Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f933dc9a-6cb0-4836-9711-454fb0e2e364.roa
File:                     f933dc9a-6cb0-4836-9711-454fb0e2e364.roa (raw, json)
Hash identifier:          qBlQlzGefDDybHSSzBGlt0gpIWQr6PMjmtBB18IqvOw=
Subject key identifier:   FA:6D:37:65:67:4B:0F:A2:B6:31:40:29:95:2D:EB:5F:18:3F:E7:D1
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       41F52443CFCE35D2F08CB051DA67EA53EAF849B6
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f933dc9a-6cb0-4836-9711-454fb0e2e364.roa
Signing time:             Wed 20 May 2026 00:40:05 +0000
ROA not before:           Wed 20 May 2026 00:40:05 +0000
ROA not after:            Tue 18 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:f104::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/521eb33f-9672-4cd9-acce-137227e971ac.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 13:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:f5:24:43:cf:ce:35:d2:f0:8c:b0:51:da:67:ea:53:ea:f8:49:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: May 20 00:40:05 2026 GMT
            Not After : Aug 18 23:59:59 2026 GMT
        Subject: serialNumber=6f8d9007d77d7fe1bec72d442407b4c723975df46c130c47920e287a73720082, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f4:1e:88:94:9a:37:02:db:f4:38:98:90:b1:
                    dc:83:99:73:0a:d3:75:95:c5:2b:5a:5b:ff:b1:14:
                    27:ee:3a:c1:ee:74:87:38:07:02:67:4d:31:d2:fc:
                    69:e1:6f:ed:c3:6e:be:5d:68:0b:14:aa:71:64:de:
                    88:b2:86:23:72:de:77:05:d7:93:1a:39:65:26:10:
                    41:37:4e:67:7d:35:74:2d:9a:e7:f2:9b:ad:5e:39:
                    b3:cd:ff:5f:da:5b:26:f3:8e:c0:ad:88:5d:7e:d6:
                    c2:86:54:23:79:05:0e:30:48:fd:e4:16:c6:2e:5d:
                    6c:e8:00:8b:e5:e1:aa:d1:de:57:fb:7d:f3:02:a1:
                    70:d2:2b:87:c8:ec:95:d8:6a:c9:52:77:be:f2:6e:
                    ab:c9:f1:33:e8:66:f9:96:2f:25:50:d7:42:38:b8:
                    d4:26:6f:0e:60:8a:3a:98:00:83:38:7c:2f:92:11:
                    d3:7e:3f:32:94:95:bf:fc:69:fa:e3:b2:40:60:8b:
                    58:b4:c8:66:c4:53:d4:64:f8:a1:e1:b0:2d:04:ad:
                    57:ee:6a:9e:1c:98:36:e8:b2:f7:5d:ae:d1:2e:ec:
                    c9:bb:6d:06:e6:5c:83:7b:1f:58:70:36:3b:51:ff:
                    2b:fc:d1:46:d2:d5:13:f8:c3:66:aa:ea:70:a9:16:
                    5e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:6D:37:65:67:4B:0F:A2:B6:31:40:29:95:2D:EB:5F:18:3F:E7:D1
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f933dc9a-6cb0-4836-9711-454fb0e2e364.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:f104::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:55:27:a9:d4:7a:83:7b:8a:9d:0d:80:bd:10:db:b9:a2:d2:
         68:30:b9:8d:80:15:c8:31:88:5a:28:92:de:3f:1f:0b:96:64:
         12:a7:c7:b5:82:4e:c1:34:ba:8a:55:c2:b2:7f:0e:8a:48:91:
         fe:b8:ff:1b:06:c0:a1:0d:72:a0:51:d2:e6:c0:27:9b:0e:2f:
         20:e3:55:e5:de:6d:30:77:bc:dd:02:81:c1:bd:3f:96:7f:b1:
         ce:fb:c2:5b:6c:a1:83:c6:62:0e:55:a0:4c:2e:6f:08:e8:55:
         78:6a:a4:5f:e4:59:0f:34:e0:5f:96:96:e7:24:45:4c:8b:56:
         da:b9:c0:4b:64:46:31:af:51:33:fb:6f:b2:05:e6:6a:a0:a0:
         c6:0c:97:2b:c4:29:b5:8d:42:e5:e5:b1:d2:65:a1:60:84:cd:
         0b:91:36:1c:77:c3:49:3b:91:0a:9c:7b:e5:42:57:4a:19:b3:
         d8:d7:ce:37:33:95:23:62:39:09:00:41:81:b5:00:11:5e:18:
         a8:0e:54:4f:97:cf:d5:53:b6:5b:8b:3b:52:30:a9:62:03:91:
         5d:7c:85:f8:55:50:de:f7:30:d3:7b:54:15:d7:5c:02:63:79:
         82:a8:9c:34:08:09:a2:5e:f4:08:57:ed:34:16:9e:99:87:06:
         10:be:84:f0
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQfUkQ8/ONdLwjLBR2mfqU+r4SbYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjYwNTIwMDA0MDA1WhcNMjYwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZjhkOTAwN2Q3N2Q3ZmUxYmVjNzJkNDQyNDA3YjRjNzIz
OTc1ZGY0NmMxMzBjNDc5MjBlMjg3YTczNzIwMDgyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN9B6IlJo3Atv0OJiQsdyDmXMK03WVxStaW/+xFCfuOsHu
dIc4BwJnTTHS/Gnhb+3Dbr5daAsUqnFk3oiyhiNy3ncF15MaOWUmEEE3Tmd9NXQt
mufym61eObPN/1/aWybzjsCtiF1+1sKGVCN5BQ4wSP3kFsYuXWzoAIvl4arR3lf7
ffMCoXDSK4fI7JXYaslSd77ybqvJ8TPoZvmWLyVQ10I4uNQmbw5gijqYAIM4fC+S
EdN+PzKUlb/8afrjskBgi1i0yGbEU9Rk+KHhsC0ErVfuap4cmDbosvddrtEu7Mm7
bQbmXIN7H1hwNjtR/yv80UbS1RP4w2aq6nCpFl5RAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU+m03ZWdLD6K2MUAplS3rXxg/59EwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2Y5MzNkYzlhLTZjYjAtNDgzNi05NzExLTQ1NGZiMGUyZTM2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPD78QQwDQYJKoZIhvcNAQELBQADggEBADVVJ6nUeoN7ip0NgL0Q27mi
0mgwuY2AFcgxiFookt4/HwuWZBKnx7WCTsE0uopVwrJ/DopIkf64/xsGwKENcqBR
0ubAJ5sOLyDjVeXebTB3vN0CgcG9P5Z/sc77wltsoYPGYg5VoEwubwjoVXhqpF/k
WQ804F+WluckRUyLVtq5wEtkRjGvUTP7b7IF5mqgoMYMlyvEKbWNQuXlsdJloWCE
zQuRNhx3w0k7kQqce+VCV0oZs9jXzjczlSNiOQkAQYG1ABFeGKgOVE+Xz9VTtluL
O1IwqWIDkV18hfhVUN73MNN7VBXXXAJjeYKonDQICaJe9AhX7TQWnpmHBhC+hPA=
-----END CERTIFICATE-----