Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3b1d79f6-944a-4da0-acd2-15477b975226.roa
File:                     3b1d79f6-944a-4da0-acd2-15477b975226.roa (raw, json)
Hash identifier:          ssJtiVi09RyhznmYP5itqqhnOCWMfa8oLSM7ZcRCd5o=
Subject key identifier:   7C:78:AE:B1:1A:5F:7E:9E:75:60:D4:6A:3D:86:2F:1B:16:37:61:6E
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3D3C465EC1C2C45926A056839CC96A6EF9291283
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3b1d79f6-944a-4da0-acd2-15477b975226.roa
Signing time:             Sat 28 Feb 2026 02:00:09 +0000
ROA not before:           Sat 28 Feb 2026 02:00:09 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:551b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:3c:46:5e:c1:c2:c4:59:26:a0:56:83:9c:c9:6a:6e:f9:29:12:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Feb 28 02:00:09 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=8896aa0299884e57a3332ac4afcb1074739d7851741a5a88b874628805578b37, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:31:6a:47:3e:ef:23:e8:fc:cf:48:9e:5a:81:
                    41:14:03:dc:6c:36:ce:be:02:69:cd:b1:13:8e:ca:
                    e7:9e:57:fe:5b:a3:f8:f5:59:8f:f9:f2:c8:6b:d1:
                    c6:29:98:98:de:16:39:bb:9f:ee:b4:92:7d:4c:01:
                    1c:28:36:f1:54:d5:68:43:1c:ed:b8:f2:5f:f0:b8:
                    27:f8:c4:f3:50:61:3e:61:0a:94:4c:28:5f:b8:8a:
                    23:54:7b:75:8d:6c:d4:10:39:01:a8:b4:08:b4:44:
                    dc:df:de:4f:4a:6f:db:33:a9:bf:bc:6e:e1:ad:99:
                    a4:d6:6b:b2:7e:bf:04:c4:2f:4f:fc:4d:05:36:d9:
                    be:cb:0e:b2:e1:91:c9:0f:00:ea:aa:fe:1b:b0:c9:
                    1b:2b:3d:a6:11:94:8a:7c:b2:9f:b8:35:5a:e1:0f:
                    f1:16:58:0b:d0:cf:df:79:29:73:55:96:f9:83:e3:
                    cd:90:ec:5d:5a:83:30:60:3c:03:18:b8:b7:9b:85:
                    a8:60:49:7a:d6:f3:46:72:0a:80:35:02:02:01:c5:
                    e3:f3:3f:75:66:6d:d7:a9:27:66:da:e0:27:c5:c9:
                    16:c0:e2:29:d0:56:6f:42:01:cb:73:37:02:27:4f:
                    ec:cb:eb:66:d4:ee:e4:4c:e2:8f:5e:b6:bc:d2:8b:
                    b9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:78:AE:B1:1A:5F:7E:9E:75:60:D4:6A:3D:86:2F:1B:16:37:61:6E
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3b1d79f6-944a-4da0-acd2-15477b975226.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:551b::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:33:50:d1:b2:ab:28:03:85:db:dc:4e:f4:fb:28:37:b3:85:
         21:07:e4:da:e6:61:44:8e:8f:9a:fe:7c:2b:7a:3b:29:ad:c5:
         49:27:49:b3:de:7e:3e:66:45:0d:26:2e:0d:e0:2d:b7:87:b2:
         ba:39:7c:73:b6:6f:0e:f9:1a:56:ab:c4:20:29:ca:be:a8:0b:
         ba:bd:19:fe:3d:d8:88:c4:e4:8e:d2:ac:a1:e2:2c:81:d6:b3:
         af:44:56:d2:f5:f6:32:07:7e:71:e9:a7:d1:f8:6d:ef:ca:c7:
         da:3a:38:03:5f:85:2d:1e:33:d7:71:be:ab:86:eb:b3:8c:3f:
         ce:20:18:05:4b:71:4c:5b:3f:53:78:34:38:a8:d2:42:79:46:
         93:8a:7f:d7:ca:9b:d5:eb:a7:a9:6a:88:94:22:75:ad:7d:a9:
         44:b0:36:fb:4f:74:01:1f:99:1f:c0:ba:ba:ca:b9:33:ba:d1:
         c4:23:d6:92:fb:e5:e3:65:f6:92:c3:5d:79:a1:0a:37:4d:78:
         9e:70:b5:4d:8f:15:ca:df:a2:b6:ce:98:39:b6:18:59:f7:2b:
         33:31:07:2b:d0:86:e2:25:3e:01:72:f0:a3:21:fa:0d:cf:61:
         18:0c:7b:7f:e2:4c:42:a0:b8:09:34:80:56:02:d4:4b:54:ba:
         46:01:b7:a0
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPTxGXsHCxFkmoFaDnMlqbvkpEoMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwMjI4MDIwMDA5WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODk2YWEwMjk5ODg0ZTU3YTMzMzJhYzRhZmNiMTA3NDcz
OWQ3ODUxNzQxYTVhODhiODc0NjI4ODA1NTc4YjM3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXMWpHPu8j6PzPSJ5agUEUA9xsNs6+AmnNsROOyueeV/5b
o/j1WY/58shr0cYpmJjeFjm7n+60kn1MARwoNvFU1WhDHO248l/wuCf4xPNQYT5h
CpRMKF+4iiNUe3WNbNQQOQGotAi0RNzf3k9Kb9szqb+8buGtmaTWa7J+vwTEL0/8
TQU22b7LDrLhkckPAOqq/huwyRsrPaYRlIp8sp+4NVrhD/EWWAvQz995KXNVlvmD
482Q7F1agzBgPAMYuLebhahgSXrW80ZyCoA1AgIBxePzP3VmbdepJ2ba4CfFyRbA
4inQVm9CActzNwInT+zL62bU7uRM4o9etrzSi7njAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUfHiusRpffp51YNRqPYYvGxY3YW4wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzNiMWQ3OWY2LTk0NGEtNGRhMC1hY2QyLTE1NDc3Yjk3NTIyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRswDQYJKoZIhvcNAQELBQADggEBACEzUNGyqygDhdvcTvT7KDez
hSEH5NrmYUSOj5r+fCt6OymtxUknSbPefj5mRQ0mLg3gLbeHsro5fHO2bw75Glar
xCApyr6oC7q9Gf492IjE5I7SrKHiLIHWs69EVtL19jIHfnHpp9H4be/Kx9o6OANf
hS0eM9dxvquG67OMP84gGAVLcUxbP1N4NDio0kJ5RpOKf9fKm9Xrp6lqiJQida19
qUSwNvtPdAEfmR/AurrKuTO60cQj1pL75eNl9pLDXXmhCjdNeJ5wtU2PFcrforbO
mDm2GFn3KzMxByvQhuIlPgFy8KMh+g3PYRgMe3/iTEKguAk0gFYC1EtUukYBt6A=
-----END CERTIFICATE-----