Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0fac8622-056c-4350-9d70-b107bedf3e94.roa
File:                     0fac8622-056c-4350-9d70-b107bedf3e94.roa (raw, json)
Hash identifier:          wc7LiLu+ej0n4wXXhU0Q/jsK6OtZ/erTYoq/F9XLOs0=
Subject key identifier:   89:A4:E8:76:3D:16:D9:15:C9:73:DE:9C:F2:50:1B:A7:64:AB:1F:4C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       17863755462FEB44C40C52ED7BB63A6C60539181
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0fac8622-056c-4350-9d70-b107bedf3e94.roa
Signing time:             Fri 31 Oct 2025 02:00:06 +0000
ROA not before:           Fri 31 Oct 2025 02:00:06 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:6103::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:86:37:55:46:2f:eb:44:c4:0c:52:ed:7b:b6:3a:6c:60:53:91:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 31 02:00:06 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=ee628edb57138c49add8b19311b064c239bd1f941fe0b0926b0fbfc10f26c227, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a5:04:c1:85:e7:c6:b0:6a:2f:d9:17:a6:4a:
                    97:ec:70:73:26:93:a7:30:c3:f4:9c:fe:5c:84:75:
                    d0:fc:da:23:e5:98:bb:13:8b:f7:4f:8d:28:9b:6f:
                    db:02:6e:6a:11:3a:60:19:85:b6:24:c0:22:64:ae:
                    94:42:a1:fe:cb:17:05:86:ee:c5:83:6f:b2:6d:8b:
                    a5:c9:a6:7d:b7:51:12:52:7b:4c:45:ec:27:f9:0d:
                    ac:4c:6f:e6:b5:4d:e6:64:85:52:86:d6:e2:a3:5b:
                    03:02:e5:4c:08:2b:12:1b:5e:aa:41:42:a8:ca:94:
                    38:dc:9c:16:f1:cf:34:b9:3a:1e:9f:0f:d3:98:12:
                    8e:da:61:1b:72:3f:8a:11:34:fa:5d:a0:d0:04:7c:
                    81:c8:e5:0d:93:08:50:a4:7b:28:ae:e4:da:ae:40:
                    ba:c9:47:a5:fb:6b:2b:50:4b:75:6c:d5:14:6d:68:
                    2b:02:19:b4:b7:5f:c4:b0:1e:5d:8f:c2:14:ff:8f:
                    b0:b2:5a:a6:1c:64:45:2e:a1:ed:c9:d6:15:12:dd:
                    d9:0b:18:e6:e1:3b:74:db:31:0c:3d:cc:42:b2:9e:
                    27:a2:48:1c:29:2f:19:cc:85:cc:2b:06:1e:fc:9a:
                    97:0f:ed:8d:6c:9e:0d:c3:32:91:3f:76:4b:4c:f8:
                    a0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A4:E8:76:3D:16:D9:15:C9:73:DE:9C:F2:50:1B:A7:64:AB:1F:4C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/0fac8622-056c-4350-9d70-b107bedf3e94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6103::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:34:32:83:68:19:a6:af:a4:c3:3f:b8:7f:be:e7:47:cf:f6:
         0c:bd:10:e7:3a:49:b3:44:1b:67:d7:cb:16:f6:b4:a1:7e:32:
         ac:92:6e:de:b2:ba:a9:94:9b:d9:32:07:f3:af:10:63:10:28:
         1f:e7:24:b9:c9:e2:83:31:a6:e2:f2:f8:31:1a:c5:29:13:ae:
         12:ed:67:e6:ef:5c:45:32:ee:b3:ab:3f:74:c7:85:a0:c5:32:
         68:a4:41:e8:77:f9:4c:bf:a0:6e:1e:e9:b0:c8:db:49:d7:f3:
         d3:ad:86:7e:10:d2:3c:04:5a:3c:2e:79:d2:08:0d:5e:50:62:
         bb:94:c1:5c:5e:33:f6:85:02:39:68:81:e1:7f:71:a0:a8:a8:
         39:8c:de:ed:7f:07:9d:66:bf:19:e8:92:85:ad:bb:38:fe:46:
         94:6d:a5:67:e3:3f:d9:23:d2:79:41:6a:c7:20:e7:fd:99:54:
         fb:2f:84:7e:6f:d4:47:77:f6:59:34:a3:fb:a4:f1:8b:f3:55:
         df:18:d0:81:b2:35:6e:17:01:61:a2:a0:78:42:09:3a:19:71:
         a8:2f:32:ea:f4:95:51:19:92:94:1d:25:24:aa:e1:3d:97:0e:
         31:e8:23:c4:b0:d0:ca:94:0b:e4:c0:64:45:b1:97:8a:e2:60:
         29:2a:2d:92
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUF4Y3VUYv60TEDFLte7Y6bGBTkYEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDMxMDIwMDA2WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTYyOGVkYjU3MTM4YzQ5YWRkOGIxOTMxMWIwNjRjMjM5
YmQxZjk0MWZlMGIwOTI2YjBmYmZjMTBmMjZjMjI3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkpQTBhefGsGov2RemSpfscHMmk6cww/Sc/lyEddD82iPl
mLsTi/dPjSibb9sCbmoROmAZhbYkwCJkrpRCof7LFwWG7sWDb7Jti6XJpn23URJS
e0xF7Cf5DaxMb+a1TeZkhVKG1uKjWwMC5UwIKxIbXqpBQqjKlDjcnBbxzzS5Oh6f
D9OYEo7aYRtyP4oRNPpdoNAEfIHI5Q2TCFCkeyiu5NquQLrJR6X7aytQS3Vs1RRt
aCsCGbS3X8SwHl2PwhT/j7CyWqYcZEUuoe3J1hUS3dkLGObhO3TbMQw9zEKyniei
SBwpLxnMhcwrBh78mpcP7Y1sng3DMpE/dktM+KCPAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUiaTodj0W2RXJc96c8lAbp2SrH0wwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzBmYWM4NjIyLTA1NmMtNDM1MC05ZDcwLWIxMDdiZWRmM2U5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwYQMwDQYJKoZIhvcNAQELBQADggEBAKg0MoNoGaavpMM/uH++50fP
9gy9EOc6SbNEG2fXyxb2tKF+MqySbt6yuqmUm9kyB/OvEGMQKB/nJLnJ4oMxpuLy
+DEaxSkTrhLtZ+bvXEUy7rOrP3THhaDFMmikQeh3+Uy/oG4e6bDI20nX89Othn4Q
0jwEWjwuedIIDV5QYruUwVxeM/aFAjlogeF/caCoqDmM3u1/B51mvxnokoWtuzj+
RpRtpWfjP9kj0nlBascg5/2ZVPsvhH5v1Ed39lk0o/uk8YvzVd8Y0IGyNW4XAWGi
oHhCCToZcagvMur0lVEZkpQdJSSq4T2XDjHoI8Sw0MqUC+TAZEWxl4riYCkqLZI=
-----END CERTIFICATE-----