Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2c005aeb-f132-4bb2-a865-90077d8d5e49.roa
File:                     2c005aeb-f132-4bb2-a865-90077d8d5e49.roa (raw, json)
Hash identifier:          sZsHFmB9kn7idv2b9QHRfnEQDdk3B5tvKSPUtI4wARE=
Subject key identifier:   A5:AA:D7:AF:12:C2:DC:B7:76:C8:64:02:BF:8A:E0:30:E3:00:D0:1E
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       26A916BE3119F772DC7074AC67EE80B967844FDE
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2c005aeb-f132-4bb2-a865-90077d8d5e49.roa
Signing time:             Mon 21 Jul 2025 16:40:16 +0000
ROA not before:           Mon 21 Jul 2025 16:40:16 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:10a::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:a9:16:be:31:19:f7:72:dc:70:74:ac:67:ee:80:b9:67:84:4f:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jul 21 16:40:16 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=fbc94328986204e09ba6de828fee852dc204e6d017240a962c46fb29b090c47d, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:32:6b:96:11:9b:e1:92:2d:f4:89:3d:a7:12:
                    be:16:a0:db:a6:b0:73:9b:e3:7d:87:80:95:34:5c:
                    08:70:1c:b8:e8:e2:36:c6:62:26:5a:df:a9:bf:15:
                    9c:84:8f:9c:ee:a4:d6:31:7f:a1:35:29:b0:33:a3:
                    18:db:6a:cf:b4:d3:6b:b9:be:27:00:5e:77:59:af:
                    99:15:fa:1a:de:5f:a3:79:a7:29:09:78:a2:ab:12:
                    6a:c6:5f:0a:91:3e:de:5c:8b:f1:6d:7b:14:0b:42:
                    27:ec:f5:ca:d3:94:aa:ad:6e:63:ca:90:43:75:20:
                    ab:12:d9:76:a3:a2:bf:a2:e7:5c:e4:ec:d1:5b:ad:
                    b0:b3:0a:03:9f:d0:26:74:0e:61:5b:e9:5b:be:af:
                    19:90:9d:53:0b:48:54:18:8b:81:db:af:5f:e3:fb:
                    65:e6:6d:05:6f:86:6d:28:60:c9:6f:eb:41:86:af:
                    df:72:6a:9c:39:64:ed:12:f4:24:c1:18:33:27:03:
                    7b:db:07:6b:aa:6e:72:aa:b8:cf:db:99:09:eb:78:
                    cc:8e:21:0b:32:2b:32:6c:b0:f9:45:28:6c:6a:e7:
                    f1:f0:83:66:54:00:f9:b4:cc:df:10:e8:7f:10:d3:
                    e9:89:55:c5:ba:0f:77:54:8c:8d:98:59:c1:23:9a:
                    58:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:AA:D7:AF:12:C2:DC:B7:76:C8:64:02:BF:8A:E0:30:E3:00:D0:1E
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2c005aeb-f132-4bb2-a865-90077d8d5e49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:10a::/47

    Signature Algorithm: sha256WithRSAEncryption
         a2:65:f6:f2:e8:da:da:75:a1:e5:3a:37:5f:b6:c1:a7:37:b8:
         24:60:3e:be:e5:ec:37:09:6d:4c:6a:4d:eb:fe:e1:dc:d5:e3:
         dc:98:cc:ea:e2:60:27:ff:40:1b:a8:05:e8:4c:a9:cd:e9:bc:
         03:22:07:24:97:d3:c8:e6:41:03:d8:a9:d5:f1:44:08:4e:b2:
         3c:00:2d:ee:3b:a0:74:4c:5e:43:cb:58:29:bd:dc:bc:e2:f3:
         3e:88:5b:03:82:66:88:f6:57:0f:01:41:30:a5:af:d8:33:9d:
         a5:95:fa:1f:82:6a:3a:7c:85:69:02:11:94:12:7d:f7:87:bd:
         fb:4b:ea:95:fe:d7:75:48:19:86:17:fd:6e:22:fd:d2:67:01:
         e1:51:09:25:1e:35:e6:db:0c:ab:96:f1:97:ee:18:96:e5:9e:
         b3:9d:ec:7c:e6:0a:3f:9f:e0:a0:8c:a8:18:40:10:1f:19:38:
         11:e7:7e:e3:7c:bb:cc:89:8e:eb:44:e0:6d:14:88:45:5e:59:
         64:c2:e1:ac:a3:6b:29:ba:fa:c5:a3:fd:32:3c:64:4e:22:bd:
         e2:3d:26:c1:58:8b:34:4d:a3:19:5d:f2:7f:90:bd:1c:32:06:
         57:01:dd:f8:9f:60:80:09:4c:13:9e:6b:a9:f6:9a:bb:be:96:
         78:16:94:30
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJqkWvjEZ93LccHSsZ+6AuWeET94wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNzIxMTY0MDE2WhcNMjUwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmM5NDMyODk4NjIwNGUwOWJhNmRlODI4ZmVlODUyZGMy
MDRlNmQwMTcyNDBhOTYyYzQ2ZmIyOWIwOTBjNDdkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8MmuWEZvhki30iT2nEr4WoNumsHOb432HgJU0XAhwHLjo
4jbGYiZa36m/FZyEj5zupNYxf6E1KbAzoxjbas+002u5vicAXndZr5kV+hreX6N5
pykJeKKrEmrGXwqRPt5ci/FtexQLQifs9crTlKqtbmPKkEN1IKsS2Xajor+i51zk
7NFbrbCzCgOf0CZ0DmFb6Vu+rxmQnVMLSFQYi4Hbr1/j+2XmbQVvhm0oYMlv60GG
r99yapw5ZO0S9CTBGDMnA3vbB2uqbnKquM/bmQnreMyOIQsyKzJssPlFKGxq5/Hw
g2ZUAPm0zN8Q6H8Q0+mJVcW6D3dUjI2YWcEjmlgbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUparXrxLC3Ld2yGQCv4rgMOMA0B4wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzJjMDA1YWViLWYxMzItNGJiMi1hODY1LTkwMDc3ZDhkNWU0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAPDwAQowDQYJKoZIhvcNAQELBQADggEBAKJl9vLo2tp1oeU6N1+2wac3
uCRgPr7l7DcJbUxqTev+4dzV49yYzOriYCf/QBuoBehMqc3pvAMiBySX08jmQQPY
qdXxRAhOsjwALe47oHRMXkPLWCm93Lzi8z6IWwOCZoj2Vw8BQTClr9gznaWV+h+C
ajp8hWkCEZQSffeHvftL6pX+13VIGYYX/W4i/dJnAeFRCSUeNebbDKuW8ZfuGJbl
nrOd7HzmCj+f4KCMqBhAEB8ZOBHnfuN8u8yJjutE4G0UiEVeWWTC4ayjaym6+sWj
/TI8ZE4iveI9JsFYizRNoxld8n+QvRwyBlcB3fifYIAJTBOea6n2mru+lngWlDA=
-----END CERTIFICATE-----