Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa
File:                     c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa (raw, json)
Hash identifier:          U6IMV/pe8bKeK7FIQkicsucQN5X65AQodEH0pV4aynk=
Subject key identifier:   57:BB:24:42:C9:23:86:35:CB:C0:04:2E:D2:97:98:FD:38:41:E4:94
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       71A5BC41E2DC33FC5A4D208D2095E7ECE67E64BA
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa
Signing time:             Fri 31 Oct 2025 01:50:32 +0000
ROA not before:           Fri 31 Oct 2025 01:50:32 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:a5:bc:41:e2:dc:33:fc:5a:4d:20:8d:20:95:e7:ec:e6:7e:64:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 31 01:50:32 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=9ae420198bc2509edeab8509ae98cce4a54a5f2659faaaafaa7b937fd8413e47, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:39:bf:9a:2a:a7:49:77:a7:4a:f8:4d:d4:be:
                    8d:16:bf:50:b2:41:71:71:74:be:68:97:c1:df:b0:
                    5a:2d:c6:6a:39:1c:ef:55:89:02:0d:5a:6f:41:f5:
                    dd:e8:88:0e:bf:a4:5a:55:27:a6:f1:d3:12:ff:65:
                    6e:91:a4:93:4c:e6:1c:7e:ed:0e:7d:ed:cd:c1:5e:
                    5f:cb:19:96:bc:26:0a:c0:cc:fa:7b:7d:0b:48:d4:
                    2f:ca:d9:52:96:33:3d:b0:b2:32:67:cb:8f:e4:c8:
                    57:e6:6c:da:88:2a:6a:60:e1:56:f0:92:ef:e6:e5:
                    4e:6f:19:db:cd:c6:f7:8c:75:a5:dc:dd:65:0b:ef:
                    00:36:7f:34:d6:27:4f:de:ac:54:15:4f:b5:2e:25:
                    e5:0a:3d:9e:76:31:67:d1:3b:f9:7c:3a:6b:11:ae:
                    06:8d:9b:c4:33:22:75:c0:cb:e0:f5:8a:29:1d:8d:
                    0d:95:d4:b9:28:70:8f:64:f9:25:98:95:bb:61:da:
                    01:3d:3b:d7:55:51:02:85:dd:2f:96:f9:87:75:66:
                    01:05:1c:49:dc:8b:e9:d9:d9:3e:39:cb:02:56:5e:
                    3e:a0:30:ac:f1:27:6e:8e:22:3d:ea:71:7a:c3:3c:
                    5a:29:14:e3:77:f5:17:6d:72:c6:3a:59:57:3d:81:
                    93:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:BB:24:42:C9:23:86:35:CB:C0:04:2E:D2:97:98:FD:38:41:E4:94
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         60:6c:88:31:cd:75:d5:c8:69:c6:e6:d6:1f:a3:3b:a9:89:ee:
         78:ee:ac:42:19:c7:77:f2:fe:86:4f:85:c9:e4:ba:c7:1c:88:
         e2:f5:1d:7a:f1:76:51:02:db:ec:92:9c:38:96:93:ce:0b:51:
         28:00:15:ba:26:88:b2:08:09:6e:26:ce:1e:6b:35:f0:1d:e7:
         bc:d1:36:38:18:1d:f2:fc:ee:7d:94:b7:30:ca:7e:22:30:41:
         ba:5a:55:65:fb:eb:a5:bd:99:77:c1:91:1f:5c:52:c0:bb:f8:
         61:a4:a4:94:2f:e1:be:34:86:c7:ba:19:ed:8e:92:43:2f:29:
         e7:11:bb:b4:9b:c3:ae:63:a3:ff:53:a1:6a:39:28:aa:00:a2:
         17:78:ad:62:e4:aa:b7:3f:a4:4b:21:cd:53:09:69:59:da:82:
         8f:91:a3:d0:84:6e:08:0b:e8:49:e6:88:6f:21:26:f7:08:5d:
         38:45:96:70:84:0f:12:a0:91:b3:a3:41:53:88:bc:cc:73:31:
         f9:98:3a:89:9d:39:00:8f:7d:03:09:80:b7:96:a0:a2:db:6a:
         9b:59:c0:a7:15:5f:14:e4:98:07:4a:1e:d5:81:45:45:2f:d1:
         ea:e6:15:b5:9d:25:43:87:7f:ad:e5:aa:7b:5e:70:76:0f:2c:
         c2:49:73:7b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUcaW8QeLcM/xaTSCNIJXn7OZ+ZLowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDMxMDE1MDMyWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YWU0MjAxOThiYzI1MDllZGVhYjg1MDlhZTk4Y2NlNGE1
NGE1ZjI2NTlmYWFhYWZhYTdiOTM3ZmQ4NDEzZTQ3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWOb+aKqdJd6dK+E3Uvo0Wv1CyQXFxdL5ol8HfsFotxmo5
HO9ViQINWm9B9d3oiA6/pFpVJ6bx0xL/ZW6RpJNM5hx+7Q597c3BXl/LGZa8JgrA
zPp7fQtI1C/K2VKWMz2wsjJny4/kyFfmbNqIKmpg4Vbwku/m5U5vGdvNxveMdaXc
3WUL7wA2fzTWJ0/erFQVT7UuJeUKPZ52MWfRO/l8OmsRrgaNm8QzInXAy+D1iikd
jQ2V1LkocI9k+SWYlbth2gE9O9dVUQKF3S+W+Yd1ZgEFHEnci+nZ2T45ywJWXj6g
MKzxJ26OIj3qcXrDPFopFON39RdtcsY6WVc9gZONAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUV7skQskjhjXLwAQu0peY/ThB5JQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2M5MWRjMTEwLWU0ZDYtNGE3OC05MGRjLTk0ZTRkMjA4M2M4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwATANBgkqhkiG9w0BAQsFAAOCAQEAYGyIMc111chpxubWH6M7qYnu
eO6sQhnHd/L+hk+FyeS6xxyI4vUdevF2UQLb7JKcOJaTzgtRKAAVuiaIsggJbibO
Hms18B3nvNE2OBgd8vzufZS3MMp+IjBBulpVZfvrpb2Zd8GRH1xSwLv4YaSklC/h
vjSGx7oZ7Y6SQy8p5xG7tJvDrmOj/1OhajkoqgCiF3itYuSqtz+kSyHNUwlpWdqC
j5Gj0IRuCAvoSeaIbyEm9whdOEWWcIQPEqCRs6NBU4i8zHMx+Zg6iZ05AI99AwmA
t5agottqm1nApxVfFOSYB0oe1YFFRS/R6uYVtZ0lQ4d/reWqe15wdg8swklzew==
-----END CERTIFICATE-----