Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/0f6b659b-9df4-477a-a87b-b8bcd08d670e.roa
File:                     0f6b659b-9df4-477a-a87b-b8bcd08d670e.roa (raw, json)
Hash identifier:          e8EasN+YkqyTX8MNTGexut8fFE8wAaggbOkfXUFDi24=
Subject key identifier:   8E:99:72:18:21:D8:83:45:71:4C:80:41:81:F8:00:C2:61:19:57:68
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       1B7E76FEA47F39E5539F1BC94081CCDEC2E9783B
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/0f6b659b-9df4-477a-a87b-b8bcd08d670e.roa
Signing time:             Mon 21 Jul 2025 16:10:56 +0000
ROA not before:           Mon 21 Jul 2025 16:10:56 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:9cc0:402::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 01:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:7e:76:fe:a4:7f:39:e5:53:9f:1b:c9:40:81:cc:de:c2:e9:78:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jul 21 16:10:56 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=af983851a5e7b05118bfae92863621112c5b47f7953715a6065e31c9c32d8540, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:8e:89:de:4d:38:0c:8b:bb:8a:6b:05:f8:37:
                    53:57:8b:63:bb:14:a0:ae:4a:88:58:1d:5e:97:4c:
                    45:da:ee:dd:f9:bc:a0:ab:7d:18:81:6b:62:d9:30:
                    e1:57:84:0e:f7:ba:5f:af:56:8a:80:d4:ce:01:26:
                    7b:57:35:b7:01:77:aa:27:d2:b2:8b:24:b1:2e:8f:
                    0a:7c:0f:e0:e5:39:cc:ae:34:4d:e2:b4:02:c3:dc:
                    c4:c2:67:89:32:4a:14:9c:af:a4:d4:e7:58:92:87:
                    9f:8d:8b:1b:ec:d0:b0:85:10:58:89:fa:40:5b:bb:
                    7d:d2:57:76:e2:e3:b6:22:d8:22:c9:6c:6a:e1:35:
                    23:f0:ae:4b:a1:e4:65:c7:39:5b:b3:f1:8b:d1:fc:
                    cd:79:4f:de:8d:f3:7e:a7:00:ab:0c:71:10:b8:3d:
                    85:eb:2c:ca:84:13:83:0f:6f:5c:b4:cc:b5:67:82:
                    44:84:42:0c:00:b1:59:98:a2:5c:77:2b:ee:e4:67:
                    9a:12:51:3c:0f:e2:9f:ec:b5:98:15:01:ad:02:aa:
                    ee:bf:58:a9:f6:d8:88:37:5c:d9:16:28:c9:ef:55:
                    50:f7:3c:1b:19:b9:c4:d0:01:ee:fa:24:4f:a4:c8:
                    6c:5c:33:eb:e9:2f:03:a8:a0:a9:67:03:f6:ca:3a:
                    f1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:99:72:18:21:D8:83:45:71:4C:80:41:81:F8:00:C2:61:19:57:68
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/0f6b659b-9df4-477a-a87b-b8bcd08d670e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:402::/47

    Signature Algorithm: sha256WithRSAEncryption
         41:4b:04:6b:5d:26:f7:ce:da:d8:1f:bc:3f:f3:40:b4:e3:e6:
         cc:af:cb:a9:f5:85:bc:b0:cf:87:91:fe:3c:2b:19:e0:fe:eb:
         a4:97:6e:8e:e4:34:d1:ea:3d:a8:44:a9:3f:fc:2f:e5:6d:66:
         0f:6d:b5:5c:9d:41:72:6e:9e:01:d8:56:21:f8:4c:09:6b:5f:
         23:3b:4e:ba:45:1d:72:0a:dd:cd:22:ca:d2:44:71:9e:44:2e:
         0b:17:c5:50:f1:24:84:70:3d:7c:14:08:8b:00:27:b0:ba:ef:
         74:e1:ad:99:b7:c5:81:92:74:d4:92:63:71:44:47:64:e3:a7:
         96:6d:15:43:9b:61:f3:9b:2c:6e:c6:64:ab:ac:6d:83:b5:dc:
         5a:5c:49:91:bb:8e:f5:3c:7d:e2:31:cd:1f:5a:a2:8d:2f:92:
         9e:f7:f3:bc:38:76:cc:51:24:51:4c:92:70:8a:52:be:44:d4:
         7d:17:82:a2:15:57:42:32:54:8b:34:89:d1:98:56:34:c8:75:
         58:10:63:a8:0f:f0:f0:81:7f:49:82:d6:ae:31:a8:31:fe:6e:
         35:55:e1:4b:a7:4c:0e:fa:a7:b1:ed:f0:4a:6d:a9:67:7e:9f:
         ed:e9:51:c9:5f:ed:e8:94:3b:2c:04:40:ec:57:7d:36:29:84:
         c0:ea:f2:5f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUG352/qR/OeVTnxvJQIHM3sLpeDswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwNzIxMTYxMDU2WhcNMjUwODI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjk4Mzg1MWE1ZTdiMDUxMThiZmFlOTI4NjM2MjExMTJj
NWI0N2Y3OTUzNzE1YTYwNjVlMzFjOWMzMmQ4NTQwMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrjoneTTgMi7uKawX4N1NXi2O7FKCuSohYHV6XTEXa7t35
vKCrfRiBa2LZMOFXhA73ul+vVoqA1M4BJntXNbcBd6on0rKLJLEujwp8D+DlOcyu
NE3itALD3MTCZ4kyShScr6TU51iSh5+Nixvs0LCFEFiJ+kBbu33SV3bi47Yi2CLJ
bGrhNSPwrkuh5GXHOVuz8YvR/M15T96N836nAKsMcRC4PYXrLMqEE4MPb1y0zLVn
gkSEQgwAsVmYolx3K+7kZ5oSUTwP4p/stZgVAa0Cqu6/WKn22Ig3XNkWKMnvVVD3
PBsZucTQAe76JE+kyGxcM+vpLwOooKlnA/bKOvGnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUjplyGCHYg0VxTIBBgfgAwmEZV2gwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzBmNmI2NTliLTlkZjQtNDc3YS1hODdiLWI4YmNkMDhkNjcwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmBZzABAIwDQYJKoZIhvcNAQELBQADggEBAEFLBGtdJvfO2tgfvD/zQLTj
5syvy6n1hbywz4eR/jwrGeD+66SXbo7kNNHqPahEqT/8L+VtZg9ttVydQXJungHY
ViH4TAlrXyM7TrpFHXIK3c0iytJEcZ5ELgsXxVDxJIRwPXwUCIsAJ7C673ThrZm3
xYGSdNSSY3FER2Tjp5ZtFUObYfObLG7GZKusbYO13FpcSZG7jvU8feIxzR9aoo0v
kp7387w4dsxRJFFMknCKUr5E1H0XgqIVV0IyVIs0idGYVjTIdVgQY6gP8PCBf0mC
1q4xqDH+bjVV4UunTA76p7Ht8EptqWd+n+3pUclf7eiUOywEQOxXfTYphMDq8l8=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:44:36 2025 by rpki-client