Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/f54cd21d-ebef-4509-8295-1f7547d0d717.roa
File:                     f54cd21d-ebef-4509-8295-1f7547d0d717.roa (raw, json)
Hash identifier:          fL+E7GPFHFUPx0Eu2IwJsHMhHEPPlWpNgaeWVuxV46A=
Subject key identifier:   F1:B9:E3:07:BB:59:B3:FF:6F:70:A0:9C:27:0C:1F:D3:55:16:18:34
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       344AE0A6E6D97C7F41EC833BBC0D2A88010CA680
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/f54cd21d-ebef-4509-8295-1f7547d0d717.roa
Signing time:             Wed 09 Jul 2025 00:00:32 +0000
ROA not before:           Wed 09 Jul 2025 00:00:32 +0000
ROA not after:            Wed 13 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8018:400::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 26 Jul 2025 00:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4a:e0:a6:e6:d9:7c:7f:41:ec:83:3b:bc:0d:2a:88:01:0c:a6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jul  9 00:00:32 2025 GMT
            Not After : Aug 13 23:59:59 2025 GMT
        Subject: serialNumber=086a1a45a8e7596878cd2e3279fb305724f94ba225aec66860998373a695d7f4, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:07:5e:66:46:65:2b:f0:76:af:f1:d9:6c:b0:
                    bb:d2:73:a7:f3:34:46:72:92:3c:a0:42:65:ea:a6:
                    cf:64:25:a2:e1:68:f8:d6:ea:ac:50:39:ea:00:14:
                    cd:0d:23:5e:c7:3e:24:08:06:85:a5:ac:8b:bf:d4:
                    2c:f8:05:7d:2c:3f:bc:5f:1e:7d:38:a3:8b:11:ab:
                    1d:69:2f:13:74:37:53:ef:04:ca:86:fc:83:1f:65:
                    b9:29:a2:38:f9:0d:a7:e7:0a:b2:d4:12:f3:39:ef:
                    46:fe:d6:86:9b:ec:a7:ab:25:e9:ff:3e:54:82:e1:
                    4a:86:86:7b:c2:09:1f:fe:ec:dc:61:8e:63:f1:42:
                    6b:9c:f1:82:98:d2:cc:f7:24:b4:0b:f1:58:5e:c3:
                    88:98:a7:e7:35:22:7b:c8:d1:bb:b5:46:db:88:38:
                    71:10:96:11:d6:65:35:e2:ad:c7:46:e5:6b:01:89:
                    cc:f9:62:8f:1d:6c:46:7a:6f:5a:94:25:8d:fb:a5:
                    e4:7f:c6:00:5c:de:71:a1:97:e9:b1:3a:ca:bb:df:
                    cd:9a:92:37:f1:6b:f1:e4:5a:0a:69:40:4a:c1:05:
                    61:62:99:e5:51:5b:b9:fc:2f:27:31:ba:46:98:83:
                    1f:00:d8:4e:6f:cf:67:3d:df:3f:f4:d2:3f:69:94:
                    0d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B9:E3:07:BB:59:B3:FF:6F:70:A0:9C:27:0C:1F:D3:55:16:18:34
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/f54cd21d-ebef-4509-8295-1f7547d0d717.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8018:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         37:35:33:b8:82:54:4c:ad:66:d1:e4:1d:44:76:ee:19:0f:ea:
         b0:37:19:11:3d:b3:22:89:4a:6d:b7:9b:20:2f:a5:d3:09:13:
         de:3f:20:eb:3f:10:d7:ba:1c:00:b1:31:00:89:78:59:29:df:
         61:00:c3:b4:06:1a:33:5a:9e:e3:ca:e2:a9:b3:fe:e1:41:99:
         ae:a1:19:fb:fa:4f:d7:c2:76:14:23:a2:0c:53:82:62:5a:eb:
         81:62:b9:bf:92:19:af:e9:8a:05:a2:58:32:83:bf:d7:cf:b2:
         55:c6:e6:e4:8e:ef:52:69:6c:a6:95:ff:0a:b0:49:d8:76:ca:
         47:ae:18:7d:9f:ca:de:25:08:f6:0d:3e:2a:77:f7:c1:cf:8b:
         8e:a8:4c:50:eb:44:42:9f:ff:fd:08:c0:02:18:ff:e4:75:c1:
         5d:73:f1:29:15:48:5e:6d:e5:0a:5b:7b:67:c6:2b:70:5e:8c:
         87:c3:06:d4:dc:91:1e:3f:9e:84:fa:04:66:8a:63:48:80:c4:
         8e:27:fc:e2:37:68:cd:ed:2b:e0:5a:4f:5a:2b:65:7e:cb:e5:
         c6:cd:b8:55:9f:d4:51:85:65:5d:ce:7d:d6:a5:9d:42:e4:a4:
         4e:e6:b4:fe:91:08:32:13:07:d4:dc:ab:fd:a9:56:c8:df:25:
         87:a0:63:9b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNErgpubZfH9B7IM7vA0qiAEMpoAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDcwOTAwMDAzMloX
DTI1MDgxMzIzNTk1OVowejFJMEcGA1UEBRNAMDg2YTFhNDVhOGU3NTk2ODc4Y2Qy
ZTMyNzlmYjMwNTcyNGY5NGJhMjI1YWVjNjY4NjA5OTgzNzNhNjk1ZDdmNDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowdeZkZlK/B2r/HZbLC70nOn8zRG
cpI8oEJl6qbPZCWi4Wj41uqsUDnqABTNDSNexz4kCAaFpayLv9Qs+AV9LD+8Xx59
OKOLEasdaS8TdDdT7wTKhvyDH2W5KaI4+Q2n5wqy1BLzOe9G/taGm+ynqyXp/z5U
guFKhoZ7wgkf/uzcYY5j8UJrnPGCmNLM9yS0C/FYXsOImKfnNSJ7yNG7tUbbiDhx
EJYR1mU14q3HRuVrAYnM+WKPHWxGem9alCWN+6Xkf8YAXN5xoZfpsTrKu9/NmpI3
8Wvx5FoKaUBKwQVhYpnlUVu5/C8nMbpGmIMfANhOb89nPd8/9NI/aZQNpwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPG54we7WbP/b3CgnCcMH9NVFhg0MB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2Y1NGNkMjFkLWViZWYtNDUwOS04Mjk1LTFmNzU0N2QwZDcxNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJA+AGAQwDQYJKoZIhvcNAQELBQADggEBADc1M7iCVEytZtHkHUR2
7hkP6rA3GRE9syKJSm23myAvpdMJE94/IOs/ENe6HACxMQCJeFkp32EAw7QGGjNa
nuPK4qmz/uFBma6hGfv6T9fCdhQjogxTgmJa64Fiub+SGa/pigWiWDKDv9fPslXG
5uSO71JpbKaV/wqwSdh2ykeuGH2fyt4lCPYNPip398HPi46oTFDrREKf//0IwAIY
/+R1wV1z8SkVSF5t5Qpbe2fGK3BejIfDBtTckR4/noT6BGaKY0iAxI4n/OI3aM3t
K+BaT1orZX7L5cbNuFWf1FGFZV3OfdalnULkpE7mtP6RCDITB9Tcq/2pVsjfJYeg
Y5s=
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:32:59 2025 by rpki-client