Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/052d6260-fdaf-495a-8bbd-e3314e766580.roa
File:                     052d6260-fdaf-495a-8bbd-e3314e766580.roa (raw, json)
Hash identifier:          +KJzPIGdTNxwRxhVcQuNGsKyd2kVfgcW4sqUiFIvg1M=
Subject key identifier:   4C:67:AC:E3:3D:2A:A5:0F:C8:0F:5F:5B:2B:C6:0A:BB:1B:02:59:A2
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       71B3CB60E50641FF345212DB7BD5F7DABC7F29C7
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/052d6260-fdaf-495a-8bbd-e3314e766580.roa
Signing time:             Fri 31 Oct 2025 01:58:01 +0000
ROA not before:           Fri 31 Oct 2025 01:58:01 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:3f0c::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b3:cb:60:e5:06:41:ff:34:52:12:db:7b:d5:f7:da:bc:7f:29:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 01:58:01 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=d32a0981fafd370b3525b64d81fb2569d74a3b37a98f8476099604ddbe87b584, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a2:dc:fc:10:1f:26:af:0d:f1:21:cf:fd:d7:
                    fe:39:a8:25:c7:5d:09:1d:39:89:0c:d7:00:90:59:
                    84:bb:da:9c:3d:ef:e9:1f:55:d0:15:e4:31:ca:73:
                    b8:89:cf:8f:62:d9:ea:f7:d5:3a:e7:45:19:0c:4e:
                    96:57:c8:29:71:33:16:da:a3:5e:ea:5b:45:dc:80:
                    08:0a:b5:6e:aa:f8:80:af:e5:c7:a5:4d:14:a0:da:
                    0c:2d:3d:61:f9:f3:cf:71:ba:8b:24:31:a2:c5:d3:
                    b1:8b:91:66:3f:e5:e6:63:2b:4c:26:42:cc:c8:84:
                    6d:0a:87:05:4e:7e:be:83:3c:7d:51:9e:35:4e:c6:
                    55:42:d1:8f:b7:5e:32:e1:4b:35:10:e5:af:b2:43:
                    71:f3:8a:d7:a7:0f:b9:e9:f0:7f:73:6c:fe:a1:d3:
                    c0:01:20:43:c9:82:d3:6d:8c:45:1c:48:1d:35:61:
                    52:dc:f2:6a:bd:d1:a1:2b:e2:7b:e4:5a:18:83:4c:
                    39:f0:96:b3:e6:73:5a:99:4d:65:f0:18:35:06:e7:
                    4e:ff:40:b9:c3:34:e5:d5:47:94:0b:c3:2b:a0:d1:
                    e5:83:bd:27:35:96:87:ce:91:d7:7b:b5:ca:27:44:
                    b2:fd:a3:5e:38:21:09:e7:2b:23:d4:ea:38:1a:02:
                    fb:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:67:AC:E3:3D:2A:A5:0F:C8:0F:5F:5B:2B:C6:0A:BB:1B:02:59:A2
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/052d6260-fdaf-495a-8bbd-e3314e766580.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:3f0c::/47

    Signature Algorithm: sha256WithRSAEncryption
         38:94:10:3f:3f:de:77:1f:ac:b7:6c:59:61:ac:b7:7a:8b:aa:
         d0:2f:76:8c:77:50:29:4b:87:ce:e9:c8:5e:7f:eb:93:be:4c:
         98:77:32:bb:7b:1d:81:4b:78:ad:6c:28:9e:1b:e1:bf:f5:85:
         db:e1:1b:49:8f:27:92:84:3b:84:4a:04:95:6f:6b:18:c8:de:
         6f:5c:89:64:70:d5:a9:38:cd:00:b5:05:7d:4c:67:de:14:d7:
         46:1c:e3:01:a2:10:ec:a0:a5:a6:8e:56:c5:00:bb:08:27:f1:
         1b:d3:a1:e3:b8:73:e6:d6:e3:9e:e7:bb:a0:bf:8c:3e:6a:62:
         a1:ff:f9:64:ab:a8:02:39:0c:1a:3e:74:68:b8:bf:16:da:b7:
         41:15:05:48:f0:b3:16:10:b4:d0:f8:05:b8:45:d3:17:43:e5:
         79:1a:c3:f6:4e:b3:07:28:7b:8f:7f:e9:73:15:e2:0a:f9:2e:
         e6:b5:1c:4b:18:a9:71:a3:06:fc:99:59:a1:3a:ee:13:ae:32:
         70:40:3f:23:e4:f2:2f:84:8c:ff:05:dc:9f:f6:f0:c6:50:86:
         8a:90:4a:48:0a:62:04:cd:56:02:9e:61:68:35:be:89:26:1d:
         e3:2f:11:c2:7f:d2:3d:aa:51:83:b5:44:38:3d:5f:0e:3c:f1:
         96:f2:a2:77
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcbPLYOUGQf80UhLbe9X32rx/KccwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDE1ODAxWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzJhMDk4MWZhZmQzNzBiMzUyNWI2NGQ4MWZiMjU2OWQ3
NGEzYjM3YTk4Zjg0NzYwOTk2MDRkZGJlODdiNTg0MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/otz8EB8mrw3xIc/91/45qCXHXQkdOYkM1wCQWYS72pw9
7+kfVdAV5DHKc7iJz49i2er31TrnRRkMTpZXyClxMxbao17qW0XcgAgKtW6q+ICv
5celTRSg2gwtPWH5889xuoskMaLF07GLkWY/5eZjK0wmQszIhG0KhwVOfr6DPH1R
njVOxlVC0Y+3XjLhSzUQ5a+yQ3HzitenD7np8H9zbP6h08ABIEPJgtNtjEUcSB01
YVLc8mq90aEr4nvkWhiDTDnwlrPmc1qZTWXwGDUG507/QLnDNOXVR5QLwyug0eWD
vSc1lofOkdd7tconRLL9o144IQnnKyPU6jgaAvsDAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUTGes4z0qpQ/ID19bK8YKuxsCWaIwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzA1MmQ2MjYwLWZkYWYtNDk1YS04YmJkLWUzMzE0ZTc2NjU4MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAPwwwDQYJKoZIhvcNAQELBQADggEBADiUED8/3ncfrLdsWWGst3qL
qtAvdox3UClLh87pyF5/65O+TJh3Mrt7HYFLeK1sKJ4b4b/1hdvhG0mPJ5KEO4RK
BJVvaxjI3m9ciWRw1ak4zQC1BX1MZ94U10Yc4wGiEOygpaaOVsUAuwgn8RvToeO4
c+bW457nu6C/jD5qYqH/+WSrqAI5DBo+dGi4vxbat0EVBUjwsxYQtND4BbhF0xdD
5Xkaw/ZOswcoe49/6XMV4gr5Lua1HEsYqXGjBvyZWaE67hOuMnBAPyPk8i+EjP8F
3J/28MZQhoqQSkgKYgTNVgKeYWg1vokmHeMvEcJ/0j2qUYO1RDg9Xw488Zbyonc=
-----END CERTIFICATE-----