Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e0124927-afa7-4267-814d-16ec9e0135d2.roa
File:                     e0124927-afa7-4267-814d-16ec9e0135d2.roa (raw, json)
Hash identifier:          nhktk6Ea4PyBGvt6l++843JowifkPomvUR/2uBDgsyY=
Subject key identifier:   5A:E9:78:95:21:35:EA:5D:08:BD:70:12:74:3D:78:AF:B2:02:D1:AA
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       123595DADACB4E2C06DC9F2833E84D4F1BA79D96
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e0124927-afa7-4267-814d-16ec9e0135d2.roa
Signing time:             Fri 26 Sep 2025 18:00:14 +0000
ROA not before:           Fri 26 Sep 2025 18:00:14 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:35:95:da:da:cb:4e:2c:06:dc:9f:28:33:e8:4d:4f:1b:a7:9d:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 26 18:00:14 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4b569320b3d3f3a000fee4e64bad2b74d0b37e9628106e33d0c01849dcaf5d08, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:11:42:5e:fd:29:f6:73:f3:3d:c0:31:27:6b:
                    4a:db:75:94:15:98:9b:a2:8c:7d:b8:62:0b:63:6f:
                    4a:de:a4:0c:dc:d9:1d:99:6c:2a:57:1e:b2:90:38:
                    46:1f:35:1c:24:e1:70:7e:c8:40:80:3b:62:04:af:
                    82:7a:e7:d9:e9:f3:9f:e0:22:30:49:94:a2:5e:fd:
                    36:dc:58:cd:67:2e:18:bf:11:d9:f1:8d:12:5a:c1:
                    cd:ed:73:f0:3e:f2:98:52:e9:c8:f7:61:8f:5b:be:
                    b4:06:ac:ba:22:c4:91:bb:5d:dd:2c:28:8e:fb:6d:
                    45:4b:65:9d:19:f4:47:f9:4c:f9:e2:d7:24:e2:44:
                    d5:69:05:28:0a:3f:15:bb:68:ab:da:93:5c:d6:87:
                    b0:33:ad:66:74:9e:e3:c3:15:7f:bf:86:aa:d6:26:
                    3c:df:e7:f6:90:05:2a:f0:60:0b:31:ec:8d:f6:58:
                    0b:77:00:7f:c5:51:f5:6e:0e:92:77:2b:eb:7f:6b:
                    64:a1:98:04:26:65:86:2a:21:ee:ab:92:f0:2d:fa:
                    ac:c8:96:1b:5e:f6:26:a7:bb:69:a8:70:c5:c5:b0:
                    67:39:f4:27:e1:9c:45:5b:6d:a6:62:41:34:eb:a1:
                    6e:04:9e:70:c5:4d:d1:02:f7:e1:09:a2:6d:4d:b3:
                    8e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E9:78:95:21:35:EA:5D:08:BD:70:12:74:3D:78:AF:B2:02:D1:AA
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/e0124927-afa7-4267-814d-16ec9e0135d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:b0:d4:56:f3:91:b4:87:39:15:08:6c:c2:39:dd:87:6d:52:
         b0:5f:bd:f5:9e:23:db:87:59:85:8c:03:0a:9a:1f:7b:c9:71:
         e5:b2:97:c1:13:01:4d:53:63:49:52:59:9f:a3:1c:7f:d4:72:
         14:5a:42:c3:a5:27:0e:8a:41:b1:0e:18:78:5b:ac:c5:e2:6c:
         a8:33:1f:5b:7d:b9:ef:a1:6f:4c:76:6d:cf:2e:1d:dd:1e:8d:
         ba:98:5a:93:18:28:a8:39:fb:89:8c:dd:59:10:82:06:73:b6:
         60:ae:7e:08:87:3f:f2:57:fd:f1:7a:1b:96:8f:99:fa:1e:5b:
         e0:fd:50:d1:e6:88:a6:a2:4f:49:8c:06:09:f0:cd:2f:e6:34:
         75:de:08:88:05:86:6b:48:a1:78:1b:13:fe:72:cb:1e:40:d9:
         7d:59:8c:56:98:0e:c1:c2:62:08:ab:51:76:fa:6f:5c:ae:0a:
         ea:3c:8f:cd:f3:18:f4:5e:b2:fe:e9:a0:f0:ca:42:6a:f5:1d:
         dc:98:c6:bd:95:0d:9f:09:e1:5d:33:38:b8:e9:0e:b5:6f:47:
         11:f6:ec:c4:e9:47:8b:7b:66:ee:c2:fa:a8:30:b2:c0:5a:6f:
         c8:1f:f6:16:6d:0d:c4:cc:9e:90:88:ad:5c:99:be:fc:c3:74:
         ae:50:cb:9f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUEjWV2trLTiwG3J8oM+hNTxunnZYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI2MTgwMDE0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjU2OTMyMGIzZDNmM2EwMDBmZWU0ZTY0YmFkMmI3NGQw
YjM3ZTk2MjgxMDZlMzNkMGMwMTg0OWRjYWY1ZDA4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxEUJe/Sn2c/M9wDEna0rbdZQVmJuijH24Ygtjb0repAzc
2R2ZbCpXHrKQOEYfNRwk4XB+yECAO2IEr4J659np85/gIjBJlKJe/TbcWM1nLhi/
EdnxjRJawc3tc/A+8phS6cj3YY9bvrQGrLoixJG7Xd0sKI77bUVLZZ0Z9Ef5TPni
1yTiRNVpBSgKPxW7aKvak1zWh7AzrWZ0nuPDFX+/hqrWJjzf5/aQBSrwYAsx7I32
WAt3AH/FUfVuDpJ3K+t/a2ShmAQmZYYqIe6rkvAt+qzIlhte9ianu2mocMXFsGc5
9CfhnEVbbaZiQTTroW4EnnDFTdEC9+EJom1Ns44/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUWul4lSE16l0IvXASdD14r7IC0aowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2UwMTI0OTI3LWFmYTctNDI2Ny04MTRkLTE2ZWM5ZTAxMzVkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAAIwDQYJKoZIhvcNAQELBQADggEBAKKw1FbzkbSHORUIbMI53Ydt
UrBfvfWeI9uHWYWMAwqaH3vJceWyl8ETAU1TY0lSWZ+jHH/UchRaQsOlJw6KQbEO
GHhbrMXibKgzH1t9ue+hb0x2bc8uHd0ejbqYWpMYKKg5+4mM3VkQggZztmCufgiH
P/JX/fF6G5aPmfoeW+D9UNHmiKaiT0mMBgnwzS/mNHXeCIgFhmtIoXgbE/5yyx5A
2X1ZjFaYDsHCYgirUXb6b1yuCuo8j83zGPResv7poPDKQmr1HdyYxr2VDZ8J4V0z
OLjpDrVvRxH27MTpR4t7Zu7C+qgwssBab8gf9hZtDcTMnpCIrVyZvvzDdK5Qy58=
-----END CERTIFICATE-----