Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7ef9d80d-500c-4762-aefe-0aa07f82b263.roa
File:                     7ef9d80d-500c-4762-aefe-0aa07f82b263.roa (raw, json)
Hash identifier:          WMYNctdt65p+b7y2xVP0oB7Yl0huBonaZMAUFvUg9uw=
Subject key identifier:   64:36:96:07:09:90:2D:89:34:41:56:C1:6F:D1:07:21:C1:29:DF:68
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3298BF9B64D716C716E7255A3FCB533877D62CB9
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7ef9d80d-500c-4762-aefe-0aa07f82b263.roa
Signing time:             Mon 16 Jun 2025 19:20:05 +0000
ROA not before:           Mon 16 Jun 2025 19:20:05 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e400::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:98:bf:9b:64:d7:16:c7:16:e7:25:5a:3f:cb:53:38:77:d6:2c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 16 19:20:05 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=fc73a4596e3a6db10137be563c5793275a3517ae88e7eede5aec8345f02eb1ab, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d2:d9:ad:37:e2:27:de:f9:df:b8:f3:e5:30:
                    ea:c9:da:4f:6a:e1:42:a8:01:e9:ba:0a:b1:84:4c:
                    4c:4f:e4:a8:b8:1c:fe:19:46:cc:f6:ce:32:1b:4b:
                    40:2f:20:50:7a:ab:a4:c6:45:4c:b2:5e:b7:cd:39:
                    b6:22:e9:18:ab:d4:7f:fa:6f:a0:da:43:43:11:29:
                    13:30:0a:ee:04:86:17:26:4b:31:6e:9c:24:b5:2b:
                    19:dd:5a:b8:27:72:a1:89:11:1d:f7:4e:cd:a3:10:
                    10:66:1b:6b:9a:40:0a:de:ef:ca:44:4d:47:d1:b7:
                    fb:93:b5:da:cf:72:c0:df:40:de:ee:77:98:3f:a4:
                    c8:10:ce:6e:e5:4c:d5:60:d0:b6:f2:13:69:ab:35:
                    c1:66:3f:e7:fc:f6:55:b3:66:6e:a4:de:86:99:f0:
                    05:01:db:dc:e7:1f:30:0a:2e:a9:d0:69:96:82:e4:
                    d9:63:c9:2f:88:d2:2b:76:eb:85:ee:99:bd:cc:62:
                    e6:72:de:33:85:89:cc:d7:b0:51:cf:db:9b:a6:31:
                    5d:3a:1e:d5:ef:3d:67:3b:8b:39:df:9a:e0:7d:cd:
                    16:26:ba:60:95:a8:21:fe:59:f8:53:09:62:2f:f9:
                    df:62:f3:ef:74:ce:c8:6e:df:87:a6:62:d7:c4:94:
                    a5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:36:96:07:09:90:2D:89:34:41:56:C1:6F:D1:07:21:C1:29:DF:68
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7ef9d80d-500c-4762-aefe-0aa07f82b263.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e400::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:7a:e2:ca:5f:d5:1a:11:1c:91:85:ff:7d:b6:b1:d2:66:21:
         9a:cf:0f:13:27:b4:cb:54:63:5d:eb:25:d8:47:00:76:b7:02:
         ef:1b:55:ae:d5:e5:5d:bc:f7:85:bc:71:cb:30:66:fe:8d:fb:
         ea:47:e9:56:36:44:9c:2f:4b:79:d7:5e:da:c2:e6:ba:28:0e:
         59:06:20:5a:b6:81:2c:92:54:2e:17:a4:69:0c:a9:63:17:84:
         36:8c:bc:cf:88:3a:23:8f:df:a9:a1:45:ba:1b:cd:f9:4b:57:
         97:e7:6b:51:92:34:22:2c:8d:17:3f:ec:ab:95:10:7b:18:de:
         69:d3:2d:b5:92:9d:35:d9:59:2f:82:2b:d8:5f:1b:6d:18:43:
         a5:2c:8c:5b:b6:f9:d5:2c:59:1e:91:ec:8d:cd:8c:65:33:ff:
         55:da:b3:a7:5b:16:d2:1c:4c:d4:02:fb:98:f1:11:45:9d:cc:
         7c:0c:e9:a3:7f:75:d4:fe:22:f3:39:82:d9:b4:af:18:bd:f7:
         ad:77:0b:7c:16:ee:66:d5:35:06:7c:ab:da:4e:2b:bf:ce:a6:
         71:05:85:78:3f:66:5b:9a:94:34:2c:ae:36:f5:2e:9c:cf:5e:
         22:92:b1:7b:5b:c0:a0:f0:23:9b:78:77:54:e5:e7:f2:31:17:
         28:2e:6e:9c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMpi/m2TXFscW5yVaP8tTOHfWLLkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjE2MTkyMDA1WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYzczYTQ1OTZlM2E2ZGIxMDEzN2JlNTYzYzU3OTMyNzVh
MzUxN2FlODhlN2VlZGU1YWVjODM0NWYwMmViMWFiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC80tmtN+In3vnfuPPlMOrJ2k9q4UKoAem6CrGETExP5Ki4
HP4ZRsz2zjIbS0AvIFB6q6TGRUyyXrfNObYi6Rir1H/6b6DaQ0MRKRMwCu4Ehhcm
SzFunCS1KxndWrgncqGJER33Ts2jEBBmG2uaQAre78pETUfRt/uTtdrPcsDfQN7u
d5g/pMgQzm7lTNVg0LbyE2mrNcFmP+f89lWzZm6k3oaZ8AUB29znHzAKLqnQaZaC
5NljyS+I0it264Xumb3MYuZy3jOFiczXsFHP25umMV06HtXvPWc7iznfmuB9zRYm
umCVqCH+WfhTCWIv+d9i8+90zshu34emYtfElKUvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUZDaWBwmQLYk0QVbBb9EHIcEp32gwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzdlZjlkODBkLTUwMGMtNDc2Mi1hZWZlLTBhYTA3ZjgyYjI2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD75DANBgkqhkiG9w0BAQsFAAOCAQEAKnriyl/VGhEckYX/fbax0mYh
ms8PEye0y1RjXesl2EcAdrcC7xtVrtXlXbz3hbxxyzBm/o376kfpVjZEnC9Ledde
2sLmuigOWQYgWraBLJJULhekaQypYxeENoy8z4g6I4/fqaFFuhvN+UtXl+drUZI0
IiyNFz/sq5UQexjeadMttZKdNdlZL4Ir2F8bbRhDpSyMW7b51SxZHpHsjc2MZTP/
Vdqzp1sW0hxM1AL7mPERRZ3MfAzpo3911P4i8zmC2bSvGL33rXcLfBbuZtU1Bnyr
2k4rv86mcQWFeD9mW5qUNCyuNvUunM9eIpKxe1vAoPAjm3h3VOXn8jEXKC5unA==
-----END CERTIFICATE-----