Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9dcfab8d-23d5-4ce2-bcc7-d85ec1e40912.roa
File:                     9dcfab8d-23d5-4ce2-bcc7-d85ec1e40912.roa (raw, json)
Hash identifier:          o+o5TGr0EUEHmoRRTNm68tEY8P6sRSy33O4/jtFlNdU=
Subject key identifier:   BE:56:BC:58:DF:C7:33:B5:C5:AA:D5:77:83:4A:FD:A9:D1:DE:94:AB
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       59F7B0C51CFD4FFF6B920839F9A33FAD2BCF0197
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9dcfab8d-23d5-4ce2-bcc7-d85ec1e40912.roa
Signing time:             Mon 11 May 2026 01:30:15 +0000
ROA not before:           Mon 11 May 2026 01:30:15 +0000
ROA not after:            Sun 09 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f2:7011::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 14 May 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:f7:b0:c5:1c:fd:4f:ff:6b:92:08:39:f9:a3:3f:ad:2b:cf:01:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 11 01:30:15 2026 GMT
            Not After : Aug  9 23:59:59 2026 GMT
        Subject: serialNumber=835eb61c67880a9d31e41aa94d866978942a7efbb114d609ba85d880348739f0, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f3:64:1a:7a:58:0c:23:d5:e0:1c:05:18:1b:
                    df:d3:19:ca:0c:39:bb:24:43:cf:d6:72:7b:55:a2:
                    b1:bd:e8:bf:57:4e:4d:14:b6:72:f9:5a:a5:1b:6f:
                    8a:b8:7c:02:bc:23:f1:db:98:92:d7:f4:77:c1:2c:
                    07:bc:bf:48:7f:d7:95:3a:5b:e8:d3:22:ff:66:7d:
                    31:58:9f:6f:62:07:a2:08:79:25:7d:dc:8f:79:6c:
                    21:98:1a:82:fb:15:3a:aa:b5:ee:dd:89:06:c6:13:
                    42:2c:2e:7d:19:14:32:8e:57:46:b9:94:69:67:0c:
                    e1:2e:b6:83:74:95:6d:96:a0:24:0b:36:01:2a:32:
                    94:c3:4e:38:8c:cb:eb:6f:47:ef:b9:28:4b:c0:de:
                    68:b5:ae:96:d7:cf:b9:f9:6f:08:22:8f:0b:1e:8c:
                    2e:be:fc:ad:d3:cb:a9:cf:a8:38:b1:de:fa:c9:82:
                    35:e4:02:b0:8b:d6:3a:16:8d:7c:18:da:07:38:0d:
                    e1:07:81:28:0e:6d:ed:2c:97:f2:36:f4:60:04:d1:
                    b9:d5:01:1d:36:7b:eb:0e:8a:2c:25:95:be:02:64:
                    2e:d6:78:57:9f:b2:3b:ca:ed:5b:b6:f3:d6:b2:8e:
                    a0:e1:ff:95:a2:30:75:e4:43:c9:12:bc:7e:ef:13:
                    e4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:56:BC:58:DF:C7:33:B5:C5:AA:D5:77:83:4A:FD:A9:D1:DE:94:AB
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/9dcfab8d-23d5-4ce2-bcc7-d85ec1e40912.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f2:7011::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:fe:25:4c:f4:8a:81:21:eb:f3:d1:ed:82:6e:a6:17:28:41:
         4c:d3:3e:ad:b4:49:c8:bd:2a:94:a0:0d:97:04:73:ca:63:0d:
         f9:0b:77:61:84:c9:a3:7e:55:6b:5a:87:2e:fc:fe:76:c1:3a:
         87:78:8a:77:49:c7:49:8d:22:82:41:7d:e2:dd:43:69:ce:61:
         6d:dc:31:87:89:ad:cc:03:28:9c:22:44:ea:1d:f9:b7:04:f3:
         fb:c4:89:8e:b5:0e:6d:3a:63:78:ec:0e:89:ad:b9:b5:b5:37:
         0d:14:7d:66:bf:ea:77:df:89:d4:f2:ee:f0:a8:ee:67:d8:4d:
         4f:f7:e2:7f:c2:bb:f3:51:35:6b:4a:fa:21:aa:19:0c:28:1e:
         8b:ff:af:52:2c:1b:41:4c:19:a3:bb:2b:b7:84:cd:0c:3f:ab:
         c1:0d:a7:c4:4c:2b:60:9f:d5:e5:93:61:10:df:ce:a7:fb:ac:
         ea:11:51:60:35:11:93:cc:7c:10:bc:fb:4d:ea:dc:f3:84:13:
         33:ef:d7:8f:45:24:74:71:fc:1f:0c:7c:8a:82:95:d0:fe:0c:
         0d:f1:94:c1:a1:e3:00:48:5f:60:4f:a3:49:60:83:d0:72:5c:
         38:eb:17:01:25:72:37:e6:ba:79:b1:e9:43:1b:8a:12:2d:50:
         31:20:33:b1
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWfewxRz9T/9rkgg5+aM/rSvPAZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTExMDEzMDE1WhcNMjYwODA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzVlYjYxYzY3ODgwYTlkMzFlNDFhYTk0ZDg2Njk3ODk0
MmE3ZWZiYjExNGQ2MDliYTg1ZDg4MDM0ODczOWYwMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd82QaelgMI9XgHAUYG9/TGcoMObskQ8/WcntVorG96L9X
Tk0UtnL5WqUbb4q4fAK8I/HbmJLX9HfBLAe8v0h/15U6W+jTIv9mfTFYn29iB6II
eSV93I95bCGYGoL7FTqqte7diQbGE0IsLn0ZFDKOV0a5lGlnDOEutoN0lW2WoCQL
NgEqMpTDTjiMy+tvR++5KEvA3mi1rpbXz7n5bwgijwsejC6+/K3Ty6nPqDix3vrJ
gjXkArCL1joWjXwY2gc4DeEHgSgObe0sl/I29GAE0bnVAR02e+sOiiwllb4CZC7W
eFefsjvK7Vu289ayjqDh/5WiMHXkQ8kSvH7vE+TFAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUvla8WN/HM7XFqtV3g0r9qdHelKswHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzlkY2ZhYjhkLTIzZDUtNGNlMi1iY2M3LWQ4NWVjMWU0MDkxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDycBEwDQYJKoZIhvcNAQELBQADggEBAH7+JUz0ioEh6/PR7YJuphco
QUzTPq20Sci9KpSgDZcEc8pjDfkLd2GEyaN+VWtahy78/nbBOod4indJx0mNIoJB
feLdQ2nOYW3cMYeJrcwDKJwiROod+bcE8/vEiY61Dm06Y3jsDomtubW1Nw0UfWa/
6nffidTy7vCo7mfYTU/34n/Cu/NRNWtK+iGqGQwoHov/r1IsG0FMGaO7K7eEzQw/
q8ENp8RMK2Cf1eWTYRDfzqf7rOoRUWA1EZPMfBC8+03q3POEEzPv149FJHRx/B8M
fIqCldD+DA3xlMGh4wBIX2BPo0lgg9ByXDjrFwElcjfmunmx6UMbihItUDEgM7E=
-----END CERTIFICATE-----