Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/c9be509a-c472-4423-8408-e77942318e4d.roa
File:                     c9be509a-c472-4423-8408-e77942318e4d.roa (raw, json)
Hash identifier:          vvqoImAU5TSaOZsv2FwJ0TLQCAMwK3AWQ8KY82nCYpI=
Subject key identifier:   CB:C3:A1:77:93:8C:A6:C6:BF:55:D1:38:82:0D:CC:72:60:5A:8E:4B
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       1B6168ABBEB03514B53F8B77DFFA360ADEBB6A68
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/c9be509a-c472-4423-8408-e77942318e4d.roa
Signing time:             Fri 31 Oct 2025 05:55:27 +0000
ROA not before:           Fri 31 Oct 2025 05:55:27 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:3290::/45 maxlen: 45
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:61:68:ab:be:b0:35:14:b5:3f:8b:77:df:fa:36:0a:de:bb:6a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 05:55:27 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=ef37504b8e844b88ec5e6e5f8760beb2c058ee88021c4b8f465e82b25e876494, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d4:35:74:5b:f6:eb:16:2d:36:7c:ce:2a:e6:
                    44:e8:05:6c:be:8a:9f:b5:1e:f4:4a:26:61:31:e1:
                    5b:06:20:bf:f7:47:23:67:e8:82:3b:2d:19:cc:ac:
                    d2:c4:63:60:68:63:6f:5f:b0:82:8a:6e:f6:f1:4c:
                    a4:45:8c:e8:ef:b0:2d:02:5c:8f:ef:d7:22:16:21:
                    1f:75:b0:db:f9:8c:65:75:ca:06:20:54:f1:74:33:
                    88:57:af:31:de:13:eb:e0:01:03:0f:f2:bc:bc:64:
                    9d:6d:4d:8a:89:e9:b9:e4:60:6c:5c:6e:89:76:e9:
                    95:e3:a4:f2:93:0e:d6:ce:d0:07:70:20:1c:e0:89:
                    25:c0:52:e0:ee:ea:e2:ea:df:11:03:ef:f7:16:ff:
                    1f:f0:91:1d:2c:13:c2:2f:be:95:15:80:c3:6d:f4:
                    d1:6f:4a:fc:6e:d0:0b:e8:1a:03:7e:31:8d:39:91:
                    34:9f:b3:b2:77:37:7f:99:4d:3f:c5:fa:87:a8:52:
                    d8:af:83:ea:9c:ba:c1:52:73:60:37:38:53:e4:f4:
                    9f:64:11:a9:94:a3:d4:56:e0:31:f8:6d:0d:6b:17:
                    14:4d:e7:5c:e8:63:77:f1:45:46:ab:35:94:71:56:
                    25:f8:1f:ac:59:b2:fc:03:7b:dc:bc:d3:29:33:56:
                    93:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C3:A1:77:93:8C:A6:C6:BF:55:D1:38:82:0D:CC:72:60:5A:8E:4B
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/c9be509a-c472-4423-8408-e77942318e4d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:3290::/45

    Signature Algorithm: sha256WithRSAEncryption
         91:38:ed:24:c4:ea:6d:97:65:72:8a:8c:cc:61:cf:75:64:d2:
         c8:4e:ce:a1:bf:f6:7c:9a:50:7e:20:17:94:08:51:ff:f5:0e:
         73:7d:ad:2d:4f:63:cf:cd:f5:bb:a9:42:24:cf:df:f5:04:eb:
         f9:b4:ab:29:2d:a4:ee:ab:3d:99:bb:15:bd:f8:af:43:8c:79:
         36:b2:11:37:27:99:8d:ae:11:f9:ab:91:8e:c1:e2:62:b0:e3:
         67:94:9d:6c:90:5d:41:fd:15:42:09:49:ad:f5:45:65:cc:d5:
         a4:6e:ab:94:c8:2f:60:bb:f6:aa:77:6b:30:38:ce:b9:cb:13:
         d1:9b:97:af:70:b8:66:fd:92:85:f2:72:45:4d:ba:6e:7f:84:
         67:c6:a1:40:36:90:23:08:75:35:03:c4:3b:46:93:be:ba:31:
         93:71:9f:06:e5:24:cd:d8:aa:e2:5d:fb:da:63:5c:bb:7b:06:
         74:5d:0f:96:d5:d6:6d:03:18:25:98:3a:99:74:fb:8c:76:d9:
         58:86:3b:b1:2a:55:47:01:50:db:d8:06:d6:03:27:a1:93:b8:
         14:ee:32:42:b1:8b:7b:2b:6d:b3:bc:17:ed:16:7d:99:f3:d7:
         89:d7:80:f3:a9:4a:a8:31:b3:c2:2a:59:77:57:11:48:62:fb:
         7d:53:90:38
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUG2Foq76wNRS1P4t33/o2Ct67amgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDU1NTI3WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjM3NTA0YjhlODQ0Yjg4ZWM1ZTZlNWY4NzYwYmViMmMw
NThlZTg4MDIxYzRiOGY0NjVlODJiMjVlODc2NDk0MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE1DV0W/brFi02fM4q5kToBWy+ip+1HvRKJmEx4VsGIL/3
RyNn6II7LRnMrNLEY2BoY29fsIKKbvbxTKRFjOjvsC0CXI/v1yIWIR91sNv5jGV1
ygYgVPF0M4hXrzHeE+vgAQMP8ry8ZJ1tTYqJ6bnkYGxcbol26ZXjpPKTDtbO0Adw
IBzgiSXAUuDu6uLq3xED7/cW/x/wkR0sE8IvvpUVgMNt9NFvSvxu0AvoGgN+MY05
kTSfs7J3N3+ZTT/F+oeoUtivg+qcusFSc2A3OFPk9J9kEamUo9RW4DH4bQ1rFxRN
51zoY3fxRUarNZRxViX4H6xZsvwDe9y80ykzVpOnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUy8Ohd5OMpsa/VdE4gg3McmBajkswHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2M5YmU1MDlhLWM0NzItNDQyMy04NDA4LWU3Nzk0MjMxOGU0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwMmAJAAMpAwDQYJKoZIhvcNAQELBQADggEBAJE47STE6m2XZXKKjMxhz3Vk
0shOzqG/9nyaUH4gF5QIUf/1DnN9rS1PY8/N9bupQiTP3/UE6/m0qyktpO6rPZm7
Fb34r0OMeTayETcnmY2uEfmrkY7B4mKw42eUnWyQXUH9FUIJSa31RWXM1aRuq5TI
L2C79qp3azA4zrnLE9Gbl69wuGb9koXyckVNum5/hGfGoUA2kCMIdTUDxDtGk766
MZNxnwblJM3YquJd+9pjXLt7BnRdD5bV1m0DGCWYOpl0+4x22ViGO7EqVUcBUNvY
BtYDJ6GTuBTuMkKxi3srbbO8F+0WfZnz14nXgPOpSqgxs8IqWXdXEUhi+31TkDg=
-----END CERTIFICATE-----