Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a03add-dca3-4e9f-91f6-2c009da63848.roa
File:                     f8a03add-dca3-4e9f-91f6-2c009da63848.roa (raw, json)
Hash identifier:          NywNoLZMrEn9HaZosRxBVsNrRs4SD6Bmtz684OANw5w=
Subject key identifier:   81:4A:7A:78:39:32:FD:42:A4:CB:43:1B:16:BB:75:6E:98:FB:3B:2C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       40E69169D475EF3429C0C788D0D382AE8E2402FB
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a03add-dca3-4e9f-91f6-2c009da63848.roa
Signing time:             Sat 27 Sep 2025 00:53:32 +0000
ROA not before:           Sat 27 Sep 2025 00:53:32 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:f10a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:e6:91:69:d4:75:ef:34:29:c0:c7:88:d0:d3:82:ae:8e:24:02:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Sep 27 00:53:32 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=56e7f443b7c11b045f75e3ac218e2416a5e239d911fcf4edf4dff9004a709709, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e9:c8:55:ff:2f:8f:6d:96:e9:b3:5c:04:96:
                    a9:67:6c:aa:78:0c:47:6f:60:25:cd:3d:b9:47:16:
                    d0:40:9c:b8:cb:83:85:57:48:85:31:a5:86:a9:4e:
                    0f:80:8b:a0:53:90:b5:13:11:ec:19:a6:3e:f7:11:
                    eb:dd:ab:54:4e:da:b7:28:73:a6:63:5f:e8:50:3b:
                    11:66:d0:8f:5a:e0:f0:86:f1:fd:17:d6:fb:ae:3d:
                    ce:00:a7:9a:fe:eb:70:6b:61:96:ce:07:c0:29:c6:
                    9d:b3:78:01:f7:fb:e4:26:80:60:e6:a4:e0:21:3b:
                    4e:7f:38:56:9e:36:c1:68:9b:48:15:82:da:50:cb:
                    a3:7a:49:ec:f1:f5:b4:22:0b:2b:6c:67:48:88:82:
                    c7:c9:be:41:bf:55:62:e5:5f:9a:01:c5:1a:59:7d:
                    27:33:ab:c1:86:68:c7:a7:10:1a:f0:aa:5b:51:8c:
                    ab:0c:1c:38:f5:78:8a:6b:09:8a:3d:38:f7:bd:0d:
                    46:9a:01:52:c6:78:3c:5d:dc:fa:35:e3:40:97:93:
                    f5:bb:85:fa:1c:fe:0b:ac:d5:9e:49:9d:ca:5c:ff:
                    8c:97:e8:98:84:25:6f:18:8d:9c:f3:02:f9:82:c6:
                    28:2d:cd:2b:5d:ee:b4:c6:c6:3f:64:0c:dd:87:54:
                    33:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:4A:7A:78:39:32:FD:42:A4:CB:43:1B:16:BB:75:6E:98:FB:3B:2C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f8a03add-dca3-4e9f-91f6-2c009da63848.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:f10a::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:40:ad:3f:94:d9:ff:16:6b:72:bc:18:f3:73:db:75:2a:90:
         1e:4e:d8:7e:4c:58:c8:14:16:1d:63:b0:ac:3e:31:26:b8:05:
         e8:85:4a:61:78:7f:aa:09:e0:99:02:19:55:d8:a0:4d:20:31:
         f8:68:e2:ca:73:f1:75:55:c0:cc:5a:cc:36:92:b6:f9:a3:53:
         a3:10:02:e4:23:a1:f4:6a:ff:bc:fc:d8:9d:f3:9f:ce:e6:91:
         b8:7e:dd:5a:3d:56:03:bc:98:69:9e:57:b9:7f:f8:c7:53:c0:
         db:a1:c9:ee:25:41:24:cd:37:d9:0c:f0:59:82:cb:e6:16:53:
         bc:bc:78:5c:1c:52:ca:df:64:9e:25:8d:76:c7:9f:51:53:dd:
         30:04:11:69:e5:89:2f:fc:0d:c3:be:0c:e5:71:1a:8a:ea:bb:
         29:44:ea:f0:c9:7b:6c:a6:b1:9f:0e:7b:76:a8:f0:1f:19:e5:
         67:b0:f9:41:a2:39:3f:8a:38:7b:e8:58:62:38:ee:ed:8a:ee:
         14:32:b5:b2:90:f6:e7:db:f2:36:9c:09:6b:d8:0c:26:f8:18:
         a4:d5:de:ee:18:2e:c8:4a:3e:62:0f:3b:b4:8a:fb:6b:e7:86:
         78:49:39:f2:ee:38:25:bb:8d:a7:53:59:f3:10:99:ac:d4:17:
         1c:e8:b4:de
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQOaRadR17zQpwMeI0NOCro4kAvswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwOTI3MDA1MzMyWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NmU3ZjQ0M2I3YzExYjA0NWY3NWUzYWMyMThlMjQxNmE1
ZTIzOWQ5MTFmY2Y0ZWRmNGRmZjkwMDRhNzA5NzA5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy6chV/y+PbZbps1wElqlnbKp4DEdvYCXNPblHFtBAnLjL
g4VXSIUxpYapTg+Ai6BTkLUTEewZpj73Eevdq1RO2rcoc6ZjX+hQOxFm0I9a4PCG
8f0X1vuuPc4Ap5r+63BrYZbOB8Apxp2zeAH3++QmgGDmpOAhO05/OFaeNsFom0gV
gtpQy6N6Sezx9bQiCytsZ0iIgsfJvkG/VWLlX5oBxRpZfSczq8GGaMenEBrwqltR
jKsMHDj1eIprCYo9OPe9DUaaAVLGeDxd3Po140CXk/W7hfoc/gus1Z5Jncpc/4yX
6JiEJW8YjZzzAvmCxigtzStd7rTGxj9kDN2HVDMTAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUgUp6eDky/UKky0MbFrt1bpj7OywwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2Y4YTAzYWRkLWRjYTMtNGU5Zi05MWY2LTJjMDA5ZGE2Mzg0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPD78QowDQYJKoZIhvcNAQELBQADggEBAJVArT+U2f8Wa3K8GPNz23Uq
kB5O2H5MWMgUFh1jsKw+MSa4BeiFSmF4f6oJ4JkCGVXYoE0gMfho4spz8XVVwMxa
zDaStvmjU6MQAuQjofRq/7z82J3zn87mkbh+3Vo9VgO8mGmeV7l/+MdTwNuhye4l
QSTNN9kM8FmCy+YWU7y8eFwcUsrfZJ4ljXbHn1FT3TAEEWnliS/8DcO+DOVxGorq
uylE6vDJe2ymsZ8Oe3ao8B8Z5Wew+UGiOT+KOHvoWGI47u2K7hQytbKQ9ufb8jac
CWvYDCb4GKTV3u4YLshKPmIPO7SK+2vnhnhJOfLuOCW7jadTWfMQmazUFxzotN4=
-----END CERTIFICATE-----