Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a1a5323d-810c-4209-a36d-e85d1d062c2e.roa
File:                     a1a5323d-810c-4209-a36d-e85d1d062c2e.roa (raw, json)
Hash identifier:          f/Jrutg5Ea1r7X52JCJj2vxSx45kO3r9pr5o6iedLg4=
Subject key identifier:   82:B1:E7:20:76:5C:DB:81:94:71:D7:DA:68:22:B7:F2:F1:72:C8:D4
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       795900CA44AE1C41660B088CE9922287B5F15557
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a1a5323d-810c-4209-a36d-e85d1d062c2e.roa
Signing time:             Sun 01 Mar 2026 01:00:12 +0000
ROA not before:           Sun 01 Mar 2026 01:00:12 +0000
ROA not after:            Sat 30 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:f10a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:59:00:ca:44:ae:1c:41:66:0b:08:8c:e9:92:22:87:b5:f1:55:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar  1 01:00:12 2026 GMT
            Not After : May 30 23:59:59 2026 GMT
        Subject: serialNumber=0216fdc47fbc9a3c0f3460fb4fe84c19e831468d83140af2d32f81dc22f6feb4, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:18:90:9b:16:36:57:6d:d3:d3:25:63:dd:cd:
                    b5:b9:0a:ff:61:e8:2e:df:a9:dd:e3:d9:3b:46:86:
                    a9:a3:31:b5:24:15:6c:7d:4e:73:da:d2:04:86:62:
                    a8:d5:7e:ab:7e:fb:82:02:d4:40:d1:51:c8:72:e0:
                    f5:59:98:3b:dd:74:3b:50:ef:9c:00:fb:5a:8a:88:
                    32:3a:40:62:21:84:a0:1c:76:86:d5:70:48:3b:ec:
                    59:1e:3c:fa:3d:1b:c9:e3:3e:f9:08:23:ec:fb:62:
                    9f:97:71:03:7a:19:f2:78:be:61:12:28:84:de:b1:
                    4e:f9:09:e8:d7:76:95:96:bf:1a:73:ae:e2:10:80:
                    da:fb:7c:e5:63:a7:e5:a7:0f:fa:fe:a8:8d:1c:16:
                    97:86:0b:c9:08:50:60:0e:4b:3c:77:a8:a3:41:92:
                    63:96:74:9e:d9:e1:90:e7:65:10:22:43:8d:91:34:
                    c8:28:56:e0:73:34:b2:28:12:5a:91:53:c8:1f:de:
                    fa:f8:d2:b3:15:2a:c4:5b:5d:96:4f:b6:99:14:29:
                    45:bf:8a:11:82:bc:4c:ba:4b:4a:8e:7a:b0:b9:2a:
                    c1:57:5d:49:b9:c7:ea:aa:88:c2:c2:7b:73:89:5e:
                    c1:64:b7:6b:3f:5d:49:8a:0f:3e:c6:58:f1:56:c5:
                    fb:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:B1:E7:20:76:5C:DB:81:94:71:D7:DA:68:22:B7:F2:F1:72:C8:D4
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a1a5323d-810c-4209-a36d-e85d1d062c2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:f10a::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:fb:c5:7f:f5:2d:07:38:f9:b2:f5:3c:3d:67:c4:95:98:2c:
         ff:24:e3:5d:a2:92:50:d9:95:65:4c:ae:bf:da:aa:48:4f:95:
         f2:38:69:a3:ad:89:71:a6:d1:74:71:a7:96:57:af:20:37:d7:
         86:11:42:96:a4:54:66:fb:8d:2c:8a:25:d6:d1:97:9e:46:6c:
         46:5d:a4:a7:87:57:38:5e:8c:3a:87:50:51:ba:a1:c4:fb:03:
         3b:f2:44:b6:90:e0:1b:e0:ee:72:3c:42:4a:11:3f:23:b5:5c:
         e9:4b:3a:83:cd:8e:0c:55:08:24:e5:03:3d:91:26:2f:c7:64:
         7b:89:1b:89:d8:cf:1f:28:57:1f:3f:d0:1b:f6:d5:f9:82:99:
         94:94:5d:e9:1d:a0:d9:ec:a3:3d:a4:d8:78:15:ea:a3:60:86:
         4d:3f:1f:2f:8f:2a:e2:73:2a:c1:cf:11:28:10:ec:7d:96:68:
         72:70:1f:1a:0f:6a:4c:1e:1d:8e:0d:41:e5:14:d4:6e:d2:e7:
         f4:67:1e:cb:75:08:4b:30:13:a5:ba:87:19:5b:c4:bb:9a:1f:
         02:30:8d:e2:c8:16:44:5e:b9:48:e8:de:87:33:ae:13:70:a8:
         6e:ae:26:6e:b9:a9:89:7b:6e:d6:d8:42:32:48:d0:93:cb:c6:
         1d:63:ad:35
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUeVkAykSuHEFmCwiM6ZIih7XxVVcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwMzAxMDEwMDEyWhcNMjYwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjE2ZmRjNDdmYmM5YTNjMGYzNDYwZmI0ZmU4NGMxOWU4
MzE0NjhkODMxNDBhZjJkMzJmODFkYzIyZjZmZWI0MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxGJCbFjZXbdPTJWPdzbW5Cv9h6C7fqd3j2TtGhqmjMbUk
FWx9TnPa0gSGYqjVfqt++4IC1EDRUchy4PVZmDvddDtQ75wA+1qKiDI6QGIhhKAc
dobVcEg77FkePPo9G8njPvkII+z7Yp+XcQN6GfJ4vmESKITesU75CejXdpWWvxpz
ruIQgNr7fOVjp+WnD/r+qI0cFpeGC8kIUGAOSzx3qKNBkmOWdJ7Z4ZDnZRAiQ42R
NMgoVuBzNLIoElqRU8gf3vr40rMVKsRbXZZPtpkUKUW/ihGCvEy6S0qOerC5KsFX
XUm5x+qqiMLCe3OJXsFkt2s/XUmKDz7GWPFWxft1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUgrHnIHZc24GUcdfaaCK38vFyyNQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2ExYTUzMjNkLTgxMGMtNDIwOS1hMzZkLWU4NWQxZDA2MmMyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPD78QowDQYJKoZIhvcNAQELBQADggEBAFz7xX/1LQc4+bL1PD1nxJWY
LP8k412iklDZlWVMrr/aqkhPlfI4aaOtiXGm0XRxp5ZXryA314YRQpakVGb7jSyK
JdbRl55GbEZdpKeHVzhejDqHUFG6ocT7AzvyRLaQ4Bvg7nI8QkoRPyO1XOlLOoPN
jgxVCCTlAz2RJi/HZHuJG4nYzx8oVx8/0Bv21fmCmZSUXekdoNnsoz2k2HgV6qNg
hk0/Hy+PKuJzKsHPESgQ7H2WaHJwHxoPakweHY4NQeUU1G7S5/RnHst1CEswE6W6
hxlbxLuaHwIwjeLIFkReuUjo3oczrhNwqG6uJm65qYl7btbYQjJI0JPLxh1jrTU=
-----END CERTIFICATE-----