Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/579d3087-6060-4a0d-b623-b91cce78806a.roa
File:                     579d3087-6060-4a0d-b623-b91cce78806a.roa (raw, json)
Hash identifier:          h48pv0q6OActcg4r7mVMOEf+mU/YrsvL8Fsxb95reIw=
Subject key identifier:   D1:15:D6:A2:23:3B:81:9D:DF:32:CA:E1:03:0B:D4:9A:9C:15:3F:DF
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       438953476C3969487911DDF3D3F205BBA3C11916
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/579d3087-6060-4a0d-b623-b91cce78806a.roa
Signing time:             Sat 28 Feb 2026 04:50:09 +0000
ROA not before:           Sat 28 Feb 2026 04:50:09 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f1:4000::/34 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:89:53:47:6c:39:69:48:79:11:dd:f3:d3:f2:05:bb:a3:c1:19:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Feb 28 04:50:09 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=2c3d895daec49a3b1bfb7aac64623635d4c699e175904540bb5794d68f9ed982, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b4:27:3f:58:d4:18:15:2d:c8:a3:63:9c:fe:
                    6f:a7:87:1b:6a:c6:0a:81:8f:f3:71:51:2f:82:a4:
                    fb:26:ed:13:b7:78:1e:74:2c:98:84:90:ee:fd:d6:
                    d7:f4:d6:f5:6a:21:f7:c5:19:65:34:7f:8c:72:77:
                    d7:73:6d:ae:13:87:cc:a3:19:44:1b:6c:f7:5b:69:
                    b2:aa:d3:f2:db:a2:35:dd:bb:66:ea:d9:ab:db:aa:
                    29:4b:cf:18:98:6e:ed:57:a4:10:33:b7:60:5a:4a:
                    66:ae:83:ed:5b:f2:2a:b4:cd:d8:7c:d0:3d:12:98:
                    0e:b7:51:78:24:02:ba:f4:06:c1:d0:43:73:9f:20:
                    4c:e3:38:c7:d6:b9:bb:80:7a:56:cc:6b:ce:53:3f:
                    07:36:ad:66:3b:7f:66:f8:96:73:ad:35:b6:23:ea:
                    75:13:27:45:26:ec:a1:e6:a4:28:8e:f4:fc:65:55:
                    a8:50:93:78:30:f3:be:87:00:4e:54:77:44:21:3e:
                    35:98:70:a9:46:a5:e4:0e:c7:e4:84:a7:48:ba:34:
                    ae:c9:7f:54:98:87:a2:1c:ca:f3:ad:bd:df:c7:fd:
                    28:3d:44:1d:a7:f0:98:2f:54:b0:33:4f:62:ab:6f:
                    31:a4:f4:fa:54:b2:ec:01:93:e0:d3:bb:45:ad:bf:
                    94:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:15:D6:A2:23:3B:81:9D:DF:32:CA:E1:03:0B:D4:9A:9C:15:3F:DF
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/579d3087-6060-4a0d-b623-b91cce78806a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f1:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         0f:16:f3:05:33:81:64:9b:fb:d9:98:c2:4d:35:46:80:93:4b:
         ae:ae:d6:23:96:a7:0c:a6:a4:b5:cf:b2:c2:e9:37:61:ee:49:
         0f:30:22:de:cf:19:42:ea:79:24:0b:41:51:25:fb:27:77:43:
         b8:92:78:12:d2:98:05:e4:02:85:97:03:19:7c:1b:5b:d9:e8:
         56:c5:38:95:49:10:40:ae:8e:da:dc:ae:a0:a3:2e:dc:99:9f:
         ca:af:ff:af:b1:4d:b7:05:89:bb:47:3a:86:db:cd:c3:32:23:
         fe:96:1c:98:10:24:c6:11:99:d3:24:b4:a1:4b:8c:24:3b:a3:
         68:49:7f:6b:39:8c:ba:c2:95:da:e3:50:84:cf:4d:c5:cb:c6:
         9c:7b:5a:3e:5c:4f:c8:4f:c1:d7:7a:95:67:6f:88:bd:a7:c8:
         d0:58:11:5a:5e:08:0c:eb:0a:68:3c:ae:76:99:c3:a8:fa:ff:
         f9:9f:f6:95:22:a5:77:1b:12:5c:18:64:10:28:01:47:11:df:
         8c:a8:a5:56:8a:7b:a5:03:4d:69:aa:c0:7e:5d:cd:d4:8d:2f:
         35:5c:a6:da:61:4b:b9:bf:8d:6b:12:ee:83:e1:bc:99:c9:70:
         0b:48:ac:f8:87:f8:18:7b:44:58:26:fc:14:d1:96:50:6f:f8:
         00:0a:1a:9c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQ4lTR2w5aUh5Ed3z0/IFu6PBGRYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwMjI4MDQ1MDA5WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzNkODk1ZGFlYzQ5YTNiMWJmYjdhYWM2NDYyMzYzNWQ0
YzY5OWUxNzU5MDQ1NDBiYjU3OTRkNjhmOWVkOTgyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2tCc/WNQYFS3Io2Oc/m+nhxtqxgqBj/NxUS+CpPsm7RO3
eB50LJiEkO791tf01vVqIffFGWU0f4xyd9dzba4Th8yjGUQbbPdbabKq0/LbojXd
u2bq2avbqilLzxiYbu1XpBAzt2BaSmaug+1b8iq0zdh80D0SmA63UXgkArr0BsHQ
Q3OfIEzjOMfWubuAelbMa85TPwc2rWY7f2b4lnOtNbYj6nUTJ0Um7KHmpCiO9Pxl
VahQk3gw876HAE5Ud0QhPjWYcKlGpeQOx+SEp0i6NK7Jf1SYh6IcyvOtvd/H/Sg9
RB2n8JgvVLAzT2KrbzGk9PpUsuwBk+DTu0Wtv5TBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU0RXWoiM7gZ3fMsrhAwvUmpwVP98wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzU3OWQzMDg3LTYwNjAtNGEwZC1iNjIzLWI5MWNjZTc4ODA2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgYmAPDxQDANBgkqhkiG9w0BAQsFAAOCAQEADxbzBTOBZJv72ZjCTTVGgJNL
rq7WI5anDKaktc+ywuk3Ye5JDzAi3s8ZQup5JAtBUSX7J3dDuJJ4EtKYBeQChZcD
GXwbW9noVsU4lUkQQK6O2tyuoKMu3Jmfyq//r7FNtwWJu0c6htvNwzIj/pYcmBAk
xhGZ0yS0oUuMJDujaEl/azmMusKV2uNQhM9NxcvGnHtaPlxPyE/B13qVZ2+IvafI
0FgRWl4IDOsKaDyudpnDqPr/+Z/2lSKldxsSXBhkECgBRxHfjKilVop7pQNNaarA
fl3N1I0vNVym2mFLub+NaxLug+G8mclwC0is+If4GHtEWCb8FNGWUG/4AAoanA==
-----END CERTIFICATE-----