Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/447ba741-5d23-4775-941c-ff67e42f5c3e.roa
File:                     447ba741-5d23-4775-941c-ff67e42f5c3e.roa (raw, json)
Hash identifier:          KNJ6py3ejFu3yKjGu0b8d2nnj2nHMyX1dFL62q2Hc6k=
Subject key identifier:   72:63:37:14:64:B8:6B:6A:73:6E:2C:B3:53:BD:BD:58:EF:45:6A:63
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       4330BBF8348EE1D8578273BA7B4DB5DF2DC9FCB1
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/447ba741-5d23-4775-941c-ff67e42f5c3e.roa
Signing time:             Thu 30 Oct 2025 21:36:59 +0000
ROA not before:           Thu 30 Oct 2025 21:36:59 +0000
ROA not after:            Thu 04 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:1798::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:30:bb:f8:34:8e:e1:d8:57:82:73:ba:7b:4d:b5:df:2d:c9:fc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 30 21:36:59 2025 GMT
            Not After : Dec  4 23:59:59 2025 GMT
        Subject: serialNumber=e543fa3e75635ec3b9413ce9dc97431b3c94e4365985dbbccd7e393fb1cbf4a9, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6e:5e:e6:f0:52:fd:d3:20:47:ec:ac:8e:41:
                    1a:83:30:6b:ed:df:8e:2e:a7:a2:9c:5f:96:6a:85:
                    b4:7a:68:7e:0c:22:63:98:37:30:59:8b:bb:0b:6d:
                    88:f5:19:7e:ff:b8:c8:ec:ac:74:3f:75:bb:9d:6f:
                    ce:51:ae:60:a3:fc:ec:3e:99:68:43:e2:7d:98:99:
                    dd:e3:67:f5:d3:c7:89:65:f5:54:fb:c4:68:47:35:
                    b2:97:6c:b9:37:ec:b2:77:85:3d:6d:3f:a7:41:e0:
                    7b:e2:84:12:b0:74:c8:0f:e7:5c:9d:6d:c9:30:35:
                    48:59:d4:e3:6c:db:53:21:fd:7e:9f:c0:ef:47:69:
                    6e:6f:e1:18:ab:d9:cb:f4:7c:e2:2c:bd:f7:54:7b:
                    28:06:4f:cb:8d:d0:3d:27:4c:8c:b6:85:56:96:4d:
                    3c:29:e9:8f:cb:33:0d:2c:f0:ea:79:c3:33:e3:dc:
                    ac:2b:8f:c6:8a:28:79:b0:93:b6:88:c7:cc:eb:24:
                    97:d8:c3:f6:42:88:12:77:ed:da:25:7e:79:ab:2e:
                    70:6a:32:be:4d:2d:58:19:40:02:43:63:24:2c:77:
                    7a:c8:31:12:d7:45:80:80:95:d9:f8:49:e7:cf:8b:
                    6f:14:8b:1a:44:eb:8b:c8:ac:21:f6:cc:89:99:a6:
                    f1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:63:37:14:64:B8:6B:6A:73:6E:2C:B3:53:BD:BD:58:EF:45:6A:63
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/447ba741-5d23-4775-941c-ff67e42f5c3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:1798::/47

    Signature Algorithm: sha256WithRSAEncryption
         a3:0c:c0:7b:0d:3d:85:51:5a:20:93:c7:86:47:33:da:34:d1:
         28:3c:7f:1b:8e:3d:cb:af:e7:8a:23:b3:05:13:c9:9b:44:c5:
         74:9f:14:48:15:e2:a6:48:9d:dc:88:4a:6b:79:06:a9:18:f4:
         10:93:af:dd:f8:87:86:98:f2:f3:7d:88:40:e2:ee:c0:d5:8f:
         51:3f:8a:cd:ec:bd:92:ac:bc:c8:c1:09:71:7b:ed:ad:95:92:
         31:99:ea:56:6a:4e:d3:d2:1f:4a:42:cb:42:b4:5e:72:71:3f:
         35:bc:6f:c2:0b:dc:98:9d:3e:54:ef:a1:ac:04:33:31:74:0b:
         76:af:67:ce:46:09:22:f9:5d:2c:d9:ff:20:e7:9c:21:31:70:
         86:e8:51:74:f2:19:41:a7:cf:2e:d9:50:c3:22:b5:5e:ac:f5:
         ba:71:41:21:65:35:96:13:59:2e:61:e4:c6:3a:af:42:6e:98:
         c4:e1:b1:1d:c4:2c:9a:6e:52:66:a9:7e:0a:9f:87:9d:50:85:
         8c:11:5a:6d:66:0e:cf:fe:03:9f:9a:97:b5:0a:74:b3:6f:ef:
         4e:90:7b:fc:b8:20:5b:10:d9:fd:c1:82:f3:e2:13:37:94:7c:
         9a:84:3d:6a:4a:74:1b:fb:e1:96:7d:21:3b:6b:c1:9c:21:5f:
         6c:f0:8f:77
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQzC7+DSO4dhXgnO6e0213y3J/LEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMwMjEzNjU5WhcNMjUxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTQzZmEzZTc1NjM1ZWMzYjk0MTNjZTlkYzk3NDMxYjNj
OTRlNDM2NTk4NWRiYmNjZDdlMzkzZmIxY2JmNGE5MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDObl7m8FL90yBH7KyOQRqDMGvt344up6KcX5ZqhbR6aH4M
ImOYNzBZi7sLbYj1GX7/uMjsrHQ/dbudb85RrmCj/Ow+mWhD4n2Ymd3jZ/XTx4ll
9VT7xGhHNbKXbLk37LJ3hT1tP6dB4HvihBKwdMgP51ydbckwNUhZ1ONs21Mh/X6f
wO9HaW5v4Rir2cv0fOIsvfdUeygGT8uN0D0nTIy2hVaWTTwp6Y/LMw0s8Op5wzPj
3Kwrj8aKKHmwk7aIx8zrJJfYw/ZCiBJ37dolfnmrLnBqMr5NLVgZQAJDYyQsd3rI
MRLXRYCAldn4SefPi28UixpE64vIrCH2zImZpvHFAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUcmM3FGS4a2pzbiyzU729WO9FamMwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzQ0N2JhNzQxLTVkMjMtNDc3NS05NDFjLWZmNjdlNDJmNWMzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAF5gwDQYJKoZIhvcNAQELBQADggEBAKMMwHsNPYVRWiCTx4ZHM9o0
0Sg8fxuOPcuv54ojswUTyZtExXSfFEgV4qZIndyISmt5BqkY9BCTr934h4aY8vN9
iEDi7sDVj1E/is3svZKsvMjBCXF77a2VkjGZ6lZqTtPSH0pCy0K0XnJxPzW8b8IL
3JidPlTvoawEMzF0C3avZ85GCSL5XSzZ/yDnnCExcIboUXTyGUGnzy7ZUMMitV6s
9bpxQSFlNZYTWS5h5MY6r0JumMThsR3ELJpuUmapfgqfh51QhYwRWm1mDs/+A5+a
l7UKdLNv706Qe/y4IFsQ2f3BgvPiEzeUfJqEPWpKdBv74ZZ9ITtrwZwhX2zwj3c=
-----END CERTIFICATE-----