Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8d914165-a3e7-48af-b624-8691c64e5360.roa
File:                     8d914165-a3e7-48af-b624-8691c64e5360.roa (raw, json)
Hash identifier:          CK1sDNZdGwZnHxrz1T6Fc65nwOcVJ+mr0ty4jpa4cvc=
Subject key identifier:   1E:81:7B:E9:9D:40:6B:34:CE:84:7F:CA:53:A5:8A:16:43:68:BA:7A
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       7A6B82E6252669F9D29CCF45A99A91FDB7BADCC6
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8d914165-a3e7-48af-b624-8691c64e5360.roa
Signing time:             Tue 05 Aug 2025 18:40:21 +0000
ROA not before:           Tue 05 Aug 2025 18:40:21 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f000::/28 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:6b:82:e6:25:26:69:f9:d2:9c:cf:45:a9:9a:91:fd:b7:ba:dc:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Aug  5 18:40:21 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=06fad0792520b4f2e67cc6cb9d664bf06a471928245d49337237ce88e5197669, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8f:5b:44:92:d3:da:5e:d6:60:61:58:26:0f:
                    12:88:55:5c:47:da:f9:dc:48:9e:d3:09:14:b8:b2:
                    71:f3:e9:1e:0f:05:b3:eb:de:c0:6a:70:82:c6:2b:
                    d7:53:a3:ba:59:23:9d:a8:c3:84:f4:f9:a4:dd:f1:
                    5d:56:f6:52:a1:10:97:43:74:65:c1:44:0b:ac:85:
                    f1:4b:ab:e4:c2:d7:10:2a:c5:7b:f2:03:d3:ef:d4:
                    e4:9b:20:3b:34:ca:32:2a:64:bc:ed:49:2d:3a:ea:
                    c2:39:90:c0:8c:31:6b:94:e6:70:eb:73:26:b9:ad:
                    15:f9:0a:44:7d:90:28:b3:2d:a5:94:89:a8:15:15:
                    39:5d:f2:e4:53:7a:57:e0:a9:87:8f:9f:a5:d9:20:
                    ee:b9:6e:fa:64:ed:26:6a:36:11:0a:31:6d:db:b3:
                    4a:15:04:47:d0:b2:34:d2:e8:2c:74:af:7a:bf:b4:
                    a8:e2:4d:94:98:57:df:bd:69:9c:aa:e8:4d:08:62:
                    1f:68:64:98:11:05:69:ba:73:ba:cf:7d:09:c8:04:
                    71:4a:47:08:c4:94:c1:6c:82:50:69:d2:8e:83:89:
                    cc:87:7c:74:8d:f6:84:47:f7:9d:8f:d5:5c:96:8d:
                    a7:f6:ea:88:f1:53:d0:c5:18:7e:2b:53:e2:6b:88:
                    85:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:81:7B:E9:9D:40:6B:34:CE:84:7F:CA:53:A5:8A:16:43:68:BA:7A
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8d914165-a3e7-48af-b624-8691c64e5360.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f000::/28

    Signature Algorithm: sha256WithRSAEncryption
         1b:a2:ab:b4:e3:2e:2f:f8:be:c6:42:1a:39:d7:1d:2b:d4:83:
         42:31:95:b8:4b:cf:24:f7:b2:f2:f4:1a:51:1c:c8:c4:32:b0:
         a7:a7:af:83:5a:c9:49:73:a3:ad:30:41:8f:b6:cb:94:b8:96:
         47:99:cf:56:19:2e:68:17:a2:d3:eb:7b:99:0f:8e:60:de:5b:
         7e:bf:27:d5:ad:0c:83:6f:5a:48:d7:01:6e:e0:a6:2c:dd:96:
         be:b2:21:83:1a:7f:71:29:bb:cd:84:89:8d:39:24:b6:62:8e:
         2a:d2:a6:57:a9:cb:b2:4e:97:3b:16:d9:82:dc:dc:5c:5b:4e:
         54:b8:49:de:9b:de:21:5a:0c:cb:d1:cb:16:69:d8:6b:c9:92:
         b7:79:8a:08:a4:ce:08:16:37:d6:96:c0:4b:d2:c7:32:0d:5d:
         e3:57:e7:b5:fa:bd:bd:40:c6:38:23:ce:0d:8b:d2:09:24:83:
         e0:25:86:da:56:7f:f1:6a:6a:2f:7a:bf:e4:12:14:40:14:db:
         fd:85:1c:f0:ea:ba:86:65:f6:4f:9e:67:ce:2f:4d:98:3e:df:
         11:4e:4c:68:2d:24:0f:f0:61:1d:0a:79:c6:86:aa:6c:73:c3:
         29:e4:14:47:5c:d6:ea:a0:65:56:85:1e:da:a9:db:13:ba:66:
         89:bc:c6:db
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUemuC5iUmafnSnM9FqZqR/be63MYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwODA1MTg0MDIxWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNmZhZDA3OTI1MjBiNGYyZTY3Y2M2Y2I5ZDY2NGJmMDZh
NDcxOTI4MjQ1ZDQ5MzM3MjM3Y2U4OGU1MTk3NjY5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmj1tEktPaXtZgYVgmDxKIVVxH2vncSJ7TCRS4snHz6R4P
BbPr3sBqcILGK9dTo7pZI52ow4T0+aTd8V1W9lKhEJdDdGXBRAushfFLq+TC1xAq
xXvyA9Pv1OSbIDs0yjIqZLztSS066sI5kMCMMWuU5nDrcya5rRX5CkR9kCizLaWU
iagVFTld8uRTelfgqYePn6XZIO65bvpk7SZqNhEKMW3bs0oVBEfQsjTS6Cx0r3q/
tKjiTZSYV9+9aZyq6E0IYh9oZJgRBWm6c7rPfQnIBHFKRwjElMFsglBp0o6DicyH
fHSN9oRH952P1VyWjaf26ojxU9DFGH4rU+JriIVfAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUHoF76Z1AazTOhH/KU6WKFkNounowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzhkOTE0MTY1LWEzZTctNDhhZi1iNjI0LTg2OTFjNjRlNTM2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQQmAPAAMA0GCSqGSIb3DQEBCwUAA4IBAQAboqu04y4v+L7GQho51x0r1INC
MZW4S88k97Ly9BpRHMjEMrCnp6+DWslJc6OtMEGPtsuUuJZHmc9WGS5oF6LT63uZ
D45g3lt+vyfVrQyDb1pI1wFu4KYs3Za+siGDGn9xKbvNhImNOSS2Yo4q0qZXqcuy
Tpc7FtmC3NxcW05UuEnem94hWgzL0csWadhryZK3eYoIpM4IFjfWlsBL0scyDV3j
V+e1+r29QMY4I84Ni9IJJIPgJYbaVn/xamover/kEhRAFNv9hRzw6rqGZfZPnmfO
L02YPt8RTkxoLSQP8GEdCnnGhqpsc8Mp5BRHXNbqoGVWhR7aqdsTumaJvMbb
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:42:31 2025 by rpki-client