Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/789fc541-ebc8-4082-9301-f11b9458f937.roa
File:                     789fc541-ebc8-4082-9301-f11b9458f937.roa (raw, json)
Hash identifier:          dCvHuchU72+PzG4BF3OhH4QRrSEDDeVXgjXVmBzDsho=
Subject key identifier:   4D:98:BA:54:1C:F7:96:F7:F4:C6:A7:48:ED:87:05:C4:F0:3D:BE:42
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       081A58045CB35174EB4FAD3A35738959C0C7A5CB
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/789fc541-ebc8-4082-9301-f11b9458f937.roa
Signing time:             Thu 30 Oct 2025 22:55:41 +0000
ROA not before:           Thu 30 Oct 2025 22:55:41 +0000
ROA not after:            Thu 04 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:2a08::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Nov 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:1a:58:04:5c:b3:51:74:eb:4f:ad:3a:35:73:89:59:c0:c7:a5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 30 22:55:41 2025 GMT
            Not After : Dec  4 23:59:59 2025 GMT
        Subject: serialNumber=72afc28185a22dd49036a9724e41de0633f6ed67628241b221e4f552868e1b20, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:a3:c7:cc:3a:7f:2c:d8:1c:e3:e8:ff:4d:0f:
                    97:53:9f:05:82:c7:f3:8d:ed:49:bd:92:df:00:f0:
                    7b:63:ef:a9:b9:92:36:50:18:41:24:84:86:8a:7f:
                    29:40:21:98:92:48:a4:40:c1:e9:93:62:d8:7d:49:
                    01:da:62:bf:f3:9d:fa:0a:56:81:69:9e:9b:d0:97:
                    31:4f:41:0c:47:d1:69:fd:8e:a8:ff:61:7e:9f:86:
                    28:2e:ea:11:fa:c5:c8:83:01:3b:eb:61:b8:a7:1d:
                    8f:a8:8a:e7:fd:b8:86:24:ee:85:ee:be:02:56:b0:
                    c9:93:12:50:d2:a7:ea:72:aa:6e:75:70:57:ee:70:
                    4e:0d:70:c3:fa:00:52:8c:12:fa:ab:9f:ea:74:96:
                    0f:f0:db:23:ce:c7:21:4d:da:fe:6e:4e:3f:4c:22:
                    fc:17:3d:2e:12:39:fa:dc:e2:98:29:79:72:48:9d:
                    c7:05:db:a3:65:83:22:f1:0a:18:35:88:76:01:05:
                    03:b5:8f:41:7d:dc:5c:fe:b6:33:90:da:ef:d8:6e:
                    b5:aa:e8:8b:1c:0a:d4:43:4e:f3:07:63:c4:48:3a:
                    65:a7:7d:17:e8:f2:42:48:49:94:1b:0c:c6:0e:1e:
                    0f:43:99:bf:b3:3f:17:e2:5e:b2:7b:8a:4d:09:34:
                    12:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:98:BA:54:1C:F7:96:F7:F4:C6:A7:48:ED:87:05:C4:F0:3D:BE:42
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/789fc541-ebc8-4082-9301-f11b9458f937.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:2a08::/47

    Signature Algorithm: sha256WithRSAEncryption
         0a:bc:f8:28:0c:da:da:bb:78:7d:7c:f7:8e:88:82:e2:80:50:
         e8:11:ba:91:45:31:ac:f9:03:09:64:43:00:a5:81:5e:bb:1f:
         4c:a3:55:40:c2:b8:11:5d:39:18:09:16:f5:5c:ff:d6:d5:c0:
         96:8f:6d:5c:e3:9c:26:18:62:ee:3b:6a:9f:49:f5:38:ee:d1:
         d5:d8:77:cf:ca:81:57:4d:e4:8b:36:74:28:7b:c4:8c:27:cc:
         61:6d:c8:a9:f9:c1:70:44:c4:62:86:88:44:08:36:5b:d9:74:
         63:6e:80:d0:93:84:2e:e7:23:70:a8:89:ed:1d:ad:34:ce:fa:
         72:80:8c:2e:53:b4:40:3c:d8:13:d9:5e:52:f3:d4:52:0b:59:
         c4:97:db:c3:e4:2e:5b:6a:28:6a:43:70:04:8e:45:76:3b:06:
         85:0f:2b:0a:43:60:00:51:a4:7f:33:0b:ad:6a:e9:1b:79:90:
         85:72:0f:25:49:c7:0d:26:4c:20:fe:7b:8b:96:19:f4:94:59:
         91:14:ba:a8:b6:d0:7b:0c:42:bd:03:1b:84:74:6a:c3:4b:65:
         7e:08:68:95:a8:73:a0:af:b3:78:67:5c:df:ef:cb:46:6d:54:
         91:4f:47:93:bc:d1:c6:c0:36:c6:3b:95:a8:23:12:96:f9:64:
         b2:7d:af:64
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCBpYBFyzUXTrT606NXOJWcDHpcswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMwMjI1NTQxWhcNMjUxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MmFmYzI4MTg1YTIyZGQ0OTAzNmE5NzI0ZTQxZGUwNjMz
ZjZlZDY3NjI4MjQxYjIyMWU0ZjU1Mjg2OGUxYjIwMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwo8fMOn8s2Bzj6P9ND5dTnwWCx/ON7Um9kt8A8Htj76m5
kjZQGEEkhIaKfylAIZiSSKRAwemTYth9SQHaYr/znfoKVoFpnpvQlzFPQQxH0Wn9
jqj/YX6fhigu6hH6xciDATvrYbinHY+oiuf9uIYk7oXuvgJWsMmTElDSp+pyqm51
cFfucE4NcMP6AFKMEvqrn+p0lg/w2yPOxyFN2v5uTj9MIvwXPS4SOfrc4pgpeXJI
nccF26NlgyLxChg1iHYBBQO1j0F93Fz+tjOQ2u/YbrWq6IscCtRDTvMHY8RIOmWn
fRfo8kJISZQbDMYOHg9Dmb+zPxfiXrJ7ik0JNBJbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUTZi6VBz3lvf0xqdI7YcFxPA9vkIwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1Lzc4OWZjNTQxLWViYzgtNDA4Mi05MzAxLWYxMWI5NDU4ZjkzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAKggwDQYJKoZIhvcNAQELBQADggEBAAq8+CgM2tq7eH18946IguKA
UOgRupFFMaz5AwlkQwClgV67H0yjVUDCuBFdORgJFvVc/9bVwJaPbVzjnCYYYu47
ap9J9Tju0dXYd8/KgVdN5Is2dCh7xIwnzGFtyKn5wXBExGKGiEQINlvZdGNugNCT
hC7nI3Coie0drTTO+nKAjC5TtEA82BPZXlLz1FILWcSX28PkLltqKGpDcASORXY7
BoUPKwpDYABRpH8zC61q6Rt5kIVyDyVJxw0mTCD+e4uWGfSUWZEUuqi20HsMQr0D
G4R0asNLZX4IaJWoc6Cvs3hnXN/vy0ZtVJFPR5O80cbANsY7lagjEpb5ZLJ9r2Q=
-----END CERTIFICATE-----