Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c95d920e-7e95-4907-9edf-29509d14ad36.roa
File:                     c95d920e-7e95-4907-9edf-29509d14ad36.roa (raw, json)
Hash identifier:          q/144l3Y614SoKF96dsVxfuMDpWqaVoUOME7gkoQEXE=
Subject key identifier:   BE:30:0E:37:85:C9:C8:AD:17:CB:D7:A9:72:E6:46:50:2B:7B:DB:2A
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       07121DD7C3C9352C770737C7D0B353288E7040B0
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c95d920e-7e95-4907-9edf-29509d14ad36.roa
Signing time:             Tue 21 Oct 2025 13:00:28 +0000
ROA not before:           Tue 21 Oct 2025 13:00:28 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:eb00::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Nov 2025 22:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:12:1d:d7:c3:c9:35:2c:77:07:37:c7:d0:b3:53:28:8e:70:40:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 21 13:00:28 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=ab73aa481fb54ab752a519c96322df425950748609ef5edcc62381905c46705b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:85:e1:d6:68:10:eb:f9:e6:b4:8c:b3:a3:63:
                    59:00:cd:b0:2c:a3:7f:18:c3:ef:11:fc:eb:43:74:
                    2d:b8:3b:b3:ae:60:e4:03:cb:35:b8:9c:84:29:ab:
                    6b:3f:97:a0:34:31:a8:dc:d0:8e:7f:dc:62:d8:2a:
                    77:3d:d3:31:e0:80:a7:01:9f:06:0b:fc:d5:e9:21:
                    e3:af:40:b5:5b:78:84:71:af:66:c2:1e:fb:3d:45:
                    af:c2:3d:1a:ca:2b:47:2f:ef:46:1e:a0:f3:63:20:
                    c1:5f:a2:cc:e2:2b:9c:bc:c2:4f:26:8d:d8:ca:bc:
                    d3:03:11:41:22:a9:51:3d:aa:db:89:f1:03:d2:94:
                    2e:d5:c0:66:f6:61:c4:fd:15:0c:47:9d:8d:36:b1:
                    81:d1:a9:ec:c1:6c:d2:17:f3:77:40:59:0c:47:eb:
                    f3:c3:28:6a:ca:4e:d4:d8:5d:2e:86:b7:64:6e:57:
                    99:4e:a0:18:6d:16:8d:4e:70:ec:8c:79:6a:fd:15:
                    45:f6:80:5e:f5:f5:bf:1f:54:8d:95:a0:43:e8:6a:
                    fe:1b:89:33:7c:88:40:5b:86:a3:23:1d:0e:5b:14:
                    a7:c0:6b:d0:04:20:59:91:27:05:4f:33:8a:b0:58:
                    b1:d0:15:b4:71:eb:30:4f:9a:2b:a1:cb:5e:c7:73:
                    60:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:30:0E:37:85:C9:C8:AD:17:CB:D7:A9:72:E6:46:50:2B:7B:DB:2A
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c95d920e-7e95-4907-9edf-29509d14ad36.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:eb00::/42

    Signature Algorithm: sha256WithRSAEncryption
         7a:13:46:63:a8:b0:e3:84:b7:88:ec:eb:8c:28:8a:54:94:01:
         8c:cc:60:5c:b4:f0:e9:42:19:dc:ed:5c:0e:0d:99:f8:14:77:
         62:9e:b5:20:3c:89:52:50:77:d6:3b:d3:33:4a:af:85:32:2a:
         39:66:04:af:ab:83:c6:14:39:2f:a9:43:c2:c7:59:20:2d:7d:
         a6:b4:93:0b:43:b1:34:5a:e3:0c:a3:52:68:ac:a9:a8:d9:fc:
         cb:08:2e:a0:0c:8c:90:c7:56:67:82:83:69:c3:6b:1b:5e:df:
         fd:cb:7b:87:cf:a1:4d:e4:74:b0:af:cf:89:b8:68:4b:f5:39:
         dc:a7:d9:a8:42:0e:4d:71:da:68:ca:0b:a4:b4:a3:0f:13:48:
         9f:a2:db:07:f1:2d:76:e8:de:2d:6e:d7:cd:5d:e4:cf:0a:9b:
         32:4f:07:be:04:43:94:7f:d7:9c:3e:7e:d4:5c:99:b1:43:fc:
         02:10:ee:36:83:20:86:60:a1:0d:7b:87:44:f6:bc:7e:89:ac:
         c0:56:84:01:01:73:fb:36:48:7b:a6:f0:85:7d:79:1f:4a:b8:
         2e:d3:a2:cf:7c:4d:79:5e:42:ae:87:50:37:cf:fa:f1:83:c6:
         77:d3:36:51:91:c0:e6:f7:ad:16:ae:4d:0b:dc:0a:b2:2c:a5:
         33:9b:2d:d4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUBxId18PJNSx3BzfH0LNTKI5wQLAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDIxMTMwMDI4WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjczYWE0ODFmYjU0YWI3NTJhNTE5Yzk2MzIyZGY0MjU5
NTA3NDg2MDllZjVlZGNjNjIzODE5MDVjNDY3MDViMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWheHWaBDr+ea0jLOjY1kAzbAso38Yw+8R/OtDdC24O7Ou
YOQDyzW4nIQpq2s/l6A0Majc0I5/3GLYKnc90zHggKcBnwYL/NXpIeOvQLVbeIRx
r2bCHvs9Ra/CPRrKK0cv70YeoPNjIMFfosziK5y8wk8mjdjKvNMDEUEiqVE9qtuJ
8QPSlC7VwGb2YcT9FQxHnY02sYHRqezBbNIX83dAWQxH6/PDKGrKTtTYXS6Gt2Ru
V5lOoBhtFo1OcOyMeWr9FUX2gF719b8fVI2VoEPoav4biTN8iEBbhqMjHQ5bFKfA
a9AEIFmRJwVPM4qwWLHQFbRx6zBPmiuhy17Hc2CTAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUvjAON4XJyK0Xy9epcuZGUCt72yowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2M5NWQ5MjBlLTdlOTUtNDkwNy05ZWRmLTI5NTA5ZDE0YWQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD76wAwDQYJKoZIhvcNAQELBQADggEBAHoTRmOosOOEt4js64woilSU
AYzMYFy08OlCGdztXA4NmfgUd2KetSA8iVJQd9Y70zNKr4UyKjlmBK+rg8YUOS+p
Q8LHWSAtfaa0kwtDsTRa4wyjUmisqajZ/MsILqAMjJDHVmeCg2nDaxte3/3Le4fP
oU3kdLCvz4m4aEv1Odyn2ahCDk1x2mjKC6S0ow8TSJ+i2wfxLXbo3i1u181d5M8K
mzJPB74EQ5R/15w+ftRcmbFD/AIQ7jaDIIZgoQ17h0T2vH6JrMBWhAEBc/s2SHum
8IV9eR9KuC7Tos98TXleQq6HUDfP+vGDxnfTNlGRwOb3rRauTQvcCrIspTObLdQ=
-----END CERTIFICATE-----