Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/529e132d-0c8c-4ca3-bafc-0927932483fd.roa
File:                     529e132d-0c8c-4ca3-bafc-0927932483fd.roa (raw, json)
Hash identifier:          ZEb4t9L+Fa62yj0k/EmcEDJfEf7iab/bTbOKlHl9pOE=
Subject key identifier:   AE:DE:95:DE:62:9F:01:19:48:83:53:35:E5:BC:EA:06:A0:F9:79:9A
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       22E7CAE8CC10FF0B0F13B11842F4332F3A53AC
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/529e132d-0c8c-4ca3-bafc-0927932483fd.roa
Signing time:             Sat 28 Feb 2026 05:10:06 +0000
ROA not before:           Sat 28 Feb 2026 05:10:06 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:e7:ca:e8:cc:10:ff:0b:0f:13:b1:18:42:f4:33:2f:3a:53:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Feb 28 05:10:06 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=38b10a7ceef85ab90379587bf7e4355a722f52d998e3fb959797ca7096bc1665, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d9:5c:8a:98:c3:88:31:21:c1:4f:b9:9b:5a:
                    9b:58:a1:83:3a:51:31:27:fa:3a:e4:0f:5b:86:68:
                    7f:e2:a7:38:dd:ec:32:1f:0f:73:01:4f:1f:37:fe:
                    e9:16:85:e9:28:a1:99:07:c4:c7:66:6f:13:3f:30:
                    69:8f:7b:03:da:7b:d8:d7:eb:9b:63:14:8a:67:48:
                    cb:6d:0f:5e:b8:2f:02:2b:01:0b:e1:43:87:1b:c0:
                    77:57:ff:b7:6e:d2:2f:43:7c:69:6a:83:0c:37:27:
                    f6:35:52:9e:b0:13:04:00:f1:8c:c8:97:a4:58:53:
                    6c:7c:bd:cc:02:6b:d4:dd:13:99:cc:fa:20:6d:8f:
                    b5:85:04:67:c9:0c:99:df:c5:49:59:4c:86:db:ad:
                    fb:ac:9b:66:a0:07:42:0a:be:50:53:c1:b6:b9:b9:
                    d6:55:d2:4d:09:96:a1:41:e9:ef:1c:b6:17:b3:b8:
                    21:df:1b:23:d9:1c:f2:e2:cb:b3:bb:e8:36:c9:bf:
                    17:d5:57:5e:6b:23:53:e3:c6:69:b0:67:3d:c7:8c:
                    cb:ec:82:15:d2:43:17:75:6d:93:7c:5f:54:24:c4:
                    f8:32:56:0d:58:e6:94:40:78:63:d7:96:c5:79:94:
                    63:94:bc:c1:5c:1c:53:a0:69:be:e3:8a:b0:c5:5b:
                    8f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:DE:95:DE:62:9F:01:19:48:83:53:35:E5:BC:EA:06:A0:F9:79:9A
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/529e132d-0c8c-4ca3-bafc-0927932483fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         70:92:f0:92:ec:ce:4a:59:96:94:84:8e:8c:13:98:21:97:be:
         9e:4a:0b:51:49:de:ec:6a:7c:75:f5:89:b1:60:56:e4:f1:d6:
         33:b3:e7:01:bc:2d:3a:0f:4f:b5:01:73:bd:94:2a:1b:73:62:
         30:5c:81:8a:db:79:4a:30:cd:ee:ae:f0:9d:b9:8a:ee:9b:8a:
         86:c8:09:06:2a:48:9c:6f:4f:5a:bc:cb:b2:93:9e:1f:c8:1a:
         ce:4f:5c:cd:70:41:88:de:a3:43:20:c0:73:18:1f:e4:ee:66:
         57:cb:fc:96:55:d8:4c:ee:c8:12:9d:2e:f3:32:c8:98:20:78:
         bd:03:19:2e:d4:d6:29:8b:6d:ca:6b:7c:b5:f2:9a:ac:c4:f1:
         63:51:d0:79:92:69:78:c5:1f:f7:9e:2a:ee:e3:57:d7:7d:e0:
         1a:ed:d0:42:68:87:b6:53:60:ad:ba:ab:9b:24:27:3c:54:fd:
         ad:df:81:ea:51:01:04:20:5e:69:f5:46:68:63:7b:5b:76:de:
         b0:74:71:e6:d2:3a:b7:b9:6b:1c:77:42:6f:59:67:c8:ce:9c:
         b3:de:b5:f0:92:18:20:c9:57:a5:dd:bb:3c:8a:20:4d:25:04:
         73:cb:7b:e5:7b:e8:dc:2b:36:a9:35:9b:f8:48:5e:3b:85:3b:
         67:a5:b2:be
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgITIufK6MwQ/wsPE7EYQvQzLzpTrDANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJiNTg0NWMzMDdkMGJmNjFiMTM0YjhhYjcxMTU0NTgyNmIx
NzA3ZmQ1ZjBhZjg0ZGEwODAeFw0yNjAyMjgwNTEwMDZaFw0yNjA1MjkyMzU5NTla
MHoxSTBHBgNVBAUTQDM4YjEwYTdjZWVmODVhYjkwMzc5NTg3YmY3ZTQzNTVhNzIy
ZjUyZDk5OGUzZmI5NTk3OTdjYTcwOTZiYzE2NjUxLTArBgNVBAMTJGZiYjI3NTc2
LWNhYzItNDM4MS05YTUzLTZjMTVlMGRjMjZmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKDZXIqYw4gxIcFPuZtam1ihgzpRMSf6OuQPW4Zof+KnON3s
Mh8PcwFPHzf+6RaF6SihmQfEx2ZvEz8waY97A9p72Nfrm2MUimdIy20PXrgvAisB
C+FDhxvAd1f/t27SL0N8aWqDDDcn9jVSnrATBADxjMiXpFhTbHy9zAJr1N0Tmcz6
IG2PtYUEZ8kMmd/FSVlMhtut+6ybZqAHQgq+UFPBtrm51lXSTQmWoUHp7xy2F7O4
Id8bI9kc8uLLs7voNsm/F9VXXmsjU+PGabBnPceMy+yCFdJDF3Vtk3xfVCTE+DJW
DVjmlEB4Y9eWxXmUY5S8wVwcU6BpvuOKsMVbj68CAwEAAaOCArMwggKvMB0GA1Ud
DgQWBBSu3pXeYp8BGUiDUzXlvOoGoPl5mjAfBgNVHSMEGDAWgBQuGOIIoYJXGwl9
0iOnFp5A6+mJPTAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
NTIxZWIzM2YtOTY3Mi00Y2Q5LWFjY2UtMTM3MjI3ZTk3MWFjLzZhOTUzN2E4LWE2
ODUtNGI0OC05ZmE4LTgzNjJlNGZjNDdhZS9iNTg0NWMzMDdkMGJmNjFiMTM0Yjhh
YjcxMTU0NTgyNmIxNzA3ZmQ1ZjBhZjg0ZGEwOC5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS81MTdmM2VkNy01OGI1LTQ3OTYtYmUzNy0xNGQ2
MmU0OGYwNTYvNTI5ZTEzMmQtMGM4Yy00Y2EzLWJhZmMtMDkyNzkzMjQ4M2ZkLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzct
MTRkNjJlNDhmMDU2L0NfWWJFMHVLdHhGVVdDYXhjSF9WOEstRTJnZy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw
CAMGBCYA8PvgMA0GCSqGSIb3DQEBCwUAA4IBAQBwkvCS7M5KWZaUhI6ME5ghl76e
SgtRSd7sanx19YmxYFbk8dYzs+cBvC06D0+1AXO9lCobc2IwXIGK23lKMM3urvCd
uYrum4qGyAkGKkicb09avMuyk54fyBrOT1zNcEGI3qNDIMBzGB/k7mZXy/yWVdhM
7sgSnS7zMsiYIHi9Axku1NYpi23Ka3y18pqsxPFjUdB5kml4xR/3niru41fXfeAa
7dBCaIe2U2CtuqubJCc8VP2t34HqUQEEIF5p9UZoY3tbdt6wdHHm0jq3uWscd0Jv
WWfIzpyz3rXwkhggyVel3bs8iiBNJQRzy3vle+jcKzapNZv4SF47hTtnpbK+
-----END CERTIFICATE-----