Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/db00a81e-4477-46d8-a212-49fdd7e37458.roa
File:                     db00a81e-4477-46d8-a212-49fdd7e37458.roa (raw, json)
Hash identifier:          JWeefcxScEMt3EeS7BuT0+1RN1U/rsjDtaD98smrXBk=
Subject key identifier:   36:DA:F4:93:01:D0:F5:12:2E:7D:D3:6F:5B:78:DA:6E:79:6D:7F:02
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       5859534309DE358C7D822256043F0AF975D0E4AC
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/db00a81e-4477-46d8-a212-49fdd7e37458.roa
Signing time:             Thu 30 Oct 2025 21:23:57 +0000
ROA not before:           Thu 30 Oct 2025 21:23:57 +0000
ROA not after:            Thu 04 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:1686::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:59:53:43:09:de:35:8c:7d:82:22:56:04:3f:0a:f9:75:d0:e4:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 30 21:23:57 2025 GMT
            Not After : Dec  4 23:59:59 2025 GMT
        Subject: serialNumber=dfcc8da6dae4fe81bc7ce7937fc9089a1874c976de7bd467fe66eb0732b7cfa1, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e9:42:aa:62:7b:10:cb:41:d2:80:02:2f:32:
                    1c:36:13:44:42:1f:f5:fd:82:27:ff:89:1e:90:ed:
                    75:4a:5c:ec:1d:3e:fb:7e:8c:0a:85:e1:b4:17:77:
                    08:d4:ff:ea:aa:5e:d9:04:65:13:e3:d3:83:3b:7a:
                    95:7d:06:8b:25:d2:75:50:2e:75:56:c8:a9:82:b6:
                    41:2b:46:3b:ed:5f:7a:d9:52:24:ab:b0:6f:7e:38:
                    6e:8e:d8:06:91:78:f1:e5:f7:3d:35:fd:7a:f1:5a:
                    f8:d3:d2:6c:58:b6:17:34:85:aa:fe:de:9c:5f:4c:
                    4f:d8:a8:95:04:81:25:27:ee:77:b7:e6:fa:c3:1c:
                    2e:10:b1:0f:cc:24:72:28:ef:d0:2e:9a:75:f2:fd:
                    fd:6d:08:5f:c0:75:f9:91:58:5d:f5:5e:0e:c3:50:
                    30:9a:93:22:22:2b:81:cc:39:04:0f:e1:71:b5:a4:
                    cf:70:75:ea:5a:a5:b6:92:b6:c0:89:92:85:11:e2:
                    e8:7a:92:01:3d:eb:57:b3:16:1e:b2:16:1e:f1:02:
                    20:3e:f2:43:94:dd:e1:bc:4b:cf:c5:d5:24:89:9d:
                    44:ee:b7:b5:e6:e7:34:e7:34:7b:27:3d:de:61:71:
                    68:97:07:35:ca:aa:cc:8b:c6:13:96:ee:f4:aa:1d:
                    d5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DA:F4:93:01:D0:F5:12:2E:7D:D3:6F:5B:78:DA:6E:79:6D:7F:02
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/db00a81e-4477-46d8-a212-49fdd7e37458.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:1686::/47

    Signature Algorithm: sha256WithRSAEncryption
         67:b2:06:f1:17:9c:7a:ce:a6:f2:27:7b:d4:4e:fe:93:11:8e:
         84:b6:1a:ee:b9:7d:98:8b:e2:27:51:35:4d:7a:9a:3e:f0:46:
         56:1d:0c:5b:27:ad:4d:1b:a5:6f:60:5c:7e:fd:56:68:3b:1a:
         0c:d1:b9:87:ac:d8:59:af:c8:fe:5d:64:e6:b8:99:0c:70:e7:
         a0:9a:39:aa:79:3c:1f:8d:db:53:cb:30:f6:4b:11:0d:0b:c7:
         13:a0:f4:74:f3:67:f7:9f:18:0b:84:4d:f5:b6:4c:f9:de:23:
         2c:33:62:cb:e5:2c:ea:9f:fd:bf:75:e2:03:2a:73:7f:c8:64:
         3b:f6:28:f8:ed:04:bd:e6:ff:76:25:63:be:99:6e:0b:3a:41:
         84:a3:82:e5:83:df:be:3f:47:3f:4d:97:df:69:f4:2a:d4:aa:
         60:a4:0b:8f:66:d2:fb:df:8a:19:ae:79:47:da:4e:e9:ee:7c:
         72:d1:dd:0e:67:05:6e:fe:28:36:08:1a:4e:d7:bb:51:28:8c:
         e1:7e:ce:53:32:22:53:09:4f:ef:d1:eb:24:fe:f9:24:11:8a:
         d4:49:f4:89:c2:d5:d7:ff:27:1c:5b:be:ac:ae:4f:b6:f1:c0:
         1a:6b:e7:a4:70:01:65:57:7a:6d:ec:9c:f4:2d:e2:d9:e6:9d:
         b6:dc:7b:26
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWFlTQwneNYx9giJWBD8K+XXQ5KwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMwMjEyMzU3WhcNMjUxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZmNjOGRhNmRhZTRmZTgxYmM3Y2U3OTM3ZmM5MDg5YTE4
NzRjOTc2ZGU3YmQ0NjdmZTY2ZWIwNzMyYjdjZmExMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDj6UKqYnsQy0HSgAIvMhw2E0RCH/X9gif/iR6Q7XVKXOwd
Pvt+jAqF4bQXdwjU/+qqXtkEZRPj04M7epV9Bosl0nVQLnVWyKmCtkErRjvtX3rZ
UiSrsG9+OG6O2AaRePHl9z01/XrxWvjT0mxYthc0har+3pxfTE/YqJUEgSUn7ne3
5vrDHC4QsQ/MJHIo79AumnXy/f1tCF/AdfmRWF31Xg7DUDCakyIiK4HMOQQP4XG1
pM9wdepapbaStsCJkoUR4uh6kgE961ezFh6yFh7xAiA+8kOU3eG8S8/F1SSJnUTu
t7Xm5zTnNHsnPd5hcWiXBzXKqsyLxhOW7vSqHdXzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUNtr0kwHQ9RIufdNvW3jabnltfwIwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2RiMDBhODFlLTQ0NzctNDZkOC1hMjEyLTQ5ZmRkN2UzNzQ1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAFoYwDQYJKoZIhvcNAQELBQADggEBAGeyBvEXnHrOpvIne9RO/pMR
joS2Gu65fZiL4idRNU16mj7wRlYdDFsnrU0bpW9gXH79Vmg7GgzRuYes2FmvyP5d
ZOa4mQxw56CaOap5PB+N21PLMPZLEQ0LxxOg9HTzZ/efGAuETfW2TPneIywzYsvl
LOqf/b914gMqc3/IZDv2KPjtBL3m/3YlY76Zbgs6QYSjguWD374/Rz9Nl99p9CrU
qmCkC49m0vvfihmueUfaTunufHLR3Q5nBW7+KDYIGk7Xu1EojOF+zlMyIlMJT+/R
6yT++SQRitRJ9InC1df/JxxbvqyuT7bxwBpr56RwAWVXem3snPQt4tnmnbbceyY=
-----END CERTIFICATE-----