Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/bb445612-7951-45f9-b9a1-200da27d1dfe.roa
File:                     bb445612-7951-45f9-b9a1-200da27d1dfe.roa (raw, json)
Hash identifier:          7/YcsEvn3lBg3edXzYrqKYqWD5YYi9X9tZp2dJRyzfg=
Subject key identifier:   6C:E4:D1:5D:FC:85:3D:22:11:F4:A6:36:7E:AC:05:4A:9C:F5:AD:A8
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       5FE9E85E3ECF74C0EAE882752898DF8857B19F45
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/bb445612-7951-45f9-b9a1-200da27d1dfe.roa
Signing time:             Fri 31 Oct 2025 07:55:32 +0000
ROA not before:           Fri 31 Oct 2025 07:55:32 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:2600::/39 maxlen: 39
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:e9:e8:5e:3e:cf:74:c0:ea:e8:82:75:28:98:df:88:57:b1:9f:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 07:55:32 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=bed37d6888ae9d36e29658fa7ccaf1e654a6acf3040448ca5c5b48a9bd0a0785, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0f:87:5d:d2:b6:69:27:5c:73:f2:7c:8f:cd:
                    11:9e:9d:d0:bf:05:df:e4:e1:11:a9:56:dd:a7:12:
                    d1:fc:99:83:d9:ee:5f:02:0c:0b:da:23:5e:de:32:
                    2a:2e:a6:cb:4d:00:ee:fe:79:82:62:9a:59:1d:9e:
                    03:f7:67:f4:d1:90:23:a4:f3:9b:d9:2a:af:fc:f0:
                    69:0c:72:89:dc:d1:9e:03:1a:10:37:3e:e5:6e:3c:
                    bf:0a:4d:98:18:59:6a:7b:68:4c:e5:cb:bd:75:98:
                    86:97:41:16:dc:a1:75:57:84:b8:ba:87:32:cf:83:
                    80:4e:70:07:e7:ab:99:12:62:2c:47:5a:25:97:1f:
                    a3:a0:18:5c:a8:f8:10:10:a1:9d:93:1e:64:28:9d:
                    21:01:56:bb:34:6d:c4:31:ac:65:95:11:ca:52:96:
                    7c:78:7c:6e:09:44:38:a0:08:e0:60:24:80:8c:88:
                    65:d3:15:a9:c3:d6:bf:a3:ed:2f:0d:f6:63:00:ca:
                    ee:74:48:b3:0e:dd:ac:c7:d1:d0:5f:7a:23:6b:94:
                    24:4e:01:2c:17:a9:73:17:93:8d:b9:8e:53:62:c9:
                    31:b2:c1:96:98:61:cf:16:4a:f0:a3:a9:6c:da:dd:
                    0a:0b:81:41:26:c1:a4:70:ed:ed:70:1b:5d:95:e5:
                    0d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E4:D1:5D:FC:85:3D:22:11:F4:A6:36:7E:AC:05:4A:9C:F5:AD:A8
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/bb445612-7951-45f9-b9a1-200da27d1dfe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:2600::/39

    Signature Algorithm: sha256WithRSAEncryption
         7d:74:10:53:48:eb:15:86:2e:88:7c:2d:30:73:b0:31:87:d2:
         3c:f3:65:ca:36:79:d9:e0:cc:95:1b:80:48:90:0b:87:96:33:
         17:5a:5d:4a:9a:a1:0e:f9:55:d0:4a:cf:65:29:cf:4f:0d:40:
         6b:eb:2c:14:a3:47:82:82:75:5a:6f:53:89:ca:e8:ac:bb:70:
         63:ba:9a:64:49:40:38:fe:c5:1e:3b:cf:0e:a6:00:66:18:66:
         10:c0:52:73:2e:21:20:52:36:bc:f9:41:8c:da:48:49:93:0c:
         65:1c:ef:bf:45:b7:7f:5b:06:c9:37:d7:96:15:13:90:c6:04:
         14:07:e3:a9:db:f4:3e:c2:64:00:45:9d:cf:2f:1f:51:58:bf:
         7c:4c:68:8d:91:1c:61:8e:24:c8:5c:d9:c1:2d:1d:c2:b5:8f:
         ac:21:0d:bf:ba:11:7c:e7:85:36:02:d5:07:ff:67:d4:67:54:
         c9:ba:bb:92:12:59:d4:0c:48:89:69:93:87:4a:63:ad:f2:71:
         4a:c5:44:43:cb:8e:10:00:59:dd:7b:f6:c8:a8:88:e3:64:22:
         7c:9b:76:2f:7b:d4:97:07:3c:0e:6f:e9:a8:e5:80:82:b0:a5:
         2b:dc:ba:94:a3:60:3e:07:e7:84:5a:41:83:65:1b:a3:4e:a3:
         e0:77:4e:f8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUX+noXj7PdMDq6IJ1KJjfiFexn0UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDc1NTMyWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZWQzN2Q2ODg4YWU5ZDM2ZTI5NjU4ZmE3Y2NhZjFlNjU0
YTZhY2YzMDQwNDQ4Y2E1YzViNDhhOWJkMGEwNzg1MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfD4dd0rZpJ1xz8nyPzRGendC/Bd/k4RGpVt2nEtH8mYPZ
7l8CDAvaI17eMioupstNAO7+eYJimlkdngP3Z/TRkCOk85vZKq/88GkMconc0Z4D
GhA3PuVuPL8KTZgYWWp7aEzly711mIaXQRbcoXVXhLi6hzLPg4BOcAfnq5kSYixH
WiWXH6OgGFyo+BAQoZ2THmQonSEBVrs0bcQxrGWVEcpSlnx4fG4JRDigCOBgJICM
iGXTFanD1r+j7S8N9mMAyu50SLMO3azH0dBfeiNrlCROASwXqXMXk425jlNiyTGy
wZaYYc8WSvCjqWza3QoLgUEmwaRw7e1wG12V5Q1FAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUbOTRXfyFPSIR9KY2fqwFSpz1ragwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2JiNDQ1NjEyLTc5NTEtNDVmOS1iOWExLTIwMGRhMjdkMWRmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAJAAJjANBgkqhkiG9w0BAQsFAAOCAQEAfXQQU0jrFYYuiHwtMHOwMYfS
PPNlyjZ52eDMlRuASJALh5YzF1pdSpqhDvlV0ErPZSnPTw1Aa+ssFKNHgoJ1Wm9T
icrorLtwY7qaZElAOP7FHjvPDqYAZhhmEMBScy4hIFI2vPlBjNpISZMMZRzvv0W3
f1sGyTfXlhUTkMYEFAfjqdv0PsJkAEWdzy8fUVi/fExojZEcYY4kyFzZwS0dwrWP
rCENv7oRfOeFNgLVB/9n1GdUybq7khJZ1AxIiWmTh0pjrfJxSsVEQ8uOEABZ3Xv2
yKiI42QifJt2L3vUlwc8Dm/pqOWAgrClK9y6lKNgPgfnhFpBg2Ubo06j4HdO+A==
-----END CERTIFICATE-----