Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
File:                     d040f02c-c962-433b-9282-37c1d283eaeb.roa (raw, json)
Hash identifier:          hil/2fQZ+nQbixKpFvvkwwTiOsVLCKJf8LC8SjOK2aQ=
Subject key identifier:   A7:1A:96:13:B5:3D:EE:8C:46:98:98:8B:C0:8E:2C:9C:A8:49:DF:62
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4370E41A55F59A79982AD2121D052BBC527400ED
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
Signing time:             Fri 26 Sep 2025 18:11:27 +0000
ROA not before:           Fri 26 Sep 2025 18:11:27 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:eb00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:70:e4:1a:55:f5:9a:79:98:2a:d2:12:1d:05:2b:bc:52:74:00:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 26 18:11:27 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=1fd669f6abe2f8cc791b642301b80c34e638ebc6966213cdcd66125484108311, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4e:d9:88:e9:98:c0:16:08:eb:80:92:5b:90:
                    09:91:a5:6c:13:d8:0e:02:20:31:09:af:1c:25:7d:
                    d3:86:7e:09:34:fe:3f:4c:23:06:6f:bc:30:f0:14:
                    81:27:94:c8:77:68:e2:bd:40:42:70:5b:00:92:1f:
                    56:96:29:23:14:44:b8:b0:ca:ef:6c:3d:b2:24:24:
                    e8:20:8d:f9:c5:83:18:ba:2e:2b:a9:08:7c:44:01:
                    f4:11:f6:af:3f:64:93:df:1d:34:86:d6:1a:89:52:
                    57:d8:2e:26:83:1f:f4:2d:40:d0:0b:1d:85:fd:73:
                    38:fe:24:20:f4:93:c4:f8:ff:cd:fc:ed:58:51:e8:
                    ee:80:ff:c4:8d:3f:5d:18:b6:c6:11:fb:9f:e6:36:
                    fd:f4:97:cf:40:28:a6:dc:69:e7:cb:b6:fa:ee:8c:
                    a6:10:6c:84:3a:60:05:97:2f:9d:0b:13:c3:d9:cd:
                    a6:e0:63:de:dd:42:00:cc:49:7b:7c:2f:cc:5d:45:
                    db:93:86:3c:9f:a7:05:bd:8c:7b:bf:50:e8:b7:7a:
                    3a:be:44:9a:b5:0d:57:26:a8:a6:bd:e0:e8:a8:b9:
                    ad:5b:4a:4b:9f:cf:23:b1:88:d8:bb:d6:6f:c0:f3:
                    ed:5b:cd:53:b4:d0:81:34:21:a0:d4:ae:c1:9f:a8:
                    f8:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:1A:96:13:B5:3D:EE:8C:46:98:98:8B:C0:8E:2C:9C:A8:49:DF:62
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:eb00::/40

    Signature Algorithm: sha256WithRSAEncryption
         37:8f:67:cc:11:8f:ec:a8:ff:a2:f4:20:a0:66:79:1b:a0:7c:
         07:8f:cf:26:3e:ac:a5:a1:8c:30:c2:87:77:12:54:c7:20:5d:
         5b:24:0e:1d:6a:df:92:93:a0:cd:bf:d8:70:72:4d:c3:89:39:
         3b:65:7f:b7:ee:7b:aa:f3:74:93:13:65:40:24:cb:1f:dd:d8:
         73:39:1c:02:42:3a:a3:b2:5d:1d:b2:aa:d4:77:b6:a4:ea:04:
         1a:c7:35:83:47:0d:68:78:52:57:9d:67:82:c3:ff:9d:58:0f:
         ca:d7:03:24:12:6c:6f:8a:f1:84:d2:3f:c8:b7:0e:f9:42:85:
         95:2c:6a:82:fa:42:90:4f:6a:34:61:e6:c5:f9:e5:27:46:86:
         a7:b0:33:9a:18:8f:1a:8b:67:a2:f2:62:95:6c:b8:67:05:25:
         cb:0d:03:c6:16:35:71:20:60:42:1b:20:31:fd:b2:bd:7f:85:
         75:de:9b:94:ce:3d:63:a1:41:89:21:7d:b3:ff:fb:25:e8:5f:
         34:3f:77:97:ee:79:38:27:30:38:e4:93:9c:1f:0b:0c:ae:c2:
         1c:14:7d:05:4b:5d:fd:83:61:74:bf:4d:67:cb:b9:f5:b0:21:
         ad:60:91:5e:d1:8b:bb:a2:96:90:d5:54:f5:3a:b3:d4:ad:15:
         9c:5d:37:61
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQ3DkGlX1mnmYKtISHQUrvFJ0AO0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI2MTgxMTI3WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZmQ2NjlmNmFiZTJmOGNjNzkxYjY0MjMwMWI4MGMzNGU2
MzhlYmM2OTY2MjEzY2RjZDY2MTI1NDg0MTA4MzExMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7TtmI6ZjAFgjrgJJbkAmRpWwT2A4CIDEJrxwlfdOGfgk0
/j9MIwZvvDDwFIEnlMh3aOK9QEJwWwCSH1aWKSMURLiwyu9sPbIkJOggjfnFgxi6
LiupCHxEAfQR9q8/ZJPfHTSG1hqJUlfYLiaDH/QtQNALHYX9czj+JCD0k8T4/838
7VhR6O6A/8SNP10YtsYR+5/mNv30l89AKKbcaefLtvrujKYQbIQ6YAWXL50LE8PZ
zabgY97dQgDMSXt8L8xdRduThjyfpwW9jHu/UOi3ejq+RJq1DVcmqKa94Oioua1b
SkufzyOxiNi71m/A8+1bzVO00IE0IaDUrsGfqPjJAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUpxqWE7U97oxGmJiLwI4snKhJ32IwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2QwNDBmMDJjLWM5NjItNDMzYi05MjgyLTM3YzFkMjgzZWFlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76zANBgkqhkiG9w0BAQsFAAOCAQEAN49nzBGP7Kj/ovQgoGZ5G6B8
B4/PJj6spaGMMMKHdxJUxyBdWyQOHWrfkpOgzb/YcHJNw4k5O2V/t+57qvN0kxNl
QCTLH93YczkcAkI6o7JdHbKq1He2pOoEGsc1g0cNaHhSV51ngsP/nVgPytcDJBJs
b4rxhNI/yLcO+UKFlSxqgvpCkE9qNGHmxfnlJ0aGp7AzmhiPGotnovJilWy4ZwUl
yw0DxhY1cSBgQhsgMf2yvX+Fdd6blM49Y6FBiSF9s//7JehfND93l+55OCcwOOST
nB8LDK7CHBR9BUtd/YNhdL9NZ8u59bAhrWCRXtGLu6KWkNVU9Tqz1K0VnF03YQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:30:48 2025 by rpki-client