Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/710c8ea0-f6b4-4fbe-9653-22174e063099.roa
File:                     710c8ea0-f6b4-4fbe-9653-22174e063099.roa (raw, json)
Hash identifier:          Vs3MaiMPrD2gietWxUWLir71a8WE0ZUuuHjbEV3dxag=
Subject key identifier:   AB:47:06:48:94:7E:88:46:C6:7E:F4:BB:81:22:3A:BA:2A:C8:44:36
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       262557B80A1789ECAF8B5F2244C0D3B0F1A4494D
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/710c8ea0-f6b4-4fbe-9653-22174e063099.roa
Signing time:             Wed 16 Jul 2025 00:20:37 +0000
ROA not before:           Wed 16 Jul 2025 00:20:37 +0000
ROA not after:            Wed 20 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:25:57:b8:0a:17:89:ec:af:8b:5f:22:44:c0:d3:b0:f1:a4:49:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jul 16 00:20:37 2025 GMT
            Not After : Aug 20 23:59:59 2025 GMT
        Subject: serialNumber=9c6a4f4d718a9e275206761d24c95bd6b804ba1bbe3a921e47ab896db410bb4b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7c:f1:00:ca:95:ef:1a:22:89:dd:4e:db:f4:
                    96:d0:b5:24:04:ce:a8:19:77:08:a7:26:ec:f2:72:
                    a3:5a:78:1a:34:d2:d3:1d:03:6f:de:00:ca:89:03:
                    4f:a4:d8:94:20:bd:72:c1:0c:63:20:28:48:e0:9b:
                    a9:4f:f0:ad:13:29:e4:d3:0a:ff:e4:29:73:90:c2:
                    5b:da:52:6a:44:3e:01:a5:96:25:85:80:db:af:6a:
                    d2:71:79:75:15:5b:4d:c0:46:4a:49:83:d7:c7:d0:
                    0e:a7:fc:99:f7:15:da:60:b9:ee:47:eb:79:d3:64:
                    66:16:d4:ea:c9:4b:ef:03:f1:3f:d0:53:27:53:de:
                    4d:dc:45:8a:a7:7d:fb:e5:80:2a:ec:76:97:e2:d4:
                    35:c2:53:16:c8:b6:3e:54:21:80:4d:89:ab:e7:49:
                    42:a3:7a:fa:57:9c:87:e6:89:cf:25:28:fc:5a:58:
                    bb:84:b5:e5:4c:0e:e8:27:4c:e3:7c:af:08:67:03:
                    e7:17:b9:92:20:cb:8e:2f:da:a5:3e:5f:67:67:6b:
                    c3:33:31:d3:91:a1:d1:46:76:32:c5:63:67:45:da:
                    05:dc:1f:dc:5a:f7:d8:db:eb:d6:3b:98:3d:a2:a2:
                    03:01:72:ed:84:13:6f:a0:f6:71:ed:db:b8:c2:84:
                    b1:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:47:06:48:94:7E:88:46:C6:7E:F4:BB:81:22:3A:BA:2A:C8:44:36
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/710c8ea0-f6b4-4fbe-9653-22174e063099.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:90::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:a8:54:87:22:cd:3d:60:69:1e:1b:9e:11:eb:67:9c:88:a0:
         a1:62:c2:f0:64:24:c8:9e:a6:d6:0e:1e:f9:aa:97:23:77:3b:
         d1:37:4d:f6:dc:f1:b8:10:2a:3d:b5:1a:68:b5:b9:26:b9:42:
         89:66:e7:86:a3:c8:73:0f:bf:b4:12:b7:81:eb:71:5e:2e:03:
         7b:dc:49:ca:c3:a6:1b:7c:2c:57:55:3e:99:69:82:d7:e0:e1:
         8e:59:ba:40:2a:25:68:06:61:5a:74:d5:16:05:72:66:80:15:
         3f:01:9d:fd:bc:a4:39:5b:72:69:d8:36:3d:28:59:4c:b2:74:
         c4:6d:38:2f:bb:d5:85:7c:79:3b:51:af:7f:7e:14:fc:07:35:
         02:a9:b6:b5:01:0b:fa:2b:8f:79:bb:a6:07:20:eb:f4:f6:35:
         e5:85:44:d4:d2:23:6b:86:14:60:66:bc:3f:f4:4d:af:1e:e1:
         72:07:4a:d6:bd:cc:12:6d:7c:a4:ca:b6:f9:5a:35:28:b0:01:
         2b:cc:d9:1a:35:f5:fc:28:4d:d4:ed:bd:ec:0f:96:3c:60:ff:
         22:89:1e:bf:f4:02:63:6e:02:ba:10:83:13:d8:f3:b8:1d:2e:
         4d:2b:42:9d:d2:fb:81:a1:3a:48:69:8d:03:6e:1e:f9:f4:a8:
         3a:c6:ae:a7
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJiVXuAoXieyvi18iRMDTsPGkSU0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNzE2MDAyMDM3WhcNMjUwODIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YzZhNGY0ZDcxOGE5ZTI3NTIwNjc2MWQyNGM5NWJkNmI4
MDRiYTFiYmUzYTkyMWU0N2FiODk2ZGI0MTBiYjRiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnfPEAypXvGiKJ3U7b9JbQtSQEzqgZdwinJuzycqNaeBo0
0tMdA2/eAMqJA0+k2JQgvXLBDGMgKEjgm6lP8K0TKeTTCv/kKXOQwlvaUmpEPgGl
liWFgNuvatJxeXUVW03ARkpJg9fH0A6n/Jn3Fdpgue5H63nTZGYW1OrJS+8D8T/Q
UydT3k3cRYqnffvlgCrsdpfi1DXCUxbItj5UIYBNiavnSUKjevpXnIfmic8lKPxa
WLuEteVMDugnTON8rwhnA+cXuZIgy44v2qU+X2dna8MzMdORodFGdjLFY2dF2gXc
H9xa99jb69Y7mD2iogMBcu2EE2+g9nHt27jChLF1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUq0cGSJR+iEbGfvS7gSI6uirIRDYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzcxMGM4ZWEwLWY2YjQtNGZiZS05NjUzLTIyMTc0ZTA2MzA5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDwAJAwDQYJKoZIhvcNAQELBQADggEBABWoVIcizT1gaR4bnhHrZ5yI
oKFiwvBkJMieptYOHvmqlyN3O9E3Tfbc8bgQKj21Gmi1uSa5Qolm54ajyHMPv7QS
t4HrcV4uA3vcScrDpht8LFdVPplpgtfg4Y5ZukAqJWgGYVp01RYFcmaAFT8Bnf28
pDlbcmnYNj0oWUyydMRtOC+71YV8eTtRr39+FPwHNQKptrUBC/orj3m7pgcg6/T2
NeWFRNTSI2uGFGBmvD/0Ta8e4XIHSta9zBJtfKTKtvlaNSiwASvM2Ro19fwoTdTt
vewPljxg/yKJHr/0AmNuAroQgxPY87gdLk0rQp3S+4GhOkhpjQNuHvn0qDrGrqc=
-----END CERTIFICATE-----