Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8f13536f-25a3-4ff1-9141-9b85d7e40b8b.roa
File:                     8f13536f-25a3-4ff1-9141-9b85d7e40b8b.roa (raw, json)
Hash identifier:          rAmnjrQxSInIEYCebR+QZmEtbyW/kpmU6IEdtyabPRs=
Subject key identifier:   A0:2D:8E:CB:69:A4:EC:6A:B1:67:7C:A7:89:96:BB:8E:DC:36:8F:35
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       6D55995553818FBFC71498244CAF687BEEFD0307
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8f13536f-25a3-4ff1-9141-9b85d7e40b8b.roa
Signing time:             Tue 21 Oct 2025 13:10:04 +0000
ROA not before:           Tue 21 Oct 2025 13:10:04 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:55:99:55:53:81:8f:bf:c7:14:98:24:4c:af:68:7b:ee:fd:03:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 21 13:10:04 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=e470f79e0156385b213f39802fc469f22311c7fa3a94866e6cc7dcd15c3d30de, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8c:0e:5d:a3:96:4a:69:92:13:56:1f:31:b2:
                    c9:e5:a9:c4:4e:20:1a:fa:f8:1f:a2:86:1a:f2:e1:
                    56:b6:3b:8a:11:5e:71:7f:54:bb:09:72:0a:86:77:
                    0a:7a:e8:88:93:28:69:29:0c:c6:c3:63:6e:a1:28:
                    67:6b:4b:af:40:a4:66:2f:c2:71:d7:74:43:94:aa:
                    5e:a7:d8:10:ab:8c:04:bc:87:7e:83:3a:6e:8d:39:
                    61:7c:9d:e5:a5:bd:6a:8b:da:a8:9f:1a:07:e4:8d:
                    a8:7f:eb:81:ed:2d:7f:44:be:c7:bc:df:77:23:c2:
                    52:07:4f:80:f3:d1:59:13:b4:46:ff:2a:fc:b2:3b:
                    e7:d6:04:f5:f9:8e:93:fa:3b:07:39:cd:d2:b9:b2:
                    29:6a:24:a5:fc:33:56:e3:b3:a8:1a:f8:be:02:1d:
                    66:ac:6d:da:37:be:f0:c4:3b:dd:e8:7e:43:77:f6:
                    58:88:8d:84:e2:d1:9c:fa:ff:bd:67:3e:88:c9:ef:
                    0a:1b:6c:6d:14:18:20:75:94:01:94:57:ae:c0:aa:
                    f0:28:28:32:1c:f2:2b:b4:37:bc:3a:15:b1:da:8d:
                    b9:49:75:55:27:7f:e5:d2:d6:3a:ad:f5:8e:ae:34:
                    4b:04:6b:cd:b9:2e:2f:75:e9:37:18:78:85:ac:ea:
                    39:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2D:8E:CB:69:A4:EC:6A:B1:67:7C:A7:89:96:BB:8E:DC:36:8F:35
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8f13536f-25a3-4ff1-9141-9b85d7e40b8b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:bf:dc:72:b1:29:d9:86:94:bb:3a:5d:98:b5:3b:54:f4:4e:
         cd:56:02:16:a2:4b:aa:bb:54:fd:ac:7c:33:53:41:cf:48:5c:
         ab:8b:3d:83:e4:9f:70:bb:b2:eb:ba:96:46:c3:52:dc:47:87:
         4c:85:b7:99:5e:17:d2:d8:dc:89:f2:36:10:82:80:f3:22:6f:
         a5:eb:41:68:7b:df:34:c9:11:27:3c:4f:f8:e2:2b:c3:ee:b5:
         2e:97:0a:61:e2:d0:ad:b3:a1:6c:bc:89:f1:42:0a:28:c3:a4:
         42:9a:81:c7:54:65:2f:db:5d:15:9f:a8:70:58:d5:cf:10:0f:
         6f:f3:d7:bc:6c:27:ea:92:cf:f2:e0:44:7d:ed:f4:56:1d:9c:
         e4:77:1c:1d:2e:f0:b7:d8:ad:e8:bc:b3:ea:32:b2:0b:a4:d3:
         f8:6f:83:cf:b8:d0:87:22:ec:a3:a0:fd:8d:2c:48:c8:f7:8e:
         59:cf:2c:bb:99:07:10:75:b8:65:76:09:d8:d5:f8:37:c5:ec:
         c5:92:96:fe:d3:9a:bb:00:d5:c4:45:39:54:29:7c:7e:51:71:
         f5:ca:4c:c1:6b:fa:66:87:03:c4:43:a2:8a:35:ec:a0:bf:05:
         ba:e3:6d:79:3b:83:c8:a2:17:1c:fc:61:8a:a6:de:32:38:73:
         a8:97:fb:da
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUbVWZVVOBj7/HFJgkTK9oe+79AwcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDIxMTMxMDA0WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDcwZjc5ZTAxNTYzODViMjEzZjM5ODAyZmM0NjlmMjIz
MTFjN2ZhM2E5NDg2NmU2Y2M3ZGNkMTVjM2QzMGRlMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCujA5do5ZKaZITVh8xssnlqcROIBr6+B+ihhry4Va2O4oR
XnF/VLsJcgqGdwp66IiTKGkpDMbDY26hKGdrS69ApGYvwnHXdEOUql6n2BCrjAS8
h36DOm6NOWF8neWlvWqL2qifGgfkjah/64HtLX9Evse833cjwlIHT4Dz0VkTtEb/
KvyyO+fWBPX5jpP6Owc5zdK5silqJKX8M1bjs6ga+L4CHWasbdo3vvDEO93ofkN3
9liIjYTi0Zz6/71nPojJ7wobbG0UGCB1lAGUV67AqvAoKDIc8iu0N7w6FbHajblJ
dVUnf+XS1jqt9Y6uNEsEa825Li916TcYeIWs6jmjAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUoC2Oy2mk7GqxZ3yniZa7jtw2jzUwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzhmMTM1MzZmLTI1YTMtNGZmMS05MTQxLTliODVkN2U0MGI4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAKAwDQYJKoZIhvcNAQELBQADggEBAFS/3HKxKdmGlLs6XZi1O1T0
Ts1WAhaiS6q7VP2sfDNTQc9IXKuLPYPkn3C7suu6lkbDUtxHh0yFt5leF9LY3Iny
NhCCgPMib6XrQWh73zTJESc8T/jiK8PutS6XCmHi0K2zoWy8ifFCCijDpEKagcdU
ZS/bXRWfqHBY1c8QD2/z17xsJ+qSz/LgRH3t9FYdnOR3HB0u8LfYrei8s+oysguk
0/hvg8+40Ici7KOg/Y0sSMj3jlnPLLuZBxB1uGV2CdjV+DfF7MWSlv7TmrsA1cRF
OVQpfH5RcfXKTMFr+maHA8RDooo17KC/BbrjbXk7g8iiFxz8YYqm3jI4c6iX+9o=
-----END CERTIFICATE-----