Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa
File:                     9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa (raw, json)
Hash identifier:          txfM1xhVu51VZPYh1MNmzJkzxhI6ZEteRhp7K6XVWEk=
Subject key identifier:   78:29:61:A3:E3:70:23:C3:69:C8:38:63:FF:45:BA:EA:D4:1C:CD:5C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6D2C3CF1C8D861ED2E711BE0E22A028EA90A36CE
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa
Signing time:             Wed 25 Jun 2025 00:50:07 +0000
ROA not before:           Wed 25 Jun 2025 00:50:07 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5503::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:2c:3c:f1:c8:d8:61:ed:2e:71:1b:e0:e2:2a:02:8e:a9:0a:36:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jun 25 00:50:07 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=0b10791450439d3e2bd1158f8d949de13be4b1f3a991a8d394e4a532c76deb02, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:11:f6:7e:4d:96:25:04:c3:85:38:fb:2a:f6:
                    85:0a:2b:9c:87:f9:98:51:d0:f2:84:f4:e2:5e:37:
                    b0:ab:2e:a7:e2:54:c4:f1:60:3e:51:e0:39:e8:d1:
                    50:53:53:3a:0c:1a:ba:82:0c:36:10:8f:44:66:50:
                    33:a8:e2:ec:dd:42:04:36:ea:75:12:63:a7:af:f0:
                    32:1b:01:c6:1c:df:46:85:66:ff:73:83:83:83:93:
                    9e:57:d9:f8:04:6f:c2:c9:3e:b5:7e:96:03:55:14:
                    53:a0:17:ad:ea:c9:a9:d9:a9:88:75:60:59:ad:43:
                    37:d2:83:bb:7e:9b:f6:30:4f:92:d1:e6:5d:f0:bf:
                    9d:66:0c:04:24:c9:23:0f:d3:3f:cd:06:12:81:e3:
                    29:02:d0:fc:c7:9a:0e:be:c7:0c:4c:ae:f0:53:52:
                    19:8c:b2:9d:95:92:1b:af:67:14:5c:74:48:29:ec:
                    69:06:68:87:bf:f3:db:90:67:79:e8:bf:d8:b7:36:
                    0d:c6:8d:40:c7:b1:ae:de:a7:55:2d:db:72:f8:05:
                    66:94:c6:78:0b:ab:f7:c1:06:97:9f:96:30:63:1c:
                    76:46:05:a3:33:89:0c:08:5a:37:f3:fa:24:b2:8d:
                    a4:5c:e2:d9:2c:2a:6f:cf:c4:4d:6f:da:0d:e3:c9:
                    14:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:29:61:A3:E3:70:23:C3:69:C8:38:63:FF:45:BA:EA:D4:1C:CD:5C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9738bb0d-1a84-4601-bc6b-25ba7f49c72b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5503::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:ff:0c:58:97:90:d6:01:85:ce:a7:f6:88:0d:2f:61:88:74:
         cf:af:df:23:f7:ac:4e:95:ec:a1:bd:d9:a0:51:da:1c:0f:ed:
         71:49:5c:53:ef:aa:ca:af:6a:75:25:10:f8:f8:f6:36:3f:a3:
         83:f2:86:16:e5:f2:e1:9f:4e:e5:ec:35:e6:4f:de:06:a9:cc:
         b8:15:63:10:6d:40:cf:48:06:95:59:9e:5f:33:b3:c3:d2:4b:
         1c:c5:f5:1f:d0:7e:2f:e6:64:82:29:30:b7:be:39:60:dd:b7:
         44:d1:e3:f4:a5:ca:42:d8:73:b7:e5:96:ab:8a:29:b9:15:fc:
         e1:dd:f9:d9:e1:e9:72:2a:5f:f5:65:93:da:f8:ca:08:2b:7d:
         ba:c2:9a:e7:89:df:31:9f:d9:5e:38:0a:98:90:9d:22:cc:7e:
         0c:6e:57:d7:c8:dd:74:d5:c6:f0:c0:a8:5f:ab:38:e3:34:ab:
         c7:e1:7e:a8:80:84:3c:3c:e5:b7:9d:65:0a:82:65:2e:99:60:
         36:49:60:fd:d6:3f:2f:b2:bc:36:15:2a:23:13:0c:7c:ff:fd:
         d3:96:04:ee:59:f3:7b:6d:92:3b:a6:2b:7e:9f:ca:52:75:2e:
         14:0d:de:75:aa:af:ff:46:52:6d:bc:9b:0e:67:9f:80:1b:4d:
         5c:61:3d:87
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUbSw88cjYYe0ucRvg4ioCjqkKNs4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNjI1MDA1MDA3WhcNMjUwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjEwNzkxNDUwNDM5ZDNlMmJkMTE1OGY4ZDk0OWRlMTNi
ZTRiMWYzYTk5MWE4ZDM5NGU0YTUzMmM3NmRlYjAyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrEfZ+TZYlBMOFOPsq9oUKK5yH+ZhR0PKE9OJeN7CrLqfi
VMTxYD5R4Dno0VBTUzoMGrqCDDYQj0RmUDOo4uzdQgQ26nUSY6ev8DIbAcYc30aF
Zv9zg4ODk55X2fgEb8LJPrV+lgNVFFOgF63qyanZqYh1YFmtQzfSg7t+m/YwT5LR
5l3wv51mDAQkySMP0z/NBhKB4ykC0PzHmg6+xwxMrvBTUhmMsp2VkhuvZxRcdEgp
7GkGaIe/89uQZ3nov9i3Ng3GjUDHsa7ep1Ut23L4BWaUxngLq/fBBpefljBjHHZG
BaMziQwIWjfz+iSyjaRc4tksKm/PxE1v2g3jyRQ9AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUeClho+NwI8NpyDhj/0W66tQczVwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2Lzk3MzhiYjBkLTFhODQtNDYwMS1iYzZiLTI1YmE3ZjQ5YzcyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVQMwDQYJKoZIhvcNAQELBQADggEBAAj/DFiXkNYBhc6n9ogNL2GI
dM+v3yP3rE6V7KG92aBR2hwP7XFJXFPvqsqvanUlEPj49jY/o4Pyhhbl8uGfTuXs
NeZP3gapzLgVYxBtQM9IBpVZnl8zs8PSSxzF9R/Qfi/mZIIpMLe+OWDdt0TR4/Sl
ykLYc7fllquKKbkV/OHd+dnh6XIqX/Vlk9r4yggrfbrCmueJ3zGf2V44CpiQnSLM
fgxuV9fI3XTVxvDAqF+rOOM0q8fhfqiAhDw85bedZQqCZS6ZYDZJYP3WPy+yvDYV
KiMTDHz//dOWBO5Z83ttkjumK36fylJ1LhQN3nWqr/9GUm28mw5nn4AbTVxhPYc=
-----END CERTIFICATE-----