Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/af93e150-9469-47eb-8185-3ff03d87db06.roa
File:                     af93e150-9469-47eb-8185-3ff03d87db06.roa (raw, json)
Hash identifier:          57SGt0cXXWmkaAFi9wFBXibF2hBT4Q2HJuuQUTOcTNM=
Subject key identifier:   BE:6D:07:62:67:74:EB:5E:93:A6:C0:70:2D:CC:AE:90:ED:6A:D3:8C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3D9D775C0FDD2A9D76F7975A95438450D50B33C5
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/af93e150-9469-47eb-8185-3ff03d87db06.roa
Signing time:             Tue 15 Jul 2025 00:10:26 +0000
ROA not before:           Tue 15 Jul 2025 00:10:26 +0000
ROA not after:            Tue 19 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:f000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:9d:77:5c:0f:dd:2a:9d:76:f7:97:5a:95:43:84:50:d5:0b:33:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jul 15 00:10:26 2025 GMT
            Not After : Aug 19 23:59:59 2025 GMT
        Subject: serialNumber=6c9f9ab4d46640ff838d10df75cdf8ebe33f80668d558d4b477fb3a446300fdd, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6a:1b:3f:83:66:fd:83:6b:75:1a:db:15:bb:
                    15:82:c1:d7:37:2c:87:a6:28:d7:e9:18:eb:05:78:
                    d8:ef:3a:f3:a5:98:a7:21:a0:96:a9:82:29:3c:10:
                    4d:f0:0a:6e:cb:22:e9:70:8b:14:91:6d:d0:9e:14:
                    a8:cb:a3:21:ce:f1:80:dc:e8:2c:f4:af:5e:dd:72:
                    fb:cb:e9:59:59:6a:5a:b1:20:79:8f:54:09:77:5a:
                    70:aa:c7:a1:35:24:25:8c:2e:dc:ef:dd:d3:9c:f7:
                    d5:61:3e:0c:c5:9d:d6:f8:21:54:2d:56:cb:8f:98:
                    1d:9c:2c:b0:2d:f1:13:45:9b:2f:82:16:c8:8d:a4:
                    53:6d:34:6c:97:00:a4:dc:03:c9:6b:f6:00:aa:b5:
                    6d:f8:be:45:f0:7f:dc:e5:ba:bc:ef:c2:d7:76:59:
                    d9:e3:3e:f7:55:89:48:d4:f3:28:2c:e5:b3:4e:65:
                    f6:cf:6d:4b:28:f5:d2:4a:76:af:1e:47:9d:da:85:
                    03:62:61:34:18:97:ba:31:9c:16:5b:46:b9:8b:59:
                    06:33:a5:ae:b4:c4:a2:d6:20:99:d4:1d:26:be:8b:
                    00:da:09:f6:62:24:b2:8a:99:58:90:93:10:33:5c:
                    3f:0e:a4:eb:55:af:ab:d8:b1:8c:72:a5:ee:f6:58:
                    35:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6D:07:62:67:74:EB:5E:93:A6:C0:70:2D:CC:AE:90:ED:6A:D3:8C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/af93e150-9469-47eb-8185-3ff03d87db06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         85:7a:a0:d6:81:57:7d:e2:26:86:41:50:c2:4e:33:2b:f7:9f:
         8f:90:60:b7:17:cc:42:c2:61:48:68:26:82:87:f6:b8:d1:58:
         9b:2b:0c:94:f9:f8:96:62:27:e7:c5:95:30:c5:5d:27:14:ab:
         1e:be:7a:cf:5d:98:d3:50:9d:62:42:2b:36:cb:66:0f:77:3a:
         e2:a1:59:01:17:c6:7d:78:01:5c:55:88:d9:0b:1e:2a:9e:78:
         8d:a4:2f:26:e1:fa:0a:22:18:65:4a:57:0c:24:59:c7:1f:e1:
         87:78:32:1d:7a:da:0f:cf:37:2c:8c:5c:32:ed:f3:ed:7f:4c:
         3f:5b:6d:fb:ef:be:e8:76:88:90:b7:d6:c6:88:b1:66:72:2c:
         32:a9:40:0c:27:89:87:68:14:db:ca:cd:21:57:eb:73:86:79:
         c0:3b:b8:c0:fa:16:4c:1c:22:ac:99:23:4c:78:64:07:e2:f4:
         66:b2:1d:47:64:79:26:1d:a7:d7:f4:ff:0a:46:7a:e1:9f:d1:
         04:bf:38:7b:c2:1a:c0:f9:56:6d:bd:37:1c:fa:d6:9e:60:ee:
         42:41:2f:1d:3c:89:06:e6:d0:42:76:f9:51:0a:ee:24:be:2f:
         c9:6a:af:35:25:e1:90:68:15:36:75:f3:ea:ed:97:e5:53:db:
         a5:c1:36:e9
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPZ13XA/dKp1295dalUOEUNULM8UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwNzE1MDAxMDI2WhcNMjUwODE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzlmOWFiNGQ0NjY0MGZmODM4ZDEwZGY3NWNkZjhlYmUz
M2Y4MDY2OGQ1NThkNGI0NzdmYjNhNDQ2MzAwZmRkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ahs/g2b9g2t1GtsVuxWCwdc3LIemKNfpGOsFeNjvOvOl
mKchoJapgik8EE3wCm7LIulwixSRbdCeFKjLoyHO8YDc6Cz0r17dcvvL6VlZalqx
IHmPVAl3WnCqx6E1JCWMLtzv3dOc99VhPgzFndb4IVQtVsuPmB2cLLAt8RNFmy+C
FsiNpFNtNGyXAKTcA8lr9gCqtW34vkXwf9zlurzvwtd2WdnjPvdViUjU8ygs5bNO
ZfbPbUso9dJKdq8eR53ahQNiYTQYl7oxnBZbRrmLWQYzpa60xKLWIJnUHSa+iwDa
CfZiJLKKmViQkxAzXD8OpOtVr6vYsYxype72WDUNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUvm0HYmd0616TpsBwLcyukO1q04wwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2FmOTNlMTUwLTk0NjktNDdlYi04MTg1LTNmZjAzZDg3ZGIwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPD78AAwDQYJKoZIhvcNAQELBQADggEBAIV6oNaBV33iJoZBUMJOMyv3
n4+QYLcXzELCYUhoJoKH9rjRWJsrDJT5+JZiJ+fFlTDFXScUqx6+es9dmNNQnWJC
KzbLZg93OuKhWQEXxn14AVxViNkLHiqeeI2kLybh+goiGGVKVwwkWccf4Yd4Mh16
2g/PNyyMXDLt8+1/TD9bbfvvvuh2iJC31saIsWZyLDKpQAwniYdoFNvKzSFX63OG
ecA7uMD6FkwcIqyZI0x4ZAfi9GayHUdkeSYdp9f0/wpGeuGf0QS/OHvCGsD5Vm29
Nxz61p5g7kJBLx08iQbm0EJ2+VEK7iS+L8lqrzUl4ZBoFTZ18+rtl+VT26XBNuk=
-----END CERTIFICATE-----