Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8a8b863b-298e-48a9-bced-202e80d98f01.roa
File:                     8a8b863b-298e-48a9-bced-202e80d98f01.roa (raw, json)
Hash identifier:          OmcTJRG2qFILL1USr9ztnhYX/rap7D3XArxUejtWwAc=
Subject key identifier:   70:03:92:06:BF:58:0A:4C:39:40:1B:E9:0F:21:17:B9:EA:50:74:E4
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3F414E30BA66744D04668129A8A8C00B43C474D4
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8a8b863b-298e-48a9-bced-202e80d98f01.roa
Signing time:             Tue 05 Aug 2025 18:30:58 +0000
ROA not before:           Tue 05 Aug 2025 18:30:58 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ee00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:41:4e:30:ba:66:74:4d:04:66:81:29:a8:a8:c0:0b:43:c4:74:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug  5 18:30:58 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=fa0d36aa3466a223572b512c08a673c491b69a9d3f65890f5f94947035458d3a, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bd:4a:03:e6:14:a3:3b:a4:c9:18:8b:6d:58:
                    91:1a:55:4e:09:a0:e8:4d:b7:b0:59:60:bf:90:22:
                    12:0c:60:08:5d:14:80:81:00:97:29:94:bc:b0:27:
                    52:a8:3c:00:dd:42:0f:54:33:7e:58:bc:36:87:b2:
                    12:9c:65:00:ca:34:bd:10:5e:31:97:68:df:80:90:
                    18:55:b8:0e:12:f9:69:41:d7:97:64:a3:ec:27:2b:
                    21:38:15:26:4c:dd:3b:de:2f:6c:4c:70:c6:ea:33:
                    32:13:77:30:61:21:81:d2:5c:6a:0f:ee:48:6d:42:
                    d8:8c:99:f2:d0:4b:fa:84:44:5e:b2:8e:b4:7b:65:
                    96:14:61:22:d5:b9:24:9c:43:e6:cf:3c:b2:a7:29:
                    fb:3d:c7:b7:ba:27:d4:d7:cc:ab:30:17:92:27:b3:
                    a3:6e:9a:29:bc:e1:a2:1f:96:b2:f5:a6:49:0e:c1:
                    66:4d:e1:cb:be:7b:cb:d1:9c:aa:31:83:31:79:06:
                    26:08:5e:85:52:a9:da:d8:14:6a:46:86:15:ab:ed:
                    49:23:3e:4e:84:2d:a5:6c:96:d1:47:75:de:41:a4:
                    9c:35:19:11:2e:58:91:f6:4d:ee:fd:1a:0c:b5:db:
                    54:89:16:11:ff:69:7f:6e:29:05:3a:81:96:16:2e:
                    c6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:03:92:06:BF:58:0A:4C:39:40:1B:E9:0F:21:17:B9:EA:50:74:E4
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8a8b863b-298e-48a9-bced-202e80d98f01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ee00::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:98:92:73:c5:6a:67:72:3b:f5:dc:8b:c4:ee:1a:2a:fe:30:
         d2:ea:38:af:3d:65:d3:35:29:a3:06:f3:5e:96:90:6b:12:3d:
         c1:87:0f:cb:1f:d1:36:9a:da:00:91:d0:70:16:1c:a6:88:c1:
         1c:cd:6f:3b:47:82:63:1a:e1:3d:13:09:00:9d:a3:c8:e7:ed:
         70:fa:1c:cb:af:df:c5:61:e7:9c:65:fe:c2:61:5a:f7:f2:c3:
         2d:6e:33:b6:c1:e1:fd:9f:a4:ff:f6:0f:a3:18:55:df:ee:41:
         b8:d3:6d:7e:06:29:94:8b:3a:dc:82:73:30:ed:8a:31:b3:fb:
         42:35:2c:50:52:3a:10:a2:38:93:dc:5d:63:ec:f1:cd:76:ff:
         c8:70:81:48:f9:cd:12:11:79:88:69:01:60:2b:89:e5:b5:64:
         08:bf:04:1e:4d:21:f5:23:56:6e:f9:17:f2:0f:fb:3a:18:fb:
         06:f5:96:9c:cd:11:99:8f:65:3f:1b:7d:a2:e0:da:57:f8:55:
         5f:3e:d5:90:5b:9e:69:71:44:01:23:c7:55:85:db:e2:83:d7:
         9d:18:02:6c:6d:07:b8:98:62:52:42:fd:ee:5a:2b:3a:a2:27:
         3e:11:8b:01:4a:09:6f:45:7f:79:4c:2e:3e:3b:5e:f6:04:2f:
         11:b0:1c:af
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUP0FOMLpmdE0EZoEpqKjAC0PEdNQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODA1MTgzMDU4WhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTBkMzZhYTM0NjZhMjIzNTcyYjUxMmMwOGE2NzNjNDkx
YjY5YTlkM2Y2NTg5MGY1Zjk0OTQ3MDM1NDU4ZDNhMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1vUoD5hSjO6TJGIttWJEaVU4JoOhNt7BZYL+QIhIMYAhd
FICBAJcplLywJ1KoPADdQg9UM35YvDaHshKcZQDKNL0QXjGXaN+AkBhVuA4S+WlB
15dko+wnKyE4FSZM3TveL2xMcMbqMzITdzBhIYHSXGoP7khtQtiMmfLQS/qERF6y
jrR7ZZYUYSLVuSScQ+bPPLKnKfs9x7e6J9TXzKswF5Ins6Numim84aIflrL1pkkO
wWZN4cu+e8vRnKoxgzF5BiYIXoVSqdrYFGpGhhWr7UkjPk6ELaVsltFHdd5BpJw1
GREuWJH2Te79Ggy121SJFhH/aX9uKQU6gZYWLsb3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUcAOSBr9YCkw5QBvpDyEXuepQdOQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzhhOGI4NjNiLTI5OGUtNDhhOS1iY2VkLTIwMmU4MGQ5OGYwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD77jANBgkqhkiG9w0BAQsFAAOCAQEAHpiSc8VqZ3I79dyLxO4aKv4w
0uo4rz1l0zUpowbzXpaQaxI9wYcPyx/RNpraAJHQcBYcpojBHM1vO0eCYxrhPRMJ
AJ2jyOftcPocy6/fxWHnnGX+wmFa9/LDLW4ztsHh/Z+k//YPoxhV3+5BuNNtfgYp
lIs63IJzMO2KMbP7QjUsUFI6EKI4k9xdY+zxzXb/yHCBSPnNEhF5iGkBYCuJ5bVk
CL8EHk0h9SNWbvkX8g/7Ohj7BvWWnM0RmY9lPxt9ouDaV/hVXz7VkFueaXFEASPH
VYXb4oPXnRgCbG0HuJhiUkL97lorOqInPhGLAUoJb0V/eUwuPjte9gQvEbAcrw==
-----END CERTIFICATE-----