Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1e601690-d98c-4d0d-8f50-2f457decb102.roa
File:                     1e601690-d98c-4d0d-8f50-2f457decb102.roa (raw, json)
Hash identifier:          e1m+O4xono9AGzGYpbXaveMQ7oSuAsh07JAlJ8+nQHM=
Subject key identifier:   30:D2:00:81:CD:D4:9B:7A:39:E5:55:78:D0:68:7B:32:AF:3B:57:82
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       16B8B3AED4AB667FE2C3CDE22BA4E48AF6DC195C
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1e601690-d98c-4d0d-8f50-2f457decb102.roa
Signing time:             Tue 21 Oct 2025 13:00:01 +0000
ROA not before:           Tue 21 Oct 2025 13:00:01 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:1000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:b8:b3:ae:d4:ab:66:7f:e2:c3:cd:e2:2b:a4:e4:8a:f6:dc:19:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 21 13:00:01 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=d807c1a18026e479ab1b5720e35b7dcfa20ad9aac3254707075ec754369c2787, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:11:4f:57:3c:fd:1a:e5:9d:48:e3:aa:89:0c:
                    11:d5:8f:d5:ab:55:65:5b:18:d9:1f:80:26:54:9c:
                    41:50:1c:25:11:67:97:c3:e3:99:ee:8f:74:50:82:
                    1d:a5:bb:7a:54:fd:c9:80:55:b2:6f:f2:de:73:e4:
                    26:85:f7:fa:95:03:66:06:1f:13:3f:f1:20:13:99:
                    6b:e1:69:9f:90:d8:58:d0:c3:4f:53:e9:25:74:2d:
                    d0:33:78:0a:9c:4c:e8:c1:5f:be:01:42:18:7e:03:
                    30:62:41:87:de:c9:9d:b8:63:f5:c0:13:2f:67:fb:
                    d5:8b:e1:9d:24:64:3c:7d:48:b8:ae:2a:a1:f1:f9:
                    fd:8b:15:b4:1d:12:7f:9a:9d:04:c0:71:e9:1f:fe:
                    7b:01:ec:57:8b:d0:c5:f3:4b:33:be:e0:31:e7:c2:
                    84:82:70:73:0c:77:d1:7c:02:2e:0a:1e:2c:a4:98:
                    21:f5:72:c0:ba:71:cd:d1:d3:57:2b:0a:38:ce:ab:
                    0e:22:74:02:1f:da:6a:ee:2e:ed:3c:2f:b6:3c:88:
                    b1:7b:d9:a6:45:73:4c:38:15:5a:d5:19:41:2e:3f:
                    97:93:e9:e3:1e:24:a8:9a:b1:ed:85:80:80:c0:bb:
                    e0:a4:ce:c8:3d:7d:3c:13:d9:2c:71:3b:00:b7:4b:
                    27:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D2:00:81:CD:D4:9B:7A:39:E5:55:78:D0:68:7B:32:AF:3B:57:82
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1e601690-d98c-4d0d-8f50-2f457decb102.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:db:95:f3:ab:34:52:f5:6a:e2:59:0a:2e:51:48:c6:21:44:
         90:a6:05:d2:db:da:c5:6b:fc:cf:68:e8:20:e2:52:bb:e9:d7:
         7b:91:d2:c7:1c:30:a8:85:c3:10:41:82:2c:f9:2f:6f:30:50:
         fb:eb:70:45:b2:57:95:f4:1d:5d:64:27:ff:70:89:07:a2:b2:
         b4:37:e7:3a:01:b9:56:3f:b8:73:b0:38:d8:7c:f9:0f:1b:8d:
         fa:ac:c3:e0:67:f0:a4:a3:4b:61:7f:0d:2e:d9:a0:6e:ce:f0:
         d3:6e:7f:4e:4b:c9:70:96:ec:9a:14:7d:4e:a9:6c:f3:ef:fc:
         bf:4e:7c:c0:49:90:3b:bd:db:a3:6e:68:0d:47:65:fb:32:4a:
         b5:89:fd:fd:55:60:31:8f:46:f0:3f:2c:bd:3d:bb:98:c9:86:
         aa:51:09:e9:39:7d:9f:dc:62:98:72:73:99:52:17:2d:a9:de:
         69:03:3f:5c:23:a4:f7:c4:d3:fc:0a:2f:b3:3c:44:c4:bd:4e:
         89:65:f7:41:af:67:65:2e:95:49:4d:29:e4:ff:26:3b:c1:7a:
         89:2a:17:71:08:55:d0:dd:03:ff:85:9a:dd:01:01:02:11:bf:
         27:22:6a:a5:9b:7a:44:88:84:06:22:9d:40:e7:9f:20:41:ad:
         bd:48:da:42
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUFrizrtSrZn/iw83iK6TkivbcGVwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDIxMTMwMDAxWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkODA3YzFhMTgwMjZlNDc5YWIxYjU3MjBlMzViN2RjZmEy
MGFkOWFhYzMyNTQ3MDcwNzVlYzc1NDM2OWMyNzg3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAEU9XPP0a5Z1I46qJDBHVj9WrVWVbGNkfgCZUnEFQHCUR
Z5fD45nuj3RQgh2lu3pU/cmAVbJv8t5z5CaF9/qVA2YGHxM/8SATmWvhaZ+Q2FjQ
w09T6SV0LdAzeAqcTOjBX74BQhh+AzBiQYfeyZ24Y/XAEy9n+9WL4Z0kZDx9SLiu
KqHx+f2LFbQdEn+anQTAcekf/nsB7FeL0MXzSzO+4DHnwoSCcHMMd9F8Ai4KHiyk
mCH1csC6cc3R01crCjjOqw4idAIf2mruLu08L7Y8iLF72aZFc0w4FVrVGUEuP5eT
6eMeJKiase2FgIDAu+Ckzsg9fTwT2SxxOwC3SycTAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUMNIAgc3Um3o55VV40Gh7Mq87V4IwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzFlNjAxNjkwLWQ5OGMtNGQwZC04ZjUwLTJmNDU3ZGVjYjEwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwEAAwDQYJKoZIhvcNAQELBQADggEBACnblfOrNFL1auJZCi5RSMYh
RJCmBdLb2sVr/M9o6CDiUrvp13uR0sccMKiFwxBBgiz5L28wUPvrcEWyV5X0HV1k
J/9wiQeisrQ35zoBuVY/uHOwONh8+Q8bjfqsw+Bn8KSjS2F/DS7ZoG7O8NNuf05L
yXCW7JoUfU6pbPPv/L9OfMBJkDu926NuaA1HZfsySrWJ/f1VYDGPRvA/LL09u5jJ
hqpRCek5fZ/cYphyc5lSFy2p3mkDP1wjpPfE0/wKL7M8RMS9Toll90GvZ2UulUlN
KeT/JjvBeokqF3EIVdDdA/+Fmt0BAQIRvyciaqWbekSIhAYinUDnnyBBrb1I2kI=
-----END CERTIFICATE-----