Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/9412a5a1-3075-418e-9428-d0ef82c68272.roa
File:                     9412a5a1-3075-418e-9428-d0ef82c68272.roa (raw, json)
Hash identifier:          KExbPhTlZQ8hQbcthZX7WVELiHSKp82be41Sr6OAlAc=
Subject key identifier:   85:BE:4C:F1:0C:95:49:89:84:31:55:63:11:1E:31:B4:5D:33:C9:EA
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       2529EF03385184D40617D6F4EC10FC0C1786B91C
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/9412a5a1-3075-418e-9428-d0ef82c68272.roa
Signing time:             Fri 31 Oct 2025 00:40:01 +0000
ROA not before:           Fri 31 Oct 2025 00:40:01 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:36b0::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:29:ef:03:38:51:84:d4:06:17:d6:f4:ec:10:fc:0c:17:86:b9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 00:40:01 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=2d2afe7083fc8a1a291e83df0e3983b90026bb095bda4007817875867fe37119, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c9:7a:44:2e:66:7d:30:9e:4c:9e:6e:9e:c3:
                    95:fc:1d:b4:52:9f:3d:e0:98:71:bf:fc:a6:af:3a:
                    6e:3c:f8:de:01:d2:14:4b:dd:83:c8:d3:28:d8:d3:
                    61:61:b8:cf:83:d5:07:43:9a:5b:fd:63:c0:e2:f1:
                    73:75:8c:d1:b0:2b:a4:01:97:38:a9:01:37:7b:cf:
                    8c:06:2b:25:e2:24:b7:c7:e6:b7:2a:d3:0e:33:67:
                    79:fa:bb:bc:79:46:21:43:13:7c:c4:38:9b:b4:7a:
                    81:82:82:3f:72:f3:fa:ca:97:0f:ad:6b:aa:33:61:
                    99:fb:58:15:c9:6d:de:f5:0a:c4:cd:26:ea:6b:99:
                    55:e3:65:7c:9d:30:49:e8:01:e0:8b:a4:cc:22:cd:
                    54:b4:6b:62:4b:85:c3:b5:e3:0d:80:6b:73:28:1b:
                    60:bb:9d:8b:bc:29:70:0b:3d:fb:5b:0b:70:b7:d8:
                    94:3c:cc:4b:45:e2:10:86:56:63:16:4f:75:c3:bb:
                    34:47:ab:1a:ed:df:72:35:dc:02:31:2b:ed:78:00:
                    91:1f:d1:8f:72:0e:d0:75:a0:48:b8:38:53:b1:b2:
                    30:62:18:51:52:5b:31:31:22:c3:7e:84:25:d4:66:
                    8f:e1:c9:eb:f7:9e:f7:f7:42:3d:87:d8:d4:55:15:
                    b2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:BE:4C:F1:0C:95:49:89:84:31:55:63:11:1E:31:B4:5D:33:C9:EA
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/9412a5a1-3075-418e-9428-d0ef82c68272.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:36b0::/47

    Signature Algorithm: sha256WithRSAEncryption
         aa:60:c0:cd:9c:69:e6:29:c8:14:67:85:51:9a:02:53:6b:38:
         c4:04:dd:3d:21:fa:6e:8c:bc:49:22:b6:ed:d9:f7:30:30:01:
         9b:45:e4:ca:94:8a:a7:d9:62:fd:fe:3f:bd:70:8a:04:ac:49:
         b0:c3:b8:0b:27:6d:ee:3b:6d:30:63:85:e4:ff:f1:91:70:0b:
         5e:2a:d1:3c:26:fc:ae:8f:6f:56:6b:44:21:5b:b4:f3:d3:f1:
         53:c6:48:87:50:7b:66:39:7f:fb:6b:ac:3b:ef:6d:73:fe:70:
         4a:1a:91:4a:ab:68:6b:ce:e7:f6:ec:2c:4b:81:44:e5:63:2a:
         bd:60:9b:a6:49:a1:c7:69:07:a5:dc:af:57:92:18:c4:83:d8:
         d6:4e:3c:bc:dc:35:7e:5d:d5:16:1c:24:2c:50:0d:3f:72:0c:
         3c:7a:3a:ba:7e:9a:49:59:06:9c:4b:24:f3:e6:6e:12:b2:34:
         e0:f4:ff:e5:d8:1c:50:33:54:3d:05:0b:56:4c:28:57:d8:d0:
         48:66:a0:99:4d:5e:ea:1a:d6:23:de:1f:7d:5d:6d:39:d2:de:
         7b:c7:ac:e2:5c:48:59:2c:9f:c3:d1:4e:4a:ec:07:2a:6a:d7:
         b8:3e:b0:c6:57:82:46:86:1f:4b:32:a1:1c:9e:af:1d:25:e5:
         2d:d1:c9:9c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJSnvAzhRhNQGF9b07BD8DBeGuRwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDA0MDAxWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDJhZmU3MDgzZmM4YTFhMjkxZTgzZGYwZTM5ODNiOTAw
MjZiYjA5NWJkYTQwMDc4MTc4NzU4NjdmZTM3MTE5MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8yXpELmZ9MJ5Mnm6ew5X8HbRSnz3gmHG//KavOm48+N4B
0hRL3YPI0yjY02FhuM+D1QdDmlv9Y8Di8XN1jNGwK6QBlzipATd7z4wGKyXiJLfH
5rcq0w4zZ3n6u7x5RiFDE3zEOJu0eoGCgj9y8/rKlw+ta6ozYZn7WBXJbd71CsTN
JuprmVXjZXydMEnoAeCLpMwizVS0a2JLhcO14w2Aa3MoG2C7nYu8KXALPftbC3C3
2JQ8zEtF4hCGVmMWT3XDuzRHqxrt33I13AIxK+14AJEf0Y9yDtB1oEi4OFOxsjBi
GFFSWzExIsN+hCXUZo/hyev3nvf3Qj2H2NRVFbJFAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhb5M8QyVSYmEMVVjER4xtF0zyeowHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1Lzk0MTJhNWExLTMwNzUtNDE4ZS05NDI4LWQwZWY4MmM2ODI3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAANrAwDQYJKoZIhvcNAQELBQADggEBAKpgwM2caeYpyBRnhVGaAlNr
OMQE3T0h+m6MvEkitu3Z9zAwAZtF5MqUiqfZYv3+P71wigSsSbDDuAsnbe47bTBj
heT/8ZFwC14q0Twm/K6Pb1ZrRCFbtPPT8VPGSIdQe2Y5f/trrDvvbXP+cEoakUqr
aGvO5/bsLEuBROVjKr1gm6ZJocdpB6Xcr1eSGMSD2NZOPLzcNX5d1RYcJCxQDT9y
DDx6Orp+mklZBpxLJPPmbhKyNOD0/+XYHFAzVD0FC1ZMKFfY0EhmoJlNXuoa1iPe
H31dbTnS3nvHrOJcSFksn8PRTkrsBypq17g+sMZXgkaGH0syoRyerx0l5S3RyZw=
-----END CERTIFICATE-----