Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/f4edb23e-7360-4927-8791-94d7c0d7be3d.roa
File:                     f4edb23e-7360-4927-8791-94d7c0d7be3d.roa (raw, json)
Hash identifier:          4b3tC/wlXHsB3j36HWAUp/c+2NNFNeO8sJ4AH92npSE=
Subject key identifier:   06:ED:E8:6B:FA:20:25:13:45:DF:E3:79:04:01:9B:20:08:1A:6C:6A
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       58F93C7CCD0EE76B6C7034F699E5F37D99844878
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/f4edb23e-7360-4927-8791-94d7c0d7be3d.roa
Signing time:             Fri 31 Oct 2025 02:08:13 +0000
ROA not before:           Fri 31 Oct 2025 02:08:13 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:3faa::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:f9:3c:7c:cd:0e:e7:6b:6c:70:34:f6:99:e5:f3:7d:99:84:48:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 02:08:13 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=7e78a5fd8655335b6d4f00ab9f2985b0853747c12c086338cb707a4d37474355, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fc:59:7c:fd:c3:3b:eb:80:97:db:52:61:76:
                    f6:2a:93:14:0a:11:de:91:02:29:7b:32:d0:57:c7:
                    fe:24:14:34:1a:47:bf:ce:23:50:0e:c7:96:c1:f5:
                    85:75:71:44:33:75:cd:b1:ed:c1:10:d8:64:37:3e:
                    e6:40:a7:93:11:34:97:23:a5:b9:78:7a:82:ee:fd:
                    28:aa:bf:62:0e:99:af:c0:f1:f8:1f:7b:c9:e2:45:
                    c3:38:fe:f4:c8:0d:28:46:b2:88:0a:32:12:7a:db:
                    b0:ad:a6:c8:91:6d:fe:19:4f:8f:0c:db:95:5a:85:
                    63:90:f9:e0:03:e6:88:ce:4e:3b:35:76:30:b4:2b:
                    b3:ba:df:be:a8:2a:8f:34:0b:86:e4:c9:4e:06:18:
                    de:75:b7:67:fc:a2:79:70:24:fd:88:50:f8:03:09:
                    5e:41:58:5e:55:93:66:5c:fc:d5:6a:a7:a5:81:bd:
                    bb:ff:12:7b:99:f0:99:f2:72:35:ad:96:54:ce:4b:
                    8f:45:01:99:cc:91:5c:c0:1b:6d:8a:06:3e:c3:25:
                    62:a0:cd:ff:94:78:58:35:de:4a:74:d5:a2:e6:c3:
                    06:b4:76:20:fa:16:71:3a:23:e1:9b:70:39:d5:90:
                    a4:52:95:11:00:0f:c4:2a:e6:a0:7e:e7:cf:e1:39:
                    12:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:ED:E8:6B:FA:20:25:13:45:DF:E3:79:04:01:9B:20:08:1A:6C:6A
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/f4edb23e-7360-4927-8791-94d7c0d7be3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:3faa::/47

    Signature Algorithm: sha256WithRSAEncryption
         a0:3b:74:fd:0e:41:9c:c0:a0:13:fb:7e:a8:d1:3a:55:42:3d:
         9f:1f:c5:80:8f:0f:70:11:2a:48:a6:58:95:21:3e:b8:24:98:
         7e:39:b1:81:cd:92:90:c5:d1:1a:7c:90:6b:92:4b:d3:b7:7c:
         03:53:df:b2:0a:45:5c:4a:44:bc:01:df:54:ce:78:e2:ae:a8:
         ad:25:7b:fd:67:46:c7:18:c9:f6:7b:6a:c7:bc:59:b6:96:dc:
         93:40:ca:ed:b7:a1:be:40:35:b8:23:eb:67:5a:5a:29:9a:00:
         e2:d3:8a:d5:b8:28:6f:3e:e2:c1:17:37:7e:55:a5:46:4c:f9:
         8c:9a:85:2a:04:b9:4f:82:60:af:43:73:2d:54:54:0e:7c:7c:
         e9:71:07:1a:8f:da:99:8b:35:78:7f:3b:e0:82:25:d2:84:e7:
         30:6a:76:7a:83:9b:0f:59:6c:23:0f:d7:b2:26:57:75:52:d3:
         89:44:0f:5c:a4:7d:86:f7:5d:22:d1:0e:32:2f:77:f7:c2:cd:
         b6:8f:e7:5a:1d:2e:b0:3f:b8:20:74:de:66:1b:c2:00:71:2c:
         7a:ba:99:94:79:6e:f0:ad:77:9f:33:b2:02:e6:3b:8f:53:fa:
         0a:d5:b0:81:75:bc:c5:13:58:85:8b:30:ef:1a:54:be:6d:22:
         00:d3:cb:60
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWPk8fM0O52tscDT2meXzfZmESHgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDIwODEzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTc4YTVmZDg2NTUzMzViNmQ0ZjAwYWI5ZjI5ODViMDg1
Mzc0N2MxMmMwODYzMzhjYjcwN2E0ZDM3NDc0MzU1MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw/Fl8/cM764CX21JhdvYqkxQKEd6RAil7MtBXx/4kFDQa
R7/OI1AOx5bB9YV1cUQzdc2x7cEQ2GQ3PuZAp5MRNJcjpbl4eoLu/Siqv2IOma/A
8fgfe8niRcM4/vTIDShGsogKMhJ627CtpsiRbf4ZT48M25VahWOQ+eAD5ojOTjs1
djC0K7O6376oKo80C4bkyU4GGN51t2f8onlwJP2IUPgDCV5BWF5Vk2Zc/NVqp6WB
vbv/EnuZ8JnycjWtllTOS49FAZnMkVzAG22KBj7DJWKgzf+UeFg13kp01aLmwwa0
diD6FnE6I+GbcDnVkKRSlREAD8Qq5qB+58/hORKhAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUBu3oa/ogJRNF3+N5BAGbIAgabGowHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2Y0ZWRiMjNlLTczNjAtNDkyNy04NzkxLTk0ZDdjMGQ3YmUzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAP6owDQYJKoZIhvcNAQELBQADggEBAKA7dP0OQZzAoBP7fqjROlVC
PZ8fxYCPD3ARKkimWJUhPrgkmH45sYHNkpDF0Rp8kGuSS9O3fANT37IKRVxKRLwB
31TOeOKuqK0le/1nRscYyfZ7ase8WbaW3JNAyu23ob5ANbgj62daWimaAOLTitW4
KG8+4sEXN35VpUZM+YyahSoEuU+CYK9Dcy1UVA58fOlxBxqP2pmLNXh/O+CCJdKE
5zBqdnqDmw9ZbCMP17ImV3VS04lED1ykfYb3XSLRDjIvd/fCzbaP51odLrA/uCB0
3mYbwgBxLHq6mZR5bvCtd58zsgLmO49T+grVsIF1vMUTWIWLMO8aVL5tIgDTy2A=
-----END CERTIFICATE-----