Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b711b513-e0f0-4a59-a188-036dda4ade5a.roa
File:                     b711b513-e0f0-4a59-a188-036dda4ade5a.roa (raw, json)
Hash identifier:          pP9Yr0brPC8dViMsldN4v3ALg5wTu6/xp35xzXgZPu4=
Subject key identifier:   D9:3C:AD:FA:5D:39:2F:35:84:6F:75:A9:D8:E2:C9:20:AD:49:0F:F2
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       73BB294196C54FC5EDD0BBB29F26270961A1FC47
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b711b513-e0f0-4a59-a188-036dda4ade5a.roa
Signing time:             Sat 28 Feb 2026 05:10:41 +0000
ROA not before:           Sat 28 Feb 2026 05:10:41 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ef00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:bb:29:41:96:c5:4f:c5:ed:d0:bb:b2:9f:26:27:09:61:a1:fc:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Feb 28 05:10:41 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=35c7ff509602f74269b3f424f4fae449012b5968371c27b651bb8f5badcbbd8f, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f5:2a:c0:53:5f:0b:a5:7e:0b:cb:1f:ad:8d:
                    94:d0:fd:61:4b:c7:2d:ff:fa:85:75:b1:a6:87:d0:
                    ec:9b:2a:b9:69:a5:6c:d1:72:a6:4a:d7:18:c9:36:
                    b3:2a:bc:68:61:f2:c7:2e:29:47:e7:c6:12:81:e7:
                    36:fa:2a:51:17:28:bc:db:98:77:5d:9b:b5:21:8e:
                    0c:ed:72:c4:cd:56:2f:35:0b:19:de:94:21:c5:cf:
                    5c:aa:fa:f4:71:48:7e:a0:d5:3c:68:f1:ec:43:f5:
                    fd:7d:5e:7e:fa:3f:a0:40:e5:eb:e1:a1:68:ae:4d:
                    dd:ea:2d:a0:f9:15:ee:dc:7c:28:e0:fc:20:9a:62:
                    30:fe:ca:be:23:75:e0:82:05:46:fa:92:a8:83:43:
                    a5:cd:8e:dd:21:6d:77:49:e6:22:2b:f6:c7:ad:4b:
                    2c:bf:e9:79:b5:b0:55:18:5d:05:eb:06:3e:c7:71:
                    13:16:f1:30:1f:f0:d4:2e:e3:6d:e0:c1:f7:4e:f7:
                    7a:04:02:82:19:50:0d:ae:53:94:99:20:c5:40:85:
                    b4:81:fc:46:d4:af:21:5a:ca:fe:23:9b:c1:6f:48:
                    0a:48:b7:21:f0:03:75:1d:00:04:98:3d:e3:2f:80:
                    34:a5:be:74:4d:1d:9c:82:1d:98:bb:96:76:ed:c9:
                    24:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:3C:AD:FA:5D:39:2F:35:84:6F:75:A9:D8:E2:C9:20:AD:49:0F:F2
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b711b513-e0f0-4a59-a188-036dda4ade5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ef00::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:d6:03:69:57:5a:20:a1:bd:eb:14:73:05:e2:f9:1c:76:f7:
         ff:1e:3f:24:6a:7c:77:45:a3:e1:79:ad:62:88:9c:e3:ab:1f:
         1f:a4:e3:ec:4d:89:fe:5f:d5:fd:c0:7a:30:0a:b2:57:da:4e:
         63:14:11:2b:c8:da:5b:74:13:43:e1:90:93:01:79:76:8c:85:
         48:e6:fe:3d:28:cd:b5:2c:d6:8b:ac:61:9a:24:be:f5:ae:e6:
         de:ea:11:27:32:c0:01:37:11:70:51:17:30:a7:77:50:6d:01:
         da:5a:d4:18:0f:a3:67:cd:07:72:f4:34:9c:02:01:eb:a4:db:
         e9:df:a2:8a:93:ab:2e:86:52:26:5b:27:67:f7:c8:ed:9c:b7:
         7e:d4:b1:39:f4:c4:23:3a:4f:db:cc:28:e3:57:e5:ff:54:4d:
         50:24:bc:d4:6a:d5:de:0e:95:78:38:0e:93:46:41:44:0f:eb:
         53:59:21:8d:cd:8a:18:e0:26:e8:e3:0f:04:10:cd:64:9b:2c:
         07:53:73:ad:62:99:a6:8c:67:9b:45:11:36:ec:e9:68:35:f0:
         00:bb:25:c4:5a:3f:e1:22:75:de:84:0c:be:91:06:92:4f:75:
         7c:f2:79:5c:50:64:5d:22:71:a2:7f:e4:88:3a:ec:7c:fb:de:
         3e:bf:29:8e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUc7spQZbFT8Xt0LuynyYnCWGh/EcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwMjI4MDUxMDQxWhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNWM3ZmY1MDk2MDJmNzQyNjliM2Y0MjRmNGZhZTQ0OTAx
MmI1OTY4MzcxYzI3YjY1MWJiOGY1YmFkY2JiZDhmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ9SrAU18LpX4Lyx+tjZTQ/WFLxy3/+oV1saaH0OybKrlp
pWzRcqZK1xjJNrMqvGhh8scuKUfnxhKB5zb6KlEXKLzbmHddm7UhjgztcsTNVi81
CxnelCHFz1yq+vRxSH6g1Txo8exD9f19Xn76P6BA5evhoWiuTd3qLaD5Fe7cfCjg
/CCaYjD+yr4jdeCCBUb6kqiDQ6XNjt0hbXdJ5iIr9setSyy/6Xm1sFUYXQXrBj7H
cRMW8TAf8NQu423gwfdO93oEAoIZUA2uU5SZIMVAhbSB/EbUryFayv4jm8FvSApI
tyHwA3UdAASYPeMvgDSlvnRNHZyCHZi7lnbtySTRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2Tyt+l05LzWEb3Wp2OLJIK1JD/IwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2I3MTFiNTEzLWUwZjAtNGE1OS1hMTg4LTAzNmRkYTRhZGU1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD77zANBgkqhkiG9w0BAQsFAAOCAQEAHNYDaVdaIKG96xRzBeL5HHb3
/x4/JGp8d0Wj4XmtYoic46sfH6Tj7E2J/l/V/cB6MAqyV9pOYxQRK8jaW3QTQ+GQ
kwF5doyFSOb+PSjNtSzWi6xhmiS+9a7m3uoRJzLAATcRcFEXMKd3UG0B2lrUGA+j
Z80HcvQ0nAIB66Tb6d+iipOrLoZSJlsnZ/fI7Zy3ftSxOfTEIzpP28wo41fl/1RN
UCS81GrV3g6VeDgOk0ZBRA/rU1khjc2KGOAm6OMPBBDNZJssB1NzrWKZpoxnm0UR
NuzpaDXwALslxFo/4SJ13oQMvpEGkk91fPJ5XFBkXSJxon/kiDrsfPvePr8pjg==
-----END CERTIFICATE-----