Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/720f42c5-101d-41af-abc8-bd64d6f08fe0.roa
File:                     720f42c5-101d-41af-abc8-bd64d6f08fe0.roa (raw, json)
Hash identifier:          1Nyn5wtvUfYM804w57L3iBvT8jYwXEbWkvxkEfqz6Wo=
Subject key identifier:   D3:83:3E:4D:CB:0A:0C:D0:E2:20:09:41:0D:35:5D:AB:6C:25:40:D7
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       288359DFC627E76D6F0D668A98DFD5D858D2C6B3
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/720f42c5-101d-41af-abc8-bd64d6f08fe0.roa
Signing time:             Mon 11 May 2026 01:30:14 +0000
ROA not before:           Mon 11 May 2026 01:30:14 +0000
ROA not after:            Sun 09 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f2:7011::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 14 May 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:83:59:df:c6:27:e7:6d:6f:0d:66:8a:98:df:d5:d8:58:d2:c6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 11 01:30:14 2026 GMT
            Not After : Aug  9 23:59:59 2026 GMT
        Subject: serialNumber=50826379549663f0a6a2be00d022288b10fcc5238a1287e5ecf0ebfa9cb6bc6a, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:1f:3f:02:eb:2b:0e:e6:90:be:94:37:a1:c2:
                    06:f8:2a:0d:ea:f7:bc:c1:c9:6b:ae:7f:4d:e0:b5:
                    f0:92:21:64:25:c0:1e:2e:01:fb:33:70:5e:c7:28:
                    98:7f:dc:af:a5:6b:3b:ed:75:69:b4:19:6b:8d:c5:
                    f4:b5:be:ae:40:5c:88:fb:8c:9f:95:f5:6f:74:50:
                    91:80:33:fb:b3:3a:77:d3:2d:ed:1c:48:29:da:5e:
                    9a:41:9d:00:cb:2c:e3:0d:71:52:78:b8:e3:31:6a:
                    c1:44:a0:0c:ed:20:ed:c7:d2:2c:3d:95:f0:90:eb:
                    30:1c:85:c4:01:16:12:53:59:86:1c:d4:73:b6:89:
                    31:4c:48:81:84:8c:ae:03:f6:b7:b5:f3:60:b2:39:
                    2d:a5:3f:cc:a5:6f:53:19:8c:62:24:af:b0:64:06:
                    0c:42:7e:16:92:ba:b2:7b:91:a1:38:d6:86:7d:50:
                    1f:e8:ea:7e:45:94:9f:d4:30:09:f3:06:3d:d1:32:
                    95:02:a9:a1:6b:06:3d:36:ea:1b:24:b1:10:e4:26:
                    23:64:cd:f9:cb:57:39:9c:f6:51:47:5c:3c:dd:f2:
                    11:e4:f6:d3:a9:2a:cd:2f:9b:d4:17:91:90:11:87:
                    fc:ae:e9:ca:4b:1e:4b:94:51:00:69:19:92:ea:7e:
                    9e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:83:3E:4D:CB:0A:0C:D0:E2:20:09:41:0D:35:5D:AB:6C:25:40:D7
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/720f42c5-101d-41af-abc8-bd64d6f08fe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f2:7011::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:ea:1d:5c:b5:7a:94:49:2d:5e:bb:0c:3f:99:d3:90:96:1c:
         51:5f:e2:95:76:98:b3:ff:ca:3a:67:a4:f1:d1:dc:d7:fd:f8:
         a4:3c:26:a6:5c:74:c5:b9:fe:4f:21:e3:cf:ee:77:59:c2:0c:
         14:a3:49:0d:24:15:b9:94:b2:c4:eb:0b:20:f8:79:24:2f:c7:
         ff:16:6c:a1:0d:bc:70:9d:f3:d3:a4:34:c7:6b:53:48:18:bf:
         1c:4e:8c:02:65:21:24:95:eb:14:ed:16:0a:7f:49:fa:a3:32:
         ee:4b:a7:cb:30:ed:b3:f2:3c:f9:e8:2d:a4:96:b1:1b:07:a8:
         32:80:8b:a6:29:94:7a:ae:7d:30:4d:6b:ef:d6:c8:c8:3e:67:
         70:06:55:98:03:b9:4b:af:2e:6b:7f:03:97:2f:5b:b5:69:dc:
         45:a1:25:88:d1:8b:73:1b:0d:36:5a:2d:54:af:43:9f:78:5d:
         c7:e2:6d:89:5e:42:54:50:73:9a:00:80:3b:d2:ee:6b:94:6b:
         d8:2f:6f:8a:ea:75:90:1a:3b:d5:97:49:a5:51:74:82:fa:be:
         e1:fa:74:16:99:26:4e:46:bf:dd:31:b6:05:e8:ca:c7:5a:84:
         39:ca:95:c0:d5:f7:14:3c:1f:5d:0d:22:2e:6f:8d:a5:76:c2:
         37:10:92:ce
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKINZ38Yn521vDWaKmN/V2FjSxrMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTExMDEzMDE0WhcNMjYwODA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDgyNjM3OTU0OTY2M2YwYTZhMmJlMDBkMDIyMjg4YjEw
ZmNjNTIzOGExMjg3ZTVlY2YwZWJmYTljYjZiYzZhMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrHz8C6ysO5pC+lDehwgb4Kg3q97zByWuuf03gtfCSIWQl
wB4uAfszcF7HKJh/3K+lazvtdWm0GWuNxfS1vq5AXIj7jJ+V9W90UJGAM/uzOnfT
Le0cSCnaXppBnQDLLOMNcVJ4uOMxasFEoAztIO3H0iw9lfCQ6zAchcQBFhJTWYYc
1HO2iTFMSIGEjK4D9re182CyOS2lP8ylb1MZjGIkr7BkBgxCfhaSurJ7kaE41oZ9
UB/o6n5FlJ/UMAnzBj3RMpUCqaFrBj026hsksRDkJiNkzfnLVzmc9lFHXDzd8hHk
9tOpKs0vm9QXkZARh/yu6cpLHkuUUQBpGZLqfp7xAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU04M+TcsKDNDiIAlBDTVdq2wlQNcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzcyMGY0MmM1LTEwMWQtNDFhZi1hYmM4LWJkNjRkNmYwOGZlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDycBEwDQYJKoZIhvcNAQELBQADggEBAGnqHVy1epRJLV67DD+Z05CW
HFFf4pV2mLP/yjpnpPHR3Nf9+KQ8JqZcdMW5/k8h48/ud1nCDBSjSQ0kFbmUssTr
CyD4eSQvx/8WbKENvHCd89OkNMdrU0gYvxxOjAJlISSV6xTtFgp/SfqjMu5Lp8sw
7bPyPPnoLaSWsRsHqDKAi6YplHqufTBNa+/WyMg+Z3AGVZgDuUuvLmt/A5cvW7Vp
3EWhJYjRi3MbDTZaLVSvQ594XcfibYleQlRQc5oAgDvS7muUa9gvb4rqdZAaO9WX
SaVRdIL6vuH6dBaZJk5Gv90xtgXoysdahDnKlcDV9xQ8H10NIi5vjaV2wjcQks4=
-----END CERTIFICATE-----