Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ae8e0646-a3de-4f6f-9f98-8689213b0505.roa
File:                     ae8e0646-a3de-4f6f-9f98-8689213b0505.roa (raw, json)
Hash identifier:          gUP9+WcRxwh593TkBmsW+N55cRvb3Njyr5xa8vL6OCU=
Subject key identifier:   A3:5B:08:46:77:33:CB:F7:B6:AE:90:AA:78:1F:D9:1D:55:EB:9E:B5
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       76803B04E95AD07BFDCA43A92932090FCD277A59
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ae8e0646-a3de-4f6f-9f98-8689213b0505.roa
Signing time:             Tue 21 Oct 2025 12:50:50 +0000
ROA not before:           Tue 21 Oct 2025 12:50:50 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:ea00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:80:3b:04:e9:5a:d0:7b:fd:ca:43:a9:29:32:09:0f:cd:27:7a:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 21 12:50:50 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=a4ee4cc8487a2d6c5caebaae4edb311ac0267d8eb514edfcfb9d654ed1b45997, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5f:d6:b2:61:f0:d1:38:95:ae:54:af:b1:51:
                    7e:78:04:b5:bb:b4:e7:11:43:5d:5b:d4:d5:08:89:
                    7f:8f:d9:3f:1a:a2:af:bc:b2:0a:e3:80:ab:05:63:
                    c9:5b:71:00:07:d2:19:38:8e:1a:30:c4:ef:d7:b3:
                    6c:aa:1f:e6:f7:a1:8c:57:63:c0:31:de:71:73:50:
                    1c:56:81:3d:04:ae:54:e1:55:1f:09:40:e5:af:46:
                    b1:f1:b5:4c:46:06:bd:56:64:26:8b:47:84:8e:a8:
                    7d:7d:2f:ec:07:7e:fe:e3:ca:20:2f:a4:3a:4a:b8:
                    38:b5:be:92:81:8d:07:09:7f:1d:31:69:e1:7a:f3:
                    a0:46:c0:29:2c:40:58:79:a9:f8:40:96:6e:6e:c1:
                    4e:67:cf:fa:24:b0:02:54:c7:fd:39:8a:28:83:ce:
                    80:95:ce:2a:43:f8:91:ea:34:88:88:ce:06:45:bd:
                    9e:0d:fb:b9:6d:79:3d:06:53:62:59:ca:9f:a2:fe:
                    68:fe:c0:a7:d2:02:1a:04:e7:3e:29:72:c8:e2:36:
                    2f:11:17:1b:c8:01:78:d7:08:ae:a8:8b:f4:72:fc:
                    92:0f:50:f9:a8:9d:ad:f3:dc:63:ec:bd:3c:97:b5:
                    ce:9b:d0:60:a0:7c:01:5b:8d:da:20:2a:da:7b:9d:
                    d9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:5B:08:46:77:33:CB:F7:B6:AE:90:AA:78:1F:D9:1D:55:EB:9E:B5
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ae8e0646-a3de-4f6f-9f98-8689213b0505.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ea00::/40

    Signature Algorithm: sha256WithRSAEncryption
         92:87:5f:bf:1a:a1:33:da:7e:74:17:77:25:9b:5c:44:06:3c:
         4c:0f:cd:25:58:be:8a:b7:0c:ce:c9:9b:91:5e:ed:81:10:02:
         ba:16:9d:b0:0f:a0:77:24:99:92:12:27:76:98:79:4d:34:06:
         c3:bf:ed:4f:9c:8d:0f:da:10:f3:30:5d:73:92:67:d9:d1:30:
         92:7b:85:be:31:99:1b:2c:e2:74:21:42:ed:2c:5c:43:bc:eb:
         62:c8:a0:2a:62:b8:96:89:77:5c:e1:fc:a7:96:a9:28:c5:08:
         fc:9e:e4:61:c2:ef:54:0d:4f:66:56:d7:ec:d8:d5:96:83:a6:
         bb:f6:0b:5a:21:c0:e7:80:61:94:1e:20:60:e0:42:18:df:f8:
         70:95:76:e2:16:5a:0e:62:e0:65:62:cb:b0:ee:3a:0e:d6:4f:
         20:b4:92:75:ef:3d:ca:58:ef:5f:2f:72:97:b1:79:94:62:2f:
         29:94:c1:01:ce:8f:69:cf:2f:d8:21:de:8d:5e:4a:05:41:df:
         bc:e0:48:1a:2d:2f:85:2c:a7:0b:f1:d4:2f:48:b9:d7:5f:7d:
         93:b1:81:14:b8:a2:8b:d1:fd:a1:b3:62:6a:e4:22:e2:c0:62:
         b2:1a:dc:b4:8d:0e:25:c6:96:43:b0:f1:92:95:25:9b:e4:d2:
         27:11:d8:34
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUdoA7BOla0Hv9ykOpKTIJD80nelkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDIxMTI1MDUwWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGVlNGNjODQ4N2EyZDZjNWNhZWJhYWU0ZWRiMzExYWMw
MjY3ZDhlYjUxNGVkZmNmYjlkNjU0ZWQxYjQ1OTk3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcX9ayYfDROJWuVK+xUX54BLW7tOcRQ11b1NUIiX+P2T8a
oq+8sgrjgKsFY8lbcQAH0hk4jhowxO/Xs2yqH+b3oYxXY8Ax3nFzUBxWgT0ErlTh
VR8JQOWvRrHxtUxGBr1WZCaLR4SOqH19L+wHfv7jyiAvpDpKuDi1vpKBjQcJfx0x
aeF686BGwCksQFh5qfhAlm5uwU5nz/oksAJUx/05iiiDzoCVzipD+JHqNIiIzgZF
vZ4N+7lteT0GU2JZyp+i/mj+wKfSAhoE5z4pcsjiNi8RFxvIAXjXCK6oi/Ry/JIP
UPmona3z3GPsvTyXtc6b0GCgfAFbjdogKtp7ndnjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUo1sIRnczy/e2rpCqeB/ZHVXrnrUwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2FlOGUwNjQ2LWEzZGUtNGY2Zi05Zjk4LTg2ODkyMTNiMDUwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76jANBgkqhkiG9w0BAQsFAAOCAQEAkodfvxqhM9p+dBd3JZtcRAY8
TA/NJVi+ircMzsmbkV7tgRACuhadsA+gdySZkhIndph5TTQGw7/tT5yND9oQ8zBd
c5Jn2dEwknuFvjGZGyzidCFC7SxcQ7zrYsigKmK4lol3XOH8p5apKMUI/J7kYcLv
VA1PZlbX7NjVloOmu/YLWiHA54BhlB4gYOBCGN/4cJV24hZaDmLgZWLLsO46DtZP
ILSSde89yljvXy9yl7F5lGIvKZTBAc6Pac8v2CHejV5KBUHfvOBIGi0vhSynC/HU
L0i51199k7GBFLiii9H9obNiauQi4sBishrctI0OJcaWQ7DxkpUlm+TSJxHYNA==
-----END CERTIFICATE-----