Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/660f5154-1b49-462f-808c-68d8e6db8edc.roa
File:                     660f5154-1b49-462f-808c-68d8e6db8edc.roa (raw, json)
Hash identifier:          y9yecHtkbTv85FUVBpqZCVqXE10/H1gwgwl+e2VWg3E=
Subject key identifier:   0C:12:3A:9A:68:58:85:67:B0:47:6D:A0:8B:5D:ED:2F:62:DE:1A:89
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       701126796D63C2D8D0AE53D03B9D711F361C2639
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/660f5154-1b49-462f-808c-68d8e6db8edc.roa
Signing time:             Mon 04 May 2026 15:10:21 +0000
ROA not before:           Mon 04 May 2026 15:10:21 +0000
ROA not after:            Sun 02 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:6120::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 14 May 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:11:26:79:6d:63:c2:d8:d0:ae:53:d0:3b:9d:71:1f:36:1c:26:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May  4 15:10:21 2026 GMT
            Not After : Aug  2 23:59:59 2026 GMT
        Subject: serialNumber=e11f81ec851f6e267b1ea97337c61f240a82da8eb143d7c73bd04e5699b86a72, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4e:4d:91:55:9e:36:ad:67:5d:88:df:c0:e1:
                    ef:94:2d:2a:b9:85:88:a8:a5:af:c3:2c:7c:3d:55:
                    e3:87:02:46:d9:f7:a0:46:65:b1:dd:9b:d0:a1:02:
                    d2:6e:40:07:9c:38:3c:c2:68:aa:23:22:aa:65:1e:
                    b8:99:56:c1:25:2a:49:f7:3c:ea:95:34:74:bc:df:
                    d6:62:6e:94:6d:85:28:a3:33:d2:18:e4:27:2d:9b:
                    ea:88:c4:9e:08:1b:ef:a5:1e:ef:df:b5:e9:fd:4a:
                    d9:5c:9e:27:2c:71:b9:32:78:15:6f:02:b0:15:84:
                    d2:48:eb:f8:5c:de:14:ea:10:72:ed:7d:6b:05:2d:
                    29:02:ab:1e:f1:ec:3c:a9:f4:67:44:8f:46:2d:ff:
                    41:74:20:75:13:b4:41:d2:86:94:c4:8c:a4:ef:33:
                    f3:cc:8b:74:34:c1:64:55:c0:3f:b7:7c:cc:70:f0:
                    9e:61:79:57:b2:cb:78:b5:bc:86:cb:c0:d2:e7:38:
                    1c:a3:51:9f:0b:44:63:2b:5e:27:b2:bb:d4:bd:74:
                    2e:f5:f7:9f:80:4d:88:9f:45:e7:e4:08:83:14:b9:
                    78:e5:4d:08:e6:38:d2:15:64:9d:05:7a:96:c9:b8:
                    4c:da:8c:77:82:92:d2:ab:08:1d:d0:9a:a7:0e:7f:
                    ab:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:12:3A:9A:68:58:85:67:B0:47:6D:A0:8B:5D:ED:2F:62:DE:1A:89
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/660f5154-1b49-462f-808c-68d8e6db8edc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6120::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:2b:15:2a:ab:30:96:e3:14:f9:8e:66:61:33:c6:a7:37:67:
         07:c9:76:10:97:b9:b9:41:83:6e:f2:a5:1b:e1:6e:e5:fe:5d:
         79:e2:f1:64:af:5c:91:73:96:9a:d8:5b:cf:4e:91:c0:b0:b6:
         6f:7f:e3:70:31:09:66:06:79:57:31:55:21:8b:a4:24:81:88:
         ed:86:67:fc:b8:38:72:69:b8:15:06:fb:6e:51:12:b6:97:9b:
         7f:35:66:f5:7c:67:51:16:08:64:d0:cf:99:43:69:5c:78:12:
         ed:2f:a9:b4:19:63:ba:ca:7f:bd:05:f4:ba:cb:44:67:9f:e6:
         ff:3d:99:4c:13:6e:e9:84:c0:dd:f8:a9:e6:e0:74:19:ce:49:
         f3:22:4c:0e:e3:58:77:eb:09:d4:dd:59:0b:6e:f2:de:88:95:
         b3:29:aa:f7:e6:8c:06:32:29:52:66:42:c0:8d:29:7e:e9:93:
         06:f5:b4:71:06:09:25:53:51:e0:ec:0f:91:c0:00:8d:cc:31:
         3d:84:fe:32:e0:be:d7:b3:bb:69:c4:3e:b7:2c:52:c4:f3:32:
         a2:de:4c:65:f0:ac:93:89:f4:48:0e:6e:fb:08:59:15:a4:78:
         e6:be:0f:e6:c5:91:ac:01:64:86:0b:51:74:0d:a0:0b:53:a0:
         c6:92:c7:0a
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcBEmeW1jwtjQrlPQO51xHzYcJjkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTA0MTUxMDIxWhcNMjYwODAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMTFmODFlYzg1MWY2ZTI2N2IxZWE5NzMzN2M2MWYyNDBh
ODJkYThlYjE0M2Q3YzczYmQwNGU1Njk5Yjg2YTcyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/Tk2RVZ42rWddiN/A4e+ULSq5hYiopa/DLHw9VeOHAkbZ
96BGZbHdm9ChAtJuQAecODzCaKojIqplHriZVsElKkn3POqVNHS839ZibpRthSij
M9IY5Cctm+qIxJ4IG++lHu/ften9StlcnicscbkyeBVvArAVhNJI6/hc3hTqEHLt
fWsFLSkCqx7x7Dyp9GdEj0Yt/0F0IHUTtEHShpTEjKTvM/PMi3Q0wWRVwD+3fMxw
8J5heVeyy3i1vIbLwNLnOByjUZ8LRGMrXieyu9S9dC7195+ATYifRefkCIMUuXjl
TQjmONIVZJ0FepbJuEzajHeCktKrCB3QmqcOf6sHAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUDBI6mmhYhWewR22gi13tL2LeGokwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzY2MGY1MTU0LTFiNDktNDYyZi04MDhjLTY4ZDhlNmRiOGVkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYSAwDQYJKoZIhvcNAQELBQADggEBADwrFSqrMJbjFPmOZmEzxqc3
ZwfJdhCXublBg27ypRvhbuX+XXni8WSvXJFzlprYW89OkcCwtm9/43AxCWYGeVcx
VSGLpCSBiO2GZ/y4OHJpuBUG+25REraXm381ZvV8Z1EWCGTQz5lDaVx4Eu0vqbQZ
Y7rKf70F9LrLRGef5v89mUwTbumEwN34qebgdBnOSfMiTA7jWHfrCdTdWQtu8t6I
lbMpqvfmjAYyKVJmQsCNKX7pkwb1tHEGCSVTUeDsD5HAAI3MMT2E/jLgvtezu2nE
PrcsUsTzMqLeTGXwrJOJ9EgObvsIWRWkeOa+D+bFkawBZIYLUXQNoAtToMaSxwo=
-----END CERTIFICATE-----