196437516B25F8D0CD11A1
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa
Signing time:             Fri 26 Sep 2025 18:11:34 +0000
ROA not before:           Fri 26 Sep 2025 18:11:34 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e500::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:a9:25:f3:f8:ff:c3:e2:52:19:64:37:51:6b:25:f8:d0:cd:11:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 26 18:11:34 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=51bf91ed34bd379c9f78cdba5fc7b3b6b3332051d12e001668fc1281e9d448cc, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:34:b7:f8:c6:a7:6b:67:fb:a7:6f:d5:f9:0d:
                    ef:0f:82:5d:37:7c:2f:8d:04:31:70:b1:cf:76:ee:
                    6e:9d:41:51:41:cc:5b:a0:a8:31:e4:7b:f0:58:a9:
                    d9:7d:e6:04:5d:f4:19:f7:e7:2a:84:9a:08:d4:92:
                    e9:45:15:1a:d3:6c:bb:a2:bf:f6:71:e3:9e:10:cb:
                    21:65:1d:05:c7:d8:26:77:53:d1:44:8c:e9:05:17:
                    67:9b:63:cf:23:79:46:99:2a:ed:ff:85:df:e0:df:
                    de:b8:98:59:15:6b:ab:e6:f9:72:c0:2b:66:81:ce:
                    7e:c6:2f:a1:17:0b:f5:90:98:ea:a8:78:b0:2f:45:
                    82:77:2e:82:85:04:81:a3:b2:c8:fa:0f:56:80:06:
                    da:b6:1b:a6:dc:3c:c6:95:84:30:dc:63:78:45:a2:
                    c1:fd:74:0c:85:76:45:db:e7:25:4f:de:64:13:7f:
                    0a:b0:58:b8:0c:37:4c:52:80:b7:d3:bc:13:d0:60:
                    6a:4e:5f:88:c2:50:9f:c2:6d:48:ad:c1:d4:07:f6:
                    1f:d6:c3:df:87:d4:6f:b5:34:3f:c8:66:eb:6a:70:
                    fa:39:16:c1:65:c7:da:3a:3e:38:ce:3e:85:4f:c2:
                    8d:2b:76:1c:49:84:29:4f:b1:c2:32:c9:ae:23:4a:
                    c0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:16:A7:12:A4:3A:41:46:37:53:93:BB:25:77:F1:CE:39:31:51:6C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c7c26d0-0e62-4cc8-ad3c-3c15ffe314e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e500::/42

    Signature Algorithm: sha256WithRSAEncryption
         81:6d:3f:fb:a5:1c:64:ab:e4:0d:7b:e8:6e:0a:ed:1f:5a:5a:
         74:dd:f0:81:32:fa:4f:48:6e:1e:6d:e2:ea:67:1d:79:2a:09:
         6d:a0:f5:6a:2a:8e:8f:5f:c9:26:b9:3c:5d:ab:73:e8:ac:96:
         73:af:22:36:19:7c:83:b4:c5:3a:94:00:2d:00:14:9d:49:b2:
         1c:5c:fa:1f:fe:4f:b8:3c:25:ac:78:21:76:bc:f7:b2:f7:dc:
         5a:36:24:fc:0e:19:52:64:1c:ae:26:e2:4a:45:85:61:d4:ed:
         c8:3c:50:a0:24:24:05:10:17:72:a5:ab:64:d7:cb:0f:51:c3:
         6b:20:7f:99:6d:31:73:83:59:1f:18:49:3b:db:06:fa:d3:fa:
         e9:20:55:4e:af:1e:19:6e:3d:fc:8d:fb:00:86:bf:87:a4:96:
         cf:3f:99:32:b1:12:8e:dc:15:1c:33:a2:4b:c1:cc:f2:45:e3:
         11:02:42:25:1d:5e:bb:19:63:05:14:28:90:bb:49:60:63:c8:
         c7:b8:fa:cf:d0:c6:f8:6e:72:0c:fb:c2:7c:a8:ec:6d:5e:f7:
         fc:d5:34:9c:d6:55:79:26:08:43:84:33:9a:24:7e:a9:66:8e:
         2b:7d:fc:c2:59:48:09:63:63:58:5c:16:c6:0b:e7:b9:d7:42:
         10:76:c2:98
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUVakl8/j/w+JSGWQ3UWsl+NDNEaEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI2MTgxMTM0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWJmOTFlZDM0YmQzNzljOWY3OGNkYmE1ZmM3YjNiNmIz
MzMyMDUxZDEyZTAwMTY2OGZjMTI4MWU5ZDQ0OGNjMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfNLf4xqdrZ/unb9X5De8Pgl03fC+NBDFwsc927m6dQVFB
zFugqDHke/BYqdl95gRd9Bn35yqEmgjUkulFFRrTbLuiv/Zx454QyyFlHQXH2CZ3
U9FEjOkFF2ebY88jeUaZKu3/hd/g3964mFkVa6vm+XLAK2aBzn7GL6EXC/WQmOqo
eLAvRYJ3LoKFBIGjssj6D1aABtq2G6bcPMaVhDDcY3hFosH9dAyFdkXb5yVP3mQT
fwqwWLgMN0xSgLfTvBPQYGpOX4jCUJ/CbUitwdQH9h/Ww9+H1G+1ND/IZutqcPo5
FsFlx9o6PjjOPoVPwo0rdhxJhClPscIyya4jSsDVAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUXxanEqQ6QUY3U5O7JXfxzjkxUWwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRjN2MyNmQwLTBlNjItNGNjOC1hZDNjLTNjMTVmZmUzMTRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD75QAwDQYJKoZIhvcNAQELBQADggEBAIFtP/ulHGSr5A176G4K7R9a
WnTd8IEy+k9Ibh5t4upnHXkqCW2g9Woqjo9fySa5PF2rc+islnOvIjYZfIO0xTqU
AC0AFJ1Jshxc+h/+T7g8Jax4IXa897L33Fo2JPwOGVJkHK4m4kpFhWHU7cg8UKAk
JAUQF3Klq2TXyw9Rw2sgf5ltMXODWR8YSTvbBvrT+ukgVU6vHhluPfyN+wCGv4ek
ls8/mTKxEo7cFRwzokvBzPJF4xECQiUdXrsZYwUUKJC7SWBjyMe4+s/Qxvhucgz7
wnyo7G1e9/zVNJzWVXkmCEOEM5okfqlmjit9/MJZSAljY1hcFsYL57nXQhB2wpg=
-----END CERTIFICATE-----