Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/254b4192-a38e-41eb-a28b-d01a7ee37964.roa
File:                     254b4192-a38e-41eb-a28b-d01a7ee37964.roa (raw, json)
Hash identifier:          +mz/ofSive6eoImlPgqwQJKslTzWemT80OH2xVXlf2o=
Subject key identifier:   D2:69:43:D1:6E:ED:9D:3B:24:82:E5:F2:B8:59:1B:72:79:E6:61:82
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       61D064341BA1E65DD6DBEAD9CCC277288D257717
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/254b4192-a38e-41eb-a28b-d01a7ee37964.roa
Signing time:             Sun 02 Nov 2025 00:10:04 +0000
ROA not before:           Sun 02 Nov 2025 00:10:04 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2620:108:d000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:d0:64:34:1b:a1:e6:5d:d6:db:ea:d9:cc:c2:77:28:8d:25:77:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Nov  2 00:10:04 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=defee9fea80c155c80ac6bd7cf1004b03aa66b5f478a7fa95b8250a1f7a9547d, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:95:6a:fe:ba:df:13:4b:09:70:d8:e3:91:0e:
                    27:e8:74:4f:50:fd:dc:6e:28:be:c6:ea:60:40:d3:
                    e0:b9:72:54:08:1d:a3:88:d2:ae:a1:65:30:fe:ae:
                    70:6a:f5:77:c8:b8:f6:02:f2:36:cf:74:97:1e:1b:
                    ea:eb:75:86:d9:3b:68:84:df:62:0b:6f:98:03:bf:
                    89:9e:ba:2c:6f:6e:36:62:2c:89:e2:8b:7d:c8:6f:
                    92:b9:19:d1:7b:9b:7d:81:9e:e3:f5:ac:4a:0c:9a:
                    66:36:d8:f3:04:a6:41:63:73:d6:5f:86:4e:68:32:
                    12:07:7e:bf:22:34:04:1f:bc:b4:7a:98:1a:a5:21:
                    d4:83:09:80:d8:37:35:92:8d:63:7e:6f:0f:5c:35:
                    cb:64:3e:1a:11:c7:a3:c5:72:18:1d:68:e9:b5:0e:
                    c0:39:a9:eb:0e:b9:7f:13:82:56:bf:9c:7a:93:f7:
                    37:1a:40:b3:49:d5:99:47:9b:e8:fc:28:43:9e:72:
                    69:20:e0:95:c4:9f:69:f1:37:26:6e:b9:2c:2e:b9:
                    7b:08:64:f7:ef:a4:eb:6d:21:52:3d:d1:b9:a4:71:
                    79:f0:6a:60:2f:a5:7b:5c:6c:8c:27:a3:bf:8c:64:
                    ac:09:1f:1e:51:fd:ed:63:81:5d:92:da:b0:0e:88:
                    ad:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:69:43:D1:6E:ED:9D:3B:24:82:E5:F2:B8:59:1B:72:79:E6:61:82
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/254b4192-a38e-41eb-a28b-d01a7ee37964.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:108:d000::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:ba:70:6e:13:44:c8:77:09:a7:46:f4:65:10:64:ab:b0:83:
         03:85:86:76:84:b4:4e:e3:b0:14:2e:47:05:b2:41:cb:6a:e3:
         78:c7:ff:12:be:15:ba:fa:99:3d:4e:b0:2f:b3:22:85:8d:54:
         ae:32:ee:84:37:09:c1:1f:d4:05:7c:2c:06:92:75:63:82:0a:
         86:b5:d8:c0:4a:bd:ff:c7:29:7d:11:eb:19:cd:8a:49:a8:d4:
         25:bb:54:d4:33:72:1e:5c:e3:10:37:e3:9b:32:e6:1b:fc:30:
         19:53:7e:aa:92:ce:b8:a5:27:64:7e:3f:8c:f8:48:9e:4a:19:
         37:b3:43:d7:d2:64:6c:72:5b:b6:d6:70:e7:fd:2d:15:e5:90:
         ac:fc:0a:d0:2d:9e:f5:13:3d:60:c9:67:d5:78:f4:be:6e:b0:
         16:78:52:cf:aa:d2:ff:c3:35:b6:5d:75:29:32:ac:fc:23:03:
         68:0c:c0:24:68:8d:ad:37:55:83:7e:5b:fc:9f:f0:a1:24:aa:
         35:ab:97:9f:5b:8d:61:63:14:63:43:1d:91:98:06:6b:6c:50:
         49:c8:c0:4a:e7:81:0f:db:ab:81:60:89:f3:9a:30:df:00:d9:
         3d:a4:f6:60:74:8a:7b:b4:dd:4b:7e:c4:5e:9c:c5:ab:21:65:
         f1:e8:15:d5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUYdBkNBuh5l3W2+rZzMJ3KI0ldxcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUxMTAyMDAxMDA0WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWZlZTlmZWE4MGMxNTVjODBhYzZiZDdjZjEwMDRiMDNh
YTY2YjVmNDc4YTdmYTk1YjgyNTBhMWY3YTk1NDdkMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8lWr+ut8TSwlw2OORDifodE9Q/dxuKL7G6mBA0+C5clQI
HaOI0q6hZTD+rnBq9XfIuPYC8jbPdJceG+rrdYbZO2iE32ILb5gDv4meuixvbjZi
LInii33Ib5K5GdF7m32BnuP1rEoMmmY22PMEpkFjc9Zfhk5oMhIHfr8iNAQfvLR6
mBqlIdSDCYDYNzWSjWN+bw9cNctkPhoRx6PFchgdaOm1DsA5qesOuX8Tgla/nHqT
9zcaQLNJ1ZlHm+j8KEOecmkg4JXEn2nxNyZuuSwuuXsIZPfvpOttIVI90bmkcXnw
amAvpXtcbIwno7+MZKwJHx5R/e1jgV2S2rAOiK2nAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU0mlD0W7tnTskguXyuFkbcnnmYYIwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzI1NGI0MTkyLWEzOGUtNDFlYi1hMjhiLWQwMWE3ZWUzNzk2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmIAEI0AAwDQYJKoZIhvcNAQELBQADggEBAG66cG4TRMh3CadG9GUQZKuw
gwOFhnaEtE7jsBQuRwWyQctq43jH/xK+Fbr6mT1OsC+zIoWNVK4y7oQ3CcEf1AV8
LAaSdWOCCoa12MBKvf/HKX0R6xnNikmo1CW7VNQzch5c4xA345sy5hv8MBlTfqqS
zrilJ2R+P4z4SJ5KGTezQ9fSZGxyW7bWcOf9LRXlkKz8CtAtnvUTPWDJZ9V49L5u
sBZ4Us+q0v/DNbZddSkyrPwjA2gMwCRoja03VYN+W/yf8KEkqjWrl59bjWFjFGND
HZGYBmtsUEnIwErngQ/bq4FgifOaMN8A2T2k9mB0inu03Ut+xF6cxashZfHoFdU=
-----END CERTIFICATE-----