Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
File:                     d040f02c-c962-433b-9282-37c1d283eaeb.roa (raw, json)
Hash identifier:          /70UDcbN9ABGPEUgZLp5SOP9ULXgbMVxfdFdPYjcZEQ=
Subject key identifier:   BF:EC:B4:F2:AC:D4:D8:33:8A:EE:70:50:3D:7E:0A:CB:88:BC:BC:B6
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3C3E582C444A206C9AD665B9264CB7E91B4F808C
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa
Signing time:             Tue 21 Oct 2025 13:00:12 +0000
ROA not before:           Tue 21 Oct 2025 13:00:12 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:eb00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:3e:58:2c:44:4a:20:6c:9a:d6:65:b9:26:4c:b7:e9:1b:4f:80:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Oct 21 13:00:12 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=2ecae541130f04b6a758960c6eae2bc407f6c511bb386bb86bc8613aac0d07ac, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f2:d6:a0:f7:17:c6:ef:9f:44:60:07:7a:3d:
                    0d:30:7d:d2:a7:bb:fa:0a:5b:f8:17:d4:16:98:bd:
                    43:8d:00:f9:69:61:e8:f0:e6:e1:77:4c:70:7f:7e:
                    85:fc:d3:f9:66:d4:c4:a9:f3:a6:ac:45:76:1c:3d:
                    0d:7e:27:35:5a:4a:90:b2:0c:ef:01:44:94:d0:d4:
                    eb:0d:50:3c:de:71:77:8b:99:98:b0:a7:ab:93:0b:
                    84:b5:49:48:15:ed:40:17:dc:1e:3b:39:aa:cf:b2:
                    65:94:b8:3b:5f:34:11:09:04:ff:61:8a:15:85:b4:
                    5d:78:01:6a:02:92:86:ec:11:23:ca:65:ed:2f:5b:
                    db:52:bc:21:5b:6a:b1:3e:31:c7:94:2d:2a:15:11:
                    c3:b4:fa:44:7a:b9:28:65:27:54:be:bf:e3:a7:6d:
                    5e:8c:df:23:48:ab:a0:83:14:72:bc:57:86:3a:80:
                    6d:83:b2:d9:87:14:bb:c7:15:b6:1b:96:c9:1f:19:
                    e0:24:c2:5f:0e:ec:e4:95:dc:97:eb:d3:11:67:3d:
                    1e:29:73:f7:53:3e:32:18:48:56:6f:4a:ec:7b:25:
                    e1:e1:c2:d1:5e:c2:65:4c:d8:ac:fb:52:0c:51:79:
                    2a:66:47:0f:5f:65:5c:bb:6c:57:2b:ad:f1:07:6b:
                    a8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:EC:B4:F2:AC:D4:D8:33:8A:EE:70:50:3D:7E:0A:CB:88:BC:BC:B6
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d040f02c-c962-433b-9282-37c1d283eaeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:eb00::/40

    Signature Algorithm: sha256WithRSAEncryption
         18:26:31:05:37:c4:4c:4d:b1:ab:38:d7:67:fe:21:47:cd:5a:
         e5:b0:a9:f6:94:ce:4b:20:31:44:e2:28:de:6c:8c:1a:c8:0c:
         61:da:c2:a2:27:f9:be:ac:a8:88:1e:3f:fe:23:61:0d:b4:46:
         21:bb:f5:c1:b7:17:a5:c6:4e:82:3c:c9:1d:55:8b:9d:e6:6b:
         87:ab:e0:c0:43:72:e6:32:b8:27:5c:eb:2c:ac:47:90:3c:7e:
         6e:ba:ff:b4:14:b6:d7:0c:5f:ae:fe:7d:5a:79:9a:1a:b7:02:
         43:dc:56:0d:01:24:e7:30:3f:fc:29:dd:ed:00:6a:4d:58:70:
         15:78:a7:b8:46:e1:92:a4:bf:64:82:dc:05:e9:92:fe:a5:20:
         f7:92:07:fc:40:ad:06:ba:86:c5:e4:e5:32:6f:f1:a9:65:4d:
         04:60:9e:27:76:1d:77:16:ec:fb:d4:e5:e6:a5:7c:44:c1:11:
         ae:85:e2:79:21:0f:28:d9:72:9f:b2:10:7d:78:b8:83:ad:18:
         4a:bd:5b:47:c6:ff:84:28:0d:0e:5e:72:62:80:68:e0:0c:15:
         0e:63:72:44:0d:a4:9d:59:85:ea:8d:85:22:ed:7e:e3:c0:05:
         7e:fa:44:25:2d:b6:13:03:e6:72:7a:14:0f:8a:7a:9f:c2:67:
         62:a2:f1:44
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPD5YLERKIGya1mW5Jky36RtPgIwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUxMDIxMTMwMDEyWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZWNhZTU0MTEzMGYwNGI2YTc1ODk2MGM2ZWFlMmJjNDA3
ZjZjNTExYmIzODZiYjg2YmM4NjEzYWFjMGQwN2FjMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv8tag9xfG759EYAd6PQ0wfdKnu/oKW/gX1BaYvUONAPlp
Yejw5uF3THB/foX80/lm1MSp86asRXYcPQ1+JzVaSpCyDO8BRJTQ1OsNUDzecXeL
mZiwp6uTC4S1SUgV7UAX3B47OarPsmWUuDtfNBEJBP9hihWFtF14AWoCkobsESPK
Ze0vW9tSvCFbarE+MceULSoVEcO0+kR6uShlJ1S+v+OnbV6M3yNIq6CDFHK8V4Y6
gG2DstmHFLvHFbYblskfGeAkwl8O7OSV3Jfr0xFnPR4pc/dTPjIYSFZvSux7JeHh
wtFewmVM2Kz7UgxReSpmRw9fZVy7bFcrrfEHa6idAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUv+y08qzU2DOK7nBQPX4Ky4i8vLYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2QwNDBmMDJjLWM5NjItNDMzYi05MjgyLTM3YzFkMjgzZWFlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76zANBgkqhkiG9w0BAQsFAAOCAQEAGCYxBTfETE2xqzjXZ/4hR81a
5bCp9pTOSyAxROIo3myMGsgMYdrCoif5vqyoiB4//iNhDbRGIbv1wbcXpcZOgjzJ
HVWLneZrh6vgwENy5jK4J1zrLKxHkDx+brr/tBS21wxfrv59WnmaGrcCQ9xWDQEk
5zA//Cnd7QBqTVhwFXinuEbhkqS/ZILcBemS/qUg95IH/ECtBrqGxeTlMm/xqWVN
BGCeJ3Yddxbs+9Tl5qV8RMERroXieSEPKNlyn7IQfXi4g60YSr1bR8b/hCgNDl5y
YoBo4AwVDmNyRA2knVmF6o2FIu1+48AFfvpEJS22EwPmcnoUD4p6n8JnYqLxRA==
-----END CERTIFICATE-----