Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a243183f-74f0-4016-b61d-47b029a3c4e1.roa
File:                     a243183f-74f0-4016-b61d-47b029a3c4e1.roa (raw, json)
Hash identifier:          VqOA3ieQe8/uvzL/Vhhhu6BmfRc2h7S2SjL5dMMRAZw=
Subject key identifier:   70:7A:3E:A8:74:E3:C0:D3:1E:C9:64:DA:2F:FC:02:23:53:CD:CE:ED
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       54A0072220CD7507000E211F8020C59F215A4AB8
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a243183f-74f0-4016-b61d-47b029a3c4e1.roa
Signing time:             Fri 26 Sep 2025 18:20:04 +0000
ROA not before:           Fri 26 Sep 2025 18:20:04 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e100::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:a0:07:22:20:cd:75:07:00:0e:21:1f:80:20:c5:9f:21:5a:4a:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 26 18:20:04 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=77dbf319f94169b6e1036041cf326c27bb689fa36a167214d10385ef1c63776b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:60:b9:b7:d0:33:f7:ec:db:de:3c:e8:52:d0:
                    e1:83:30:d0:e1:46:4b:b7:53:87:fb:67:76:60:06:
                    c9:ec:45:4a:79:54:08:c8:47:b9:ea:ec:6d:7b:34:
                    f8:32:ed:58:b4:48:51:32:66:42:b0:98:23:9c:3d:
                    58:8b:f7:0c:ec:e0:71:90:40:95:3f:61:85:04:76:
                    eb:82:02:57:da:e1:25:92:4c:2b:88:f8:bf:73:64:
                    50:3d:59:ed:a9:1d:c9:f6:d7:c6:32:56:c5:1d:54:
                    1b:be:e7:19:a6:10:b5:e3:b3:9c:3b:ff:90:ed:31:
                    52:d8:fe:82:00:e0:4e:11:bb:7f:c6:fa:95:ee:96:
                    4b:78:93:a8:22:49:4b:92:37:da:e1:06:43:4f:b8:
                    cb:09:14:65:13:7f:05:26:3c:bb:d7:4a:58:ed:f9:
                    2d:72:e6:b9:d3:e6:90:e1:17:13:2c:36:71:ab:59:
                    cd:0c:9c:0e:2c:03:10:61:db:c0:dd:cc:6a:39:51:
                    86:c3:ee:73:00:29:ba:ab:79:1f:bb:30:b4:de:18:
                    24:d9:d6:a3:ab:d4:19:f0:3b:93:04:c7:f3:36:23:
                    eb:9f:71:52:50:f9:f1:3a:13:ea:c7:86:c0:b7:09:
                    14:27:91:20:7a:d0:ce:dd:a4:b0:af:c4:62:35:12:
                    2b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7A:3E:A8:74:E3:C0:D3:1E:C9:64:DA:2F:FC:02:23:53:CD:CE:ED
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a243183f-74f0-4016-b61d-47b029a3c4e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e100::/42

    Signature Algorithm: sha256WithRSAEncryption
         51:4e:0e:56:61:f6:f0:c4:2e:60:a6:67:d4:31:b6:71:81:4c:
         32:36:65:a7:04:7a:23:9f:2f:12:9b:29:09:d4:67:58:9c:96:
         36:ec:f8:8e:c6:a5:3d:d6:35:ad:81:bf:8d:eb:61:fb:e6:0b:
         84:ee:eb:b9:ba:0f:b6:02:dd:d6:9c:0a:ac:0b:6a:18:13:ca:
         91:db:13:1d:23:8d:ef:6a:c8:02:ee:d1:81:82:d2:95:a3:2a:
         0a:4a:b1:76:92:65:fc:6d:19:82:9a:43:5d:0a:e6:5a:99:93:
         5b:b2:a6:d1:3d:a8:25:8b:d9:7d:67:dc:09:21:16:ed:08:f1:
         47:cc:de:ee:39:65:a3:cd:de:23:2b:11:b7:fe:ad:05:f3:a4:
         4c:67:aa:d8:97:ff:d0:27:76:00:3c:21:7d:8a:7c:8d:de:39:
         74:4a:b4:9b:a0:c1:35:22:c9:96:74:91:1a:e5:12:2a:70:d6:
         80:b6:b2:d9:f4:e2:f8:ef:c9:6d:99:25:fb:44:05:b7:54:59:
         ee:d6:21:86:c5:3e:c5:de:21:31:f8:46:91:a4:6c:03:b6:34:
         5e:68:78:4b:86:be:8a:c1:01:d9:b2:f3:91:e5:76:ee:e6:d1:
         29:6a:d5:2b:4a:2c:bc:4e:76:bb:da:e0:85:a5:59:a1:5b:9c:
         19:b4:35:e6
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUVKAHIiDNdQcADiEfgCDFnyFaSrgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI2MTgyMDA0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3N2RiZjMxOWY5NDE2OWI2ZTEwMzYwNDFjZjMyNmMyN2Ji
Njg5ZmEzNmExNjcyMTRkMTAzODVlZjFjNjM3NzZiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZYLm30DP37NvePOhS0OGDMNDhRku3U4f7Z3ZgBsnsRUp5
VAjIR7nq7G17NPgy7Vi0SFEyZkKwmCOcPViL9wzs4HGQQJU/YYUEduuCAlfa4SWS
TCuI+L9zZFA9We2pHcn218YyVsUdVBu+5xmmELXjs5w7/5DtMVLY/oIA4E4Ru3/G
+pXulkt4k6giSUuSN9rhBkNPuMsJFGUTfwUmPLvXSljt+S1y5rnT5pDhFxMsNnGr
Wc0MnA4sAxBh28DdzGo5UYbD7nMAKbqreR+7MLTeGCTZ1qOr1BnwO5MEx/M2I+uf
cVJQ+fE6E+rHhsC3CRQnkSB60M7dpLCvxGI1EiuZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUcHo+qHTjwNMeyWTaL/wCI1PNzu0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2EyNDMxODNmLTc0ZjAtNDAxNi1iNjFkLTQ3YjAyOWEzYzRlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD74QAwDQYJKoZIhvcNAQELBQADggEBAFFODlZh9vDELmCmZ9QxtnGB
TDI2ZacEeiOfLxKbKQnUZ1icljbs+I7GpT3WNa2Bv43rYfvmC4Tu67m6D7YC3dac
CqwLahgTypHbEx0jje9qyALu0YGC0pWjKgpKsXaSZfxtGYKaQ10K5lqZk1uyptE9
qCWL2X1n3AkhFu0I8UfM3u45ZaPN3iMrEbf+rQXzpExnqtiX/9AndgA8IX2KfI3e
OXRKtJugwTUiyZZ0kRrlEipw1oC2stn04vjvyW2ZJftEBbdUWe7WIYbFPsXeITH4
RpGkbAO2NF5oeEuGvorBAdmy85Hldu7m0Slq1StKLLxOdrva4IWlWaFbnBm0NeY=
-----END CERTIFICATE-----