Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/fdaab66c-afad-4868-8d79-392861e9c923.roa
File:                     fdaab66c-afad-4868-8d79-392861e9c923.roa (raw, json)
Hash identifier:          5cRSoZevGsewLztqHMMocjSdvc7bEIS2Xurfx6XWzj8=
Subject key identifier:   86:AE:94:36:30:C1:D6:EC:5D:51:F8:F0:F3:AD:80:F1:72:D2:43:68
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       066CE67B7616936694788C3F7C15FAAB55821DA2
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/fdaab66c-afad-4868-8d79-392861e9c923.roa
Signing time:             Fri 31 Oct 2025 00:10:15 +0000
ROA not before:           Fri 31 Oct 2025 00:10:15 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:3362::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Nov 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:6c:e6:7b:76:16:93:66:94:78:8c:3f:7c:15:fa:ab:55:82:1d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 31 00:10:15 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=73d72a8f8278cd602dbb65a5b6fbfa6ef33a04e52fe85e56e54767570d6266f5, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a2:90:9a:cb:6e:bd:d2:65:6a:05:3a:3f:2b:
                    ce:ce:69:a7:4e:df:fb:37:25:74:47:d3:a5:18:67:
                    24:cf:f7:7d:a3:10:17:a1:fa:00:29:93:4d:f5:25:
                    8b:9a:5c:13:e9:fd:2d:10:20:43:e4:34:db:b6:23:
                    6a:64:dc:32:37:fc:ae:66:0e:66:b5:3b:52:25:f4:
                    c3:7d:50:44:e8:94:f6:ef:7c:30:7e:f2:b0:8e:98:
                    bf:93:40:54:eb:66:3a:1e:e6:f8:f0:40:8a:32:68:
                    b9:98:70:2a:5d:e2:3a:5f:ac:2d:ef:7b:85:05:02:
                    1b:91:ae:6b:02:6f:f5:13:25:83:6d:15:ad:1c:01:
                    58:b5:a5:77:c6:6f:0a:d9:6c:12:75:b1:17:72:54:
                    11:f1:50:1b:a9:75:8e:f8:47:06:cf:92:ca:30:f6:
                    92:e5:a7:b5:17:ae:22:a2:b8:3b:bd:2e:b7:92:d5:
                    c5:64:52:31:04:3f:79:12:66:42:34:87:1d:90:06:
                    d9:10:bb:45:4c:3c:f3:db:e9:88:6b:64:ca:b2:d1:
                    48:2e:f1:8e:3c:b1:7d:f4:7e:81:70:31:cf:05:4d:
                    6b:95:63:20:e7:43:27:c7:7d:21:02:37:94:90:43:
                    84:0a:0c:71:32:2f:ac:db:34:d8:db:df:5e:52:be:
                    c9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:AE:94:36:30:C1:D6:EC:5D:51:F8:F0:F3:AD:80:F1:72:D2:43:68
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/fdaab66c-afad-4868-8d79-392861e9c923.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:3362::/47

    Signature Algorithm: sha256WithRSAEncryption
         08:26:3b:bf:1a:23:35:04:f1:f3:03:e8:5a:fd:bd:71:0b:6e:
         39:69:e0:3d:10:d5:83:84:ca:92:20:6c:fa:12:2d:4b:e7:9d:
         1e:43:a1:e3:13:72:29:b2:80:85:e6:f0:4e:7c:82:d2:7b:fc:
         b4:3b:26:ef:f1:5e:da:fe:65:c9:d8:e7:58:06:68:eb:de:fc:
         0c:c9:32:b7:b6:5f:12:b2:fe:4f:ad:f1:84:36:32:08:4a:66:
         e1:e0:80:a3:73:f9:03:8d:f6:79:1c:22:9c:b9:92:98:02:8b:
         46:6a:cd:2f:25:a3:c1:96:28:03:ef:9a:69:7e:2f:b7:83:01:
         57:55:36:62:2b:ac:0c:61:65:27:4d:6d:32:3a:63:01:e5:87:
         7f:34:fd:91:21:8d:67:4d:3f:05:f1:42:83:be:32:df:44:a7:
         b3:a6:30:91:c3:ab:29:8a:a2:ba:45:67:76:ec:62:52:21:2c:
         37:dd:6f:cd:15:1a:63:8f:bc:7e:80:8a:2e:c0:e4:7b:24:35:
         db:57:17:1d:de:a6:60:95:24:b5:1f:08:07:86:e9:c7:79:24:
         2c:fc:3f:58:2b:fe:6d:d7:5e:86:68:9d:85:32:d3:87:bf:9f:
         15:30:cc:d8:4b:8e:14:a0:e5:8c:f2:e0:0a:21:2a:9c:9d:f6:
         dd:0c:a9:5e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUBmzme3YWk2aUeIw/fBX6q1WCHaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDMxMDAxMDE1WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3M2Q3MmE4ZjgyNzhjZDYwMmRiYjY1YTViNmZiZmE2ZWYz
M2EwNGU1MmZlODVlNTZlNTQ3Njc1NzBkNjI2NmY1MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8opCay2690mVqBTo/K87OaadO3/s3JXRH06UYZyTP932j
EBeh+gApk031JYuaXBPp/S0QIEPkNNu2I2pk3DI3/K5mDma1O1Il9MN9UETolPbv
fDB+8rCOmL+TQFTrZjoe5vjwQIoyaLmYcCpd4jpfrC3ve4UFAhuRrmsCb/UTJYNt
Fa0cAVi1pXfGbwrZbBJ1sRdyVBHxUBupdY74RwbPksow9pLlp7UXriKiuDu9LreS
1cVkUjEEP3kSZkI0hx2QBtkQu0VMPPPb6YhrZMqy0Ugu8Y48sX30foFwMc8FTWuV
YyDnQyfHfSECN5SQQ4QKDHEyL6zbNNjb315Svsm9AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhq6UNjDB1uxdUfjw862A8XLSQ2gwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2ZkYWFiNjZjLWFmYWQtNDg2OC04ZDc5LTM5Mjg2MWU5YzkyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAM2IwDQYJKoZIhvcNAQELBQADggEBAAgmO78aIzUE8fMD6Fr9vXEL
bjlp4D0Q1YOEypIgbPoSLUvnnR5DoeMTcimygIXm8E58gtJ7/LQ7Ju/xXtr+ZcnY
51gGaOve/AzJMre2XxKy/k+t8YQ2MghKZuHggKNz+QON9nkcIpy5kpgCi0ZqzS8l
o8GWKAPvmml+L7eDAVdVNmIrrAxhZSdNbTI6YwHlh380/ZEhjWdNPwXxQoO+Mt9E
p7OmMJHDqymKorpFZ3bsYlIhLDfdb80VGmOPvH6Aii7A5HskNdtXFx3epmCVJLUf
CAeG6cd5JCz8P1gr/m3XXoZonYUy04e/nxUwzNhLjhSg5Yzy4AohKpyd9t0MqV4=
-----END CERTIFICATE-----