Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0b0acdef-c848-447c-9624-6a4634464aaa.roa
File:                     0b0acdef-c848-447c-9624-6a4634464aaa.roa (raw, json)
Hash identifier:          KYmD1RtQl5Wez/4VNdn7jPlVseiKIHz69dov2KHdqGY=
Subject key identifier:   FD:C7:9D:57:CA:2C:0F:92:93:4E:EA:67:FE:6A:BE:C8:22:19:F7:9B
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       71259814E288CC0FAF6B41BEB0B590BE73ECB3A4
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0b0acdef-c848-447c-9624-6a4634464aaa.roa
Signing time:             Fri 11 Jul 2025 18:30:14 +0000
ROA not before:           Fri 11 Jul 2025 18:30:14 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e800::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 05 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:25:98:14:e2:88:cc:0f:af:6b:41:be:b0:b5:90:be:73:ec:b3:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jul 11 18:30:14 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=d0e5ddb330f1c497d09e5fc8913bb73b3b95e55dc328a7f8a8827b1402a048c0, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:45:af:b2:52:a1:81:50:e3:10:2c:73:55:e0:
                    f5:42:9f:c3:c1:76:00:bd:98:55:0e:f1:b8:fa:0a:
                    27:d5:74:08:52:2c:2c:4c:87:78:c8:eb:49:c6:64:
                    16:df:e1:7c:a8:10:50:80:d1:5b:08:0c:74:95:34:
                    3f:cb:fc:17:c5:da:fb:57:19:d4:f5:3e:ac:b3:1e:
                    fa:88:51:1a:20:01:56:83:67:4a:12:fc:a6:d4:4c:
                    23:99:ca:3a:e5:88:87:40:8a:7b:fe:42:c7:c1:28:
                    92:98:1b:f2:20:36:bd:72:fd:40:f0:13:a3:00:b0:
                    bf:72:58:ea:0b:7c:45:cb:64:0e:30:9c:df:6f:f2:
                    5b:a0:30:ac:e4:87:05:71:19:b2:02:0a:e7:f3:99:
                    24:e2:ac:29:c0:ce:c6:d3:95:5c:b6:ca:51:f4:bf:
                    75:86:63:6b:a0:22:07:a8:8a:2b:9b:33:40:66:5b:
                    c4:ac:0b:cf:80:99:ef:bf:5e:0f:bd:98:f3:51:60:
                    35:26:7a:2d:75:8a:8f:d8:6a:fa:5c:cb:75:ec:31:
                    ac:93:34:fa:e5:4c:78:a0:f0:40:71:e2:f4:6e:c0:
                    be:0d:b4:c3:99:81:a6:3f:8d:12:66:86:d7:a8:a4:
                    1c:17:c1:59:81:29:06:d6:f3:a1:9d:67:49:9b:ef:
                    f1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C7:9D:57:CA:2C:0F:92:93:4E:EA:67:FE:6A:BE:C8:22:19:F7:9B
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0b0acdef-c848-447c-9624-6a4634464aaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e800::/42

    Signature Algorithm: sha256WithRSAEncryption
         8e:1a:1c:19:d1:6a:30:ac:b6:bf:13:62:bd:9c:ef:d7:e3:ae:
         98:e4:e3:70:3f:67:f6:7f:94:df:89:7c:66:bf:4a:5e:d8:84:
         16:90:f0:0a:3c:86:d5:62:97:57:8e:22:bf:2c:15:fe:4c:23:
         3f:e9:50:64:9c:72:56:d3:3a:32:d4:5c:51:78:90:40:ce:c2:
         ec:f6:a7:6f:fa:40:5a:3f:b0:7a:f9:6a:05:b9:cb:ae:f5:4c:
         a4:98:5e:9c:1c:6b:12:33:25:68:c2:3c:99:46:17:4a:16:74:
         13:42:eb:ef:c2:e1:b5:b5:3c:9c:12:3a:6d:5b:f3:4a:e2:49:
         2e:af:3d:4d:8c:09:44:09:bd:b0:19:ff:e5:1c:86:59:33:10:
         de:b6:80:ca:ff:24:39:5d:7f:b4:e5:29:10:28:b8:6d:51:64:
         a7:17:e9:5e:b9:9a:67:7f:df:f7:2d:07:cf:ca:d0:ca:92:ba:
         db:b1:c4:ab:1f:d0:43:e9:c9:59:1a:45:9f:b6:f1:bb:24:9c:
         24:9d:c8:aa:2f:e2:19:88:11:c0:54:20:33:c8:4a:2f:97:3f:
         8e:04:8c:eb:df:89:43:50:91:1d:6e:e0:61:77:f3:e4:f0:53:
         3d:4c:fa:e7:21:d0:c2:26:4c:fa:90:4b:fc:0a:00:bc:ad:fc:
         b8:a8:b1:ce
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcSWYFOKIzA+va0G+sLWQvnPss6QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNzExMTgzMDE0WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMGU1ZGRiMzMwZjFjNDk3ZDA5ZTVmYzg5MTNiYjczYjNi
OTVlNTVkYzMyOGE3ZjhhODgyN2IxNDAyYTA0OGMwMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjRa+yUqGBUOMQLHNV4PVCn8PBdgC9mFUO8bj6CifVdAhS
LCxMh3jI60nGZBbf4XyoEFCA0VsIDHSVND/L/BfF2vtXGdT1PqyzHvqIURogAVaD
Z0oS/KbUTCOZyjrliIdAinv+QsfBKJKYG/IgNr1y/UDwE6MAsL9yWOoLfEXLZA4w
nN9v8lugMKzkhwVxGbICCufzmSTirCnAzsbTlVy2ylH0v3WGY2ugIgeoiiubM0Bm
W8SsC8+Ame+/Xg+9mPNRYDUmei11io/Yavpcy3XsMayTNPrlTHig8EBx4vRuwL4N
tMOZgaY/jRJmhteopBwXwVmBKQbW86GdZ0mb7/FXAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU/cedV8osD5KTTupn/mq+yCIZ95swHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzBiMGFjZGVmLWM4NDgtNDQ3Yy05NjI0LTZhNDYzNDQ2NGFhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD76AAwDQYJKoZIhvcNAQELBQADggEBAI4aHBnRajCstr8TYr2c79fj
rpjk43A/Z/Z/lN+JfGa/Sl7YhBaQ8Ao8htVil1eOIr8sFf5MIz/pUGScclbTOjLU
XFF4kEDOwuz2p2/6QFo/sHr5agW5y671TKSYXpwcaxIzJWjCPJlGF0oWdBNC6+/C
4bW1PJwSOm1b80riSS6vPU2MCUQJvbAZ/+UchlkzEN62gMr/JDldf7TlKRAouG1R
ZKcX6V65mmd/3/ctB8/K0MqSutuxxKsf0EPpyVkaRZ+28bsknCSdyKov4hmIEcBU
IDPISi+XP44EjOvfiUNQkR1u4GF38+TwUz1M+uch0MImTPqQS/wKALyt/Liosc4=
-----END CERTIFICATE-----