Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7980d2a9-9ad0-487c-82a5-834ec5af0a39.roa
File:                     7980d2a9-9ad0-487c-82a5-834ec5af0a39.roa (raw, json)
Hash identifier:          yJ3qNgzAvviAxQm5Pn+evihxymBJaDhQ7t7F4fcJMXQ=
Subject key identifier:   B2:0C:FD:82:13:E4:1F:DC:6C:AF:A2:6B:99:0D:EA:CB:1E:62:5C:95
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4EABACF1A425FC2A9B74AA327E255840CEF01B26
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7980d2a9-9ad0-487c-82a5-834ec5af0a39.roa
Signing time:             Fri 31 Oct 2025 01:50:13 +0000
ROA not before:           Fri 31 Oct 2025 01:50:13 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:a::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ab:ac:f1:a4:25:fc:2a:9b:74:aa:32:7e:25:58:40:ce:f0:1b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 31 01:50:13 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=a3e3e485451184acd32077540e4769ca00813756e24a9cb63e98ce3488ae9f4b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2c:d3:77:b7:6d:35:bc:56:2c:d4:20:54:2c:
                    e6:39:3c:ce:4a:97:f7:90:1c:6d:47:39:e5:4c:59:
                    03:18:95:6c:51:16:9f:cd:8f:85:d1:fb:56:60:a0:
                    9a:b8:75:99:72:59:b7:fa:da:ac:2c:2a:d3:1f:4c:
                    c6:0b:cb:ba:ff:e8:0f:0e:99:88:7a:2a:36:18:a8:
                    e1:0d:31:c7:63:58:58:28:7d:53:08:b1:9e:85:5e:
                    f4:5c:46:88:66:ed:c7:96:11:ea:7d:8c:e7:b9:d4:
                    92:1a:a9:0e:a2:5a:62:d3:67:dc:b7:17:34:60:b0:
                    8c:e5:d0:d3:8d:13:dd:b5:82:e2:67:34:aa:17:4c:
                    fb:71:9d:e8:21:8c:ef:f4:a4:8f:3f:5a:ad:50:3a:
                    e2:6a:ed:04:89:b0:88:7f:e7:0f:cd:23:f5:fc:ca:
                    ba:8f:bf:4b:73:f6:a2:0d:34:69:9a:a4:84:48:21:
                    6f:0d:a0:89:24:36:ad:ed:66:a1:b8:4d:88:22:75:
                    69:96:34:b2:7c:4a:53:d3:49:88:ee:83:bf:2b:2a:
                    91:97:3a:8b:b4:3b:7e:0f:b3:64:95:c7:f2:4a:03:
                    5d:74:45:19:d9:31:d5:68:90:2c:0a:8f:cd:82:ab:
                    84:e4:a0:4a:65:25:31:4a:d2:e7:23:a2:ff:76:78:
                    25:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0C:FD:82:13:E4:1F:DC:6C:AF:A2:6B:99:0D:EA:CB:1E:62:5C:95
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7980d2a9-9ad0-487c-82a5-834ec5af0a39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:a::/47

    Signature Algorithm: sha256WithRSAEncryption
         90:55:b1:c0:8d:87:da:0d:aa:4e:07:e2:3b:2b:0f:14:3e:4a:
         15:c0:25:b0:a1:1c:e8:35:89:41:61:6c:35:84:ce:3f:28:77:
         28:70:01:ed:e8:bd:53:a3:59:b1:a8:5d:7e:91:82:50:95:6d:
         3f:55:fd:ac:01:b5:fd:75:dc:cf:48:c3:83:e4:2a:ad:28:be:
         f4:1f:f5:17:2b:dd:bd:16:38:e8:00:09:22:4d:cc:55:b9:7e:
         c0:07:70:ec:35:fe:3d:28:ab:96:79:87:4e:6b:eb:a8:cf:92:
         1e:b5:31:31:20:13:74:6b:3f:4d:4c:45:a9:e0:51:de:03:6a:
         9f:a0:9a:1f:93:28:51:0d:2f:ca:d3:3d:f4:7c:db:6c:45:37:
         06:2b:f6:8e:66:fa:27:67:47:29:e2:2b:11:6a:39:14:9e:94:
         9a:e4:8c:9d:ad:ba:98:7a:f3:1f:ed:cb:87:81:96:b9:6e:f1:
         34:a5:b0:ee:25:e0:3f:12:0f:2a:46:8e:76:6c:0b:2f:4c:d6:
         e4:ac:6e:1a:25:ea:fc:3a:9d:4a:44:ac:1b:47:01:29:44:0f:
         0a:c5:5d:93:c7:46:40:60:ce:fa:c1:fc:df:c6:01:6e:bc:8b:
         6d:05:d9:f5:46:a1:9a:16:d6:00:e5:8a:c3:ab:4a:e8:b0:16:
         38:2b:9a:13
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTqus8aQl/CqbdKoyfiVYQM7wGyYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDMxMDE1MDEzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2UzZTQ4NTQ1MTE4NGFjZDMyMDc3NTQwZTQ3NjljYTAw
ODEzNzU2ZTI0YTljYjYzZTk4Y2UzNDg4YWU5ZjRiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4LNN3t201vFYs1CBULOY5PM5Kl/eQHG1HOeVMWQMYlWxR
Fp/Nj4XR+1ZgoJq4dZlyWbf62qwsKtMfTMYLy7r/6A8OmYh6KjYYqOENMcdjWFgo
fVMIsZ6FXvRcRohm7ceWEep9jOe51JIaqQ6iWmLTZ9y3FzRgsIzl0NONE921guJn
NKoXTPtxneghjO/0pI8/Wq1QOuJq7QSJsIh/5w/NI/X8yrqPv0tz9qINNGmapIRI
IW8NoIkkNq3tZqG4TYgidWmWNLJ8SlPTSYjug78rKpGXOou0O34Ps2SVx/JKA110
RRnZMdVokCwKj82Cq4TkoEplJTFK0ucjov92eCWzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUsgz9ghPkH9xsr6JrmQ3qyx5iXJUwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2Lzc5ODBkMmE5LTlhZDAtNDg3Yy04MmE1LTgzNGVjNWFmMGEzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAPDwAAowDQYJKoZIhvcNAQELBQADggEBAJBVscCNh9oNqk4H4jsrDxQ+
ShXAJbChHOg1iUFhbDWEzj8odyhwAe3ovVOjWbGoXX6RglCVbT9V/awBtf113M9I
w4PkKq0ovvQf9Rcr3b0WOOgACSJNzFW5fsAHcOw1/j0oq5Z5h05r66jPkh61MTEg
E3RrP01MRangUd4Dap+gmh+TKFENL8rTPfR822xFNwYr9o5m+idnRyniKxFqORSe
lJrkjJ2tuph68x/ty4eBlrlu8TSlsO4l4D8SDypGjnZsCy9M1uSsbhol6vw6nUpE
rBtHASlEDwrFXZPHRkBgzvrB/N/GAW68i20F2fVGoZoW1gDlisOrSuiwFjgrmhM=
-----END CERTIFICATE-----