Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/2cb43c87-8840-4711-b54b-169e61239441.roa
File:                     2cb43c87-8840-4711-b54b-169e61239441.roa (raw, json)
Hash identifier:          BSEVX2duRujh+0NKHiYbezjredwpebL04PnMU1UvxlA=
Subject key identifier:   24:7D:47:57:7E:4A:AA:EB:23:42:79:D9:0D:9F:38:69:67:1A:69:2C
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       4F9E91B00BC8A90E4B4992D6771E65A5C8F28885
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/2cb43c87-8840-4711-b54b-169e61239441.roa
Signing time:             Fri 31 Oct 2025 04:58:33 +0000
ROA not before:           Fri 31 Oct 2025 04:58:33 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:3f88::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:9e:91:b0:0b:c8:a9:0e:4b:49:92:d6:77:1e:65:a5:c8:f2:88:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 04:58:33 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=0699bc8cd4a0bf63865f3f19fabba41eed67760d4095c4b8310039ceb2977eeb, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:06:ac:72:34:49:f9:07:3b:1e:48:fc:d1:d6:
                    70:3e:61:7c:04:10:1a:e7:41:92:39:26:de:c9:4b:
                    55:72:bb:11:4d:c2:30:41:18:63:a1:44:e0:08:3f:
                    6d:35:54:69:e5:f5:c4:18:91:d9:4e:fc:35:88:b0:
                    57:60:f3:cd:09:5e:8a:73:17:9e:7e:32:5c:03:3b:
                    59:8f:e6:84:96:33:13:b5:72:dc:2d:d4:ca:cb:e9:
                    f9:e5:d2:97:c4:68:95:73:7a:72:ae:fa:38:39:34:
                    cb:5f:55:13:99:8b:5e:06:ae:13:76:43:34:41:4d:
                    99:50:79:44:80:9a:2d:24:61:2f:1d:a1:a4:1e:fc:
                    32:6a:62:a9:50:8a:6e:05:dc:11:14:7a:e0:f1:17:
                    57:19:00:44:9d:c1:8e:c0:92:fe:82:4a:89:f8:98:
                    fc:41:d3:76:39:05:58:e8:c6:32:b0:d1:8d:18:57:
                    d0:ef:14:26:1f:4d:b7:74:ec:49:3d:55:3b:71:3a:
                    35:e2:4e:a9:25:61:34:34:05:99:8b:1f:cd:b5:0c:
                    8a:2b:47:e1:6d:96:fa:84:b1:02:71:8d:f4:92:b7:
                    be:c0:e3:de:1b:53:52:61:32:02:39:00:81:02:d7:
                    92:8c:de:68:4c:02:46:7a:36:2f:db:17:a3:3d:43:
                    6b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:7D:47:57:7E:4A:AA:EB:23:42:79:D9:0D:9F:38:69:67:1A:69:2C
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/2cb43c87-8840-4711-b54b-169e61239441.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:3f88::/46

    Signature Algorithm: sha256WithRSAEncryption
         26:ca:98:3d:09:46:fa:a3:3e:71:99:59:9d:b8:23:df:02:cc:
         6f:0c:db:c9:e1:b2:ab:99:b5:c6:5a:f1:9d:38:f8:9c:17:7f:
         99:99:f7:9e:b2:c8:5f:48:66:e5:70:ff:c1:21:8b:0f:c1:3e:
         68:21:d2:cb:c0:b1:42:e8:95:e4:bc:44:af:1e:4f:d5:0f:d7:
         dc:04:57:e4:f9:b7:d4:1f:8d:71:da:e5:cc:6a:ae:93:77:6c:
         5d:0e:3c:24:6e:66:e4:8d:58:96:48:d9:48:02:b4:8b:fd:59:
         de:67:4d:36:7c:fc:dc:26:3a:5c:e9:b3:3b:0e:2b:b2:0e:95:
         c0:da:30:d3:5b:bf:b1:ad:10:aa:d4:35:37:de:f6:61:9e:8d:
         4a:88:06:0b:19:ed:15:29:e2:2f:77:51:7c:d5:34:20:aa:95:
         b7:d5:90:01:9b:18:80:82:f0:23:b4:82:5a:9f:f1:b2:06:f9:
         15:45:d4:4f:56:2d:ef:06:d9:f4:07:4b:74:91:c4:2b:61:0c:
         a4:d7:c4:a1:8e:d7:99:49:c3:86:54:e7:f0:4e:83:47:7b:48:
         e8:80:29:64:03:ee:46:4d:c2:03:2b:c2:0a:6a:00:c2:cb:1f:
         2e:2b:59:95:9a:98:7a:17:f5:2e:68:c5:4c:ee:84:d4:b9:04:
         37:f4:fc:9d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUT56RsAvIqQ5LSZLWdx5lpcjyiIUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDQ1ODMzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjk5YmM4Y2Q0YTBiZjYzODY1ZjNmMTlmYWJiYTQxZWVk
Njc3NjBkNDA5NWM0YjgzMTAwMzljZWIyOTc3ZWViMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuBqxyNEn5BzseSPzR1nA+YXwEEBrnQZI5Jt7JS1VyuxFN
wjBBGGOhROAIP201VGnl9cQYkdlO/DWIsFdg880JXopzF55+MlwDO1mP5oSWMxO1
ctwt1MrL6fnl0pfEaJVzenKu+jg5NMtfVROZi14GrhN2QzRBTZlQeUSAmi0kYS8d
oaQe/DJqYqlQim4F3BEUeuDxF1cZAESdwY7Akv6CSon4mPxB03Y5BVjoxjKw0Y0Y
V9DvFCYfTbd07Ek9VTtxOjXiTqklYTQ0BZmLH821DIorR+FtlvqEsQJxjfSSt77A
494bU1JhMgI5AIEC15KM3mhMAkZ6Ni/bF6M9Q2uhAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJH1HV35KqusjQnnZDZ84aWcaaSwwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzJjYjQzYzg3LTg4NDAtNDcxMS1iNTRiLTE2OWU2MTIzOTQ0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAJAAP4gwDQYJKoZIhvcNAQELBQADggEBACbKmD0JRvqjPnGZWZ24I98C
zG8M28nhsquZtcZa8Z04+JwXf5mZ956yyF9IZuVw/8Ehiw/BPmgh0svAsULoleS8
RK8eT9UP19wEV+T5t9QfjXHa5cxqrpN3bF0OPCRuZuSNWJZI2UgCtIv9Wd5nTTZ8
/NwmOlzpszsOK7IOlcDaMNNbv7GtEKrUNTfe9mGejUqIBgsZ7RUp4i93UXzVNCCq
lbfVkAGbGICC8CO0glqf8bIG+RVF1E9WLe8G2fQHS3SRxCthDKTXxKGO15lJw4ZU
5/BOg0d7SOiAKWQD7kZNwgMrwgpqAMLLHy4rWZWamHoX9S5oxUzuhNS5BDf0/J0=
-----END CERTIFICATE-----