Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/bed31132-8975-4744-a470-42b6027cb5b8.roa
File:                     bed31132-8975-4744-a470-42b6027cb5b8.roa (raw, json)
Hash identifier:          63ZT05xjfdwRDiq/vc1IXtmuvDeTnJgNeHpyR0eF4HQ=
Subject key identifier:   83:D9:69:31:CF:F8:75:E2:7B:64:7F:58:3A:A4:EA:10:75:5B:69:FB
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       2C7D86F2DD8C78866A03D3234ACEE7A3338606F6
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/bed31132-8975-4744-a470-42b6027cb5b8.roa
Signing time:             Fri 31 Oct 2025 05:25:34 +0000
ROA not before:           Fri 31 Oct 2025 05:25:34 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:1bf0::/45 maxlen: 45
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:7d:86:f2:dd:8c:78:86:6a:03:d3:23:4a:ce:e7:a3:33:86:06:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 05:25:34 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=fff5165e927bcc505e445cdef1edcc63d197e8880d7fd92722de6c78fc7caf60, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:61:6a:cf:d7:28:eb:c7:c5:6b:0d:af:54:6d:
                    33:a8:f4:7d:09:7f:74:c3:99:f4:49:0a:7b:77:dc:
                    1b:10:67:bd:d3:32:6b:0d:a1:cd:3f:e5:8b:db:63:
                    e1:c7:87:69:ed:84:86:f7:bd:53:ff:c9:30:e0:c3:
                    8e:04:c1:66:bf:78:8f:09:83:3f:70:94:1a:33:af:
                    f1:48:50:8d:5e:f6:13:e1:7c:46:c0:b2:31:6e:b0:
                    a7:01:15:80:b0:1e:b6:ff:d0:20:79:f1:19:de:ec:
                    73:b0:f6:a2:50:b6:24:92:f9:c7:c9:a2:80:13:d0:
                    58:07:c6:46:95:a2:f8:7b:97:97:21:fd:9d:7d:15:
                    2b:5b:e1:1b:62:73:36:63:43:d5:e0:25:4f:cc:ec:
                    93:b4:1f:da:23:c9:5d:c0:2a:e5:82:9e:c0:c9:d8:
                    6c:d1:1c:bd:d0:a5:ac:cd:7e:b2:6d:7f:75:0b:1d:
                    ea:e1:53:85:b6:7d:6f:2b:e6:39:82:be:78:17:d3:
                    fc:d6:cd:1e:cd:ea:4e:37:98:4c:64:2c:89:0e:90:
                    f1:8c:98:9c:21:cd:80:5e:22:1e:fa:7c:b4:28:a5:
                    47:87:4e:fa:ba:f5:68:bb:e9:c3:52:e6:c7:af:9d:
                    42:de:ab:69:9d:d0:42:c8:5d:00:16:36:43:a4:e7:
                    53:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D9:69:31:CF:F8:75:E2:7B:64:7F:58:3A:A4:EA:10:75:5B:69:FB
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/bed31132-8975-4744-a470-42b6027cb5b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:1bf0::/45

    Signature Algorithm: sha256WithRSAEncryption
         4d:87:2d:d2:84:40:fe:67:de:fa:f1:8a:5e:81:38:13:ae:bf:
         ea:ad:1d:9d:c2:5f:6f:84:05:74:8e:8c:c6:a5:33:6b:8c:5d:
         90:a4:fc:0d:bc:d4:2f:58:93:27:af:77:9d:3d:50:5c:fd:ca:
         2f:d3:21:82:ea:42:fe:72:55:ce:17:ef:13:b0:21:40:49:3a:
         df:3e:79:e7:b5:62:0f:4e:af:d6:0e:24:c7:d2:a1:09:cf:25:
         87:f2:3c:41:28:1b:b8:eb:7f:12:96:a1:ed:81:90:b1:45:7f:
         d0:d2:8e:06:23:e1:e7:56:56:ea:99:f1:8e:3d:fa:c3:3a:0b:
         6c:7f:20:21:95:30:70:ee:fd:36:7a:76:84:5d:a4:fb:99:83:
         73:6c:3b:20:b6:db:49:d4:77:b7:a6:38:75:6d:44:35:e0:64:
         14:90:e1:7c:3e:00:65:8d:34:f5:aa:36:15:38:bb:4b:de:07:
         bc:7c:15:b1:0c:2f:c9:c2:22:eb:b3:fe:9d:c1:ec:d0:ac:a7:
         d3:43:32:78:98:3b:11:f9:46:cd:c2:7c:8d:9e:f0:9b:80:f4:
         b7:75:73:c8:cb:e3:42:14:6a:2d:d2:71:ff:71:ae:d2:e4:7d:
         b4:20:f2:fd:8a:ad:b7:5c:9e:00:fc:ac:51:64:f9:c4:56:57:
         24:f1:e3:bf
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULH2G8t2MeIZqA9MjSs7nozOGBvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDUyNTM0WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZmY1MTY1ZTkyN2JjYzUwNWU0NDVjZGVmMWVkY2M2M2Qx
OTdlODg4MGQ3ZmQ5MjcyMmRlNmM3OGZjN2NhZjYwMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCDYWrP1yjrx8VrDa9UbTOo9H0Jf3TDmfRJCnt33BsQZ73T
MmsNoc0/5YvbY+HHh2nthIb3vVP/yTDgw44EwWa/eI8Jgz9wlBozr/FIUI1e9hPh
fEbAsjFusKcBFYCwHrb/0CB58Rne7HOw9qJQtiSS+cfJooAT0FgHxkaVovh7l5ch
/Z19FStb4RticzZjQ9XgJU/M7JO0H9ojyV3AKuWCnsDJ2GzRHL3QpazNfrJtf3UL
HerhU4W2fW8r5jmCvngX0/zWzR7N6k43mExkLIkOkPGMmJwhzYBeIh76fLQopUeH
Tvq69Wi76cNS5sevnULeq2md0ELIXQAWNkOk51NhAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUg9lpMc/4deJ7ZH9YOqTqEHVbafswHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2JlZDMxMTMyLTg5NzUtNDc0NC1hNDcwLTQyYjYwMjdjYjViOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwMmAJAAG/AwDQYJKoZIhvcNAQELBQADggEBAE2HLdKEQP5n3vrxil6BOBOu
v+qtHZ3CX2+EBXSOjMalM2uMXZCk/A281C9Ykyevd509UFz9yi/TIYLqQv5yVc4X
7xOwIUBJOt8+eee1Yg9Or9YOJMfSoQnPJYfyPEEoG7jrfxKWoe2BkLFFf9DSjgYj
4edWVuqZ8Y49+sM6C2x/ICGVMHDu/TZ6doRdpPuZg3NsOyC220nUd7emOHVtRDXg
ZBSQ4Xw+AGWNNPWqNhU4u0veB7x8FbEML8nCIuuz/p3B7NCsp9NDMniYOxH5Rs3C
fI2e8JuA9Ld1c8jL40IUai3Scf9xrtLkfbQg8v2KrbdcngD8rFFk+cRWVyTx478=
-----END CERTIFICATE-----