Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/0539d573-f0bc-4125-a2e1-98abbb05a558.roa
File:                     0539d573-f0bc-4125-a2e1-98abbb05a558.roa (raw, json)
Hash identifier:          mRf/ZMFczFtiTgnlR2n/9EQpkxRCwAKjHu5yy4WJ1NI=
Subject key identifier:   91:3C:5C:8B:64:36:41:51:9A:DD:0A:32:C8:64:7D:31:E0:E5:11:AE
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       3D6D066C919CB09FD7F28D517D9E7FAD2D05C882
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/0539d573-f0bc-4125-a2e1-98abbb05a558.roa
Signing time:             Mon 23 Mar 2026 05:36:38 +0000
ROA not before:           Mon 23 Mar 2026 05:36:38 +0000
ROA not after:            Sun 21 Jun 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:1ecc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 27 Mar 2026 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:6d:06:6c:91:9c:b0:9f:d7:f2:8d:51:7d:9e:7f:ad:2d:05:c8:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Mar 23 05:36:38 2026 GMT
            Not After : Jun 21 23:59:59 2026 GMT
        Subject: serialNumber=824cc84b2c9f6c29d12b5f185093435b7ef54f95584346acbcbd929decd92ed3, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a3:a0:58:5f:3a:67:5a:a7:6c:32:f7:32:d2:
                    0e:0c:bf:5b:0f:93:8b:77:45:0f:4a:d1:30:ee:e0:
                    33:ba:96:72:6d:47:8d:b0:c8:c6:72:88:61:82:1f:
                    87:b4:41:67:9d:8f:87:c6:6c:53:d2:7f:7c:34:1a:
                    c2:66:69:a9:76:44:8e:2c:18:a2:92:2c:bc:0e:3e:
                    5d:60:58:1b:ed:fd:2f:61:78:52:6a:ec:6a:ad:b4:
                    27:01:e7:f1:b6:ba:68:07:12:49:76:09:53:4e:4e:
                    99:e7:80:7a:07:9c:6b:3d:62:a9:ee:4c:8a:0b:4c:
                    48:de:0e:af:1e:10:16:a8:05:d0:23:f5:12:00:4d:
                    5d:05:65:52:dc:25:0e:c7:64:66:bb:cf:b8:70:25:
                    e4:9b:4b:5b:3f:62:0d:f5:a8:8e:dd:56:96:97:27:
                    01:4d:de:4d:83:77:e9:bf:d9:9b:20:e9:94:43:88:
                    bd:c9:e8:31:f1:e0:2b:9f:5c:9a:85:3b:7b:0c:7e:
                    b3:4a:33:32:59:f7:cc:ca:6e:da:8f:51:40:14:3a:
                    f7:41:50:9e:c1:49:83:df:f1:e1:90:2f:bf:61:37:
                    bc:3e:d6:c6:b0:85:be:21:9e:da:4e:85:2e:f9:7d:
                    e7:db:ce:06:94:1b:f9:09:e4:15:09:96:9e:07:6f:
                    4d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:3C:5C:8B:64:36:41:51:9A:DD:0A:32:C8:64:7D:31:E0:E5:11:AE
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/0539d573-f0bc-4125-a2e1-98abbb05a558.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:1ecc::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:d3:97:e9:ce:fc:ed:21:15:7c:43:8b:06:d7:8e:5e:aa:8f:
         d5:24:13:3e:a0:a3:58:0f:d4:35:90:ed:de:c0:4d:3f:4b:34:
         b7:a9:31:51:ce:d1:64:92:1f:93:9a:64:bb:0f:a4:9c:4e:af:
         65:cf:4a:c4:be:97:a3:be:89:93:a1:a5:53:6c:ee:c4:ec:76:
         d1:97:1e:bf:11:da:be:4b:50:22:7a:eb:0a:c5:30:a4:af:60:
         ff:e8:1d:53:19:4c:e2:61:c0:66:50:76:00:55:66:da:6c:57:
         3e:8a:45:ab:fd:01:58:29:cd:9c:15:ca:3c:99:28:d6:88:4e:
         d1:de:c8:fd:1b:9a:66:a0:c8:80:2d:32:01:b1:9c:68:6c:3f:
         91:10:ba:41:4c:19:7a:35:ba:80:49:ab:d8:19:ab:82:a2:7a:
         45:0e:5c:2e:98:6a:33:2c:a7:fb:03:fb:44:47:33:44:6f:f4:
         d0:0d:83:fa:77:1a:6d:1b:78:b9:96:c1:a9:d8:02:30:6c:46:
         20:c5:76:dc:b6:11:f4:93:b1:52:13:55:65:cf:ea:ed:af:67:
         90:3c:3c:bd:2e:93:ec:b3:3f:b0:3d:b0:bb:c9:f0:01:cc:f8:
         0c:78:59:b1:90:15:c2:c5:e7:09:45:b4:7c:6d:62:79:2d:0a:
         05:6d:6f:da
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPW0GbJGcsJ/X8o1RfZ5/rS0FyIIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjYwMzIzMDUzNjM4WhcNMjYwNjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjRjYzg0YjJjOWY2YzI5ZDEyYjVmMTg1MDkzNDM1Yjdl
ZjU0Zjk1NTg0MzQ2YWNiY2JkOTI5ZGVjZDkyZWQzMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWo6BYXzpnWqdsMvcy0g4Mv1sPk4t3RQ9K0TDu4DO6lnJt
R42wyMZyiGGCH4e0QWedj4fGbFPSf3w0GsJmaal2RI4sGKKSLLwOPl1gWBvt/S9h
eFJq7GqttCcB5/G2umgHEkl2CVNOTpnngHoHnGs9YqnuTIoLTEjeDq8eEBaoBdAj
9RIATV0FZVLcJQ7HZGa7z7hwJeSbS1s/Yg31qI7dVpaXJwFN3k2Dd+m/2Zsg6ZRD
iL3J6DHx4CufXJqFO3sMfrNKMzJZ98zKbtqPUUAUOvdBUJ7BSYPf8eGQL79hN7w+
1sawhb4hntpOhS75fefbzgaUG/kJ5BUJlp4Hb01vAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUkTxci2Q2QVGa3QoyyGR9MeDlEa4wHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzA1MzlkNTczLWYwYmMtNDEyNS1hMmUxLTk4YWJiYjA1YTU1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAJAAHswwDQYJKoZIhvcNAQELBQADggEBADLTl+nO/O0hFXxDiwbXjl6q
j9UkEz6go1gP1DWQ7d7ATT9LNLepMVHO0WSSH5OaZLsPpJxOr2XPSsS+l6O+iZOh
pVNs7sTsdtGXHr8R2r5LUCJ66wrFMKSvYP/oHVMZTOJhwGZQdgBVZtpsVz6KRav9
AVgpzZwVyjyZKNaITtHeyP0bmmagyIAtMgGxnGhsP5EQukFMGXo1uoBJq9gZq4Ki
ekUOXC6YajMsp/sD+0RHM0Rv9NANg/p3Gm0beLmWwanYAjBsRiDFdty2EfSTsVIT
VWXP6u2vZ5A8PL0uk+yzP7A9sLvJ8AHM+Ax4WbGQFcLF5wlFtHxtYnktCgVtb9o=
-----END CERTIFICATE-----