Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/788c3900-e4d5-439b-b231-3a69b5354901.roa
File:                     788c3900-e4d5-439b-b231-3a69b5354901.roa (raw, json)
Hash identifier:          nRu0CLvDXRcgj1OIMBwIzylNTszw2y25JvXAZj6DLA0=
Subject key identifier:   F8:C2:F3:61:A4:52:1E:D9:FA:31:35:C8:23:14:C0:F6:41:46:36:41
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       2CFBE000A21471C869D0BC171D1DB96B0A07F11E
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/788c3900-e4d5-439b-b231-3a69b5354901.roa
Signing time:             Wed 09 Jul 2025 00:00:45 +0000
ROA not before:           Wed 09 Jul 2025 00:00:45 +0000
ROA not after:            Wed 13 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8014::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Jul 2025 00:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:fb:e0:00:a2:14:71:c8:69:d0:bc:17:1d:1d:b9:6b:0a:07:f1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jul  9 00:00:45 2025 GMT
            Not After : Aug 13 23:59:59 2025 GMT
        Subject: serialNumber=0d459c130e4b43fafddaa723e8d33d5ec03559c4308bfd751b8195026e0bb3d3, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:1f:80:dc:9e:a0:84:75:cc:59:7a:46:bc:2c:
                    a5:2c:e1:69:e9:30:14:52:bc:8e:38:0e:90:b3:89:
                    b9:ad:85:0e:19:4f:4c:af:7e:55:ef:c1:ab:23:86:
                    c4:ad:84:d2:c5:95:09:c6:27:d2:16:51:70:29:4c:
                    a4:48:2a:28:a9:b8:db:8e:83:49:90:ed:ff:16:35:
                    bc:f0:aa:95:d9:91:bd:47:52:0d:41:b0:ec:49:43:
                    e4:39:32:9d:8c:48:a3:63:25:02:10:a8:8a:12:0a:
                    18:70:6e:e8:71:4d:53:0e:43:d0:46:7e:ce:f9:45:
                    25:ca:91:fb:df:ee:b4:22:3a:93:b7:98:26:5e:a3:
                    74:a4:69:1a:4d:1f:c8:87:51:f8:57:d7:5f:16:26:
                    0e:b2:bb:39:d2:49:ef:7b:73:90:d1:6f:26:9e:02:
                    51:c4:9b:6b:0f:c7:f4:24:a3:84:e9:f3:45:8f:33:
                    91:26:7b:64:6d:9f:28:29:ca:63:46:13:59:df:11:
                    46:5f:a7:33:52:0a:6d:88:73:7e:55:50:ca:f9:e2:
                    6b:0c:92:d9:33:dd:e0:d0:7f:d1:11:74:82:22:eb:
                    eb:ac:c0:fb:2f:0c:1d:c9:bc:cb:a8:87:56:4e:3c:
                    ec:ff:c9:26:92:48:db:fc:ab:4c:1e:5b:b2:d0:f3:
                    f3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C2:F3:61:A4:52:1E:D9:FA:31:35:C8:23:14:C0:F6:41:46:36:41
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/788c3900-e4d5-439b-b231-3a69b5354901.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8014::/38

    Signature Algorithm: sha256WithRSAEncryption
         0f:e2:b6:96:37:74:7b:e5:23:14:15:71:3d:e6:c1:22:d0:a0:
         81:6b:96:e8:bb:ce:d5:69:dd:b3:39:8b:94:e6:20:e5:64:45:
         45:5c:0b:e4:0d:d3:fa:c1:a5:1e:18:b4:76:b1:de:fa:bf:e1:
         31:88:90:d4:ff:61:e5:ae:e9:6a:43:cc:ac:fb:99:95:45:59:
         a5:3a:1e:4f:eb:be:ed:22:35:56:80:e5:db:4b:39:15:e8:eb:
         dc:db:79:93:94:22:c7:3f:80:fa:77:64:a3:45:fd:7a:60:84:
         9b:64:8c:65:64:2f:38:bc:99:93:53:62:10:38:4b:8d:bb:df:
         21:12:a8:c2:11:5e:68:8c:45:94:98:4c:b2:87:47:31:77:58:
         2d:3a:a7:34:ca:b7:aa:14:8c:1e:56:14:45:8c:99:0d:c7:0c:
         89:06:44:a4:ce:2e:86:84:ec:bf:91:35:d6:bf:5e:5f:d1:57:
         33:f2:b5:78:9f:01:6b:00:e7:b8:43:20:08:0d:3a:4f:5a:d3:
         8a:7b:9e:6d:3b:b8:88:64:2b:e1:0b:00:37:79:f9:91:ef:9f:
         95:13:e7:15:a4:97:ba:7b:f9:2d:3b:85:99:39:24:2a:53:9d:
         5d:48:f4:b9:d9:e0:d2:8e:a3:7f:cf:7d:97:00:47:23:a9:be:
         fa:a7:d4:4f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULPvgAKIUcchp0LwXHR25awoH8R4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDcwOTAwMDA0NVoX
DTI1MDgxMzIzNTk1OVowejFJMEcGA1UEBRNAMGQ0NTljMTMwZTRiNDNmYWZkZGFh
NzIzZThkMzNkNWVjMDM1NTljNDMwOGJmZDc1MWI4MTk1MDI2ZTBiYjNkMzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5R+A3J6ghHXMWXpGvCylLOFp6TAU
UryOOA6Qs4m5rYUOGU9Mr35V78GrI4bErYTSxZUJxifSFlFwKUykSCooqbjbjoNJ
kO3/FjW88KqV2ZG9R1INQbDsSUPkOTKdjEijYyUCEKiKEgoYcG7ocU1TDkPQRn7O
+UUlypH73+60IjqTt5gmXqN0pGkaTR/Ih1H4V9dfFiYOsrs50knve3OQ0W8mngJR
xJtrD8f0JKOE6fNFjzORJntkbZ8oKcpjRhNZ3xFGX6czUgptiHN+VVDK+eJrDJLZ
M93g0H/REXSCIuvrrMD7LwwdybzLqIdWTjzs/8kmkkjb/KtMHluy0PPzJQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPjC82GkUh7Z+jE1yCMUwPZBRjZBMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
Lzc4OGMzOTAwLWU0ZDUtNDM5Yi1iMjMxLTNhNjliNTM1NDkwMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJA+AFAAwDQYJKoZIhvcNAQELBQADggEBAA/itpY3dHvlIxQVcT3m
wSLQoIFrlui7ztVp3bM5i5TmIOVkRUVcC+QN0/rBpR4YtHax3vq/4TGIkNT/YeWu
6WpDzKz7mZVFWaU6Hk/rvu0iNVaA5dtLORXo69zbeZOUIsc/gPp3ZKNF/XpghJtk
jGVkLzi8mZNTYhA4S4273yESqMIRXmiMRZSYTLKHRzF3WC06pzTKt6oUjB5WFEWM
mQ3HDIkGRKTOLoaE7L+RNda/Xl/RVzPytXifAWsA57hDIAgNOk9a04p7nm07uIhk
K+ELADd5+ZHvn5UT5xWkl7p7+S07hZk5JCpTnV1I9LnZ4NKOo3/PfZcARyOpvvqn
1E8=
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:23:06 2025 by rpki-client