Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/05bc8dbb-c70a-48da-b45b-4448364614ff.roa
File:                     05bc8dbb-c70a-48da-b45b-4448364614ff.roa (raw, json)
Hash identifier:          ZZs9u1Lh4hvO6JI/dChCfEx6Ns4RMglfTnUllYnU0rs=
Subject key identifier:   80:12:8F:51:A1:6C:65:35:E1:7A:64:8F:F6:52:0F:10:81:40:D6:84
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       10EDB47C77B81EF1372832212C068140EA7BA4D1
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/05bc8dbb-c70a-48da-b45b-4448364614ff.roa
Signing time:             Tue 08 Jul 2025 00:00:17 +0000
ROA not before:           Tue 08 Jul 2025 00:00:17 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 26 Jul 2025 00:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ed:b4:7c:77:b8:1e:f1:37:28:32:21:2c:06:81:40:ea:7b:a4:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000, serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Jul  8 00:00:17 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=764145f5e1a2978b13e48e8a10548d110f76a8da76eb189f7617ce9061e1c171, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:09:84:af:4c:92:e2:59:6f:a9:a6:7e:dc:a8:
                    09:4a:5b:7d:87:24:bc:71:7d:b4:9a:96:b1:6d:10:
                    f2:58:b9:08:e4:61:e6:86:fa:a8:09:b9:cd:7f:7a:
                    a9:be:51:82:10:da:c7:ba:e0:8a:97:32:7d:fa:4e:
                    4b:4e:c6:13:43:65:86:f3:cf:89:53:40:13:81:15:
                    0e:33:e4:3c:4b:cd:1b:2c:80:80:7e:77:58:21:e6:
                    e7:e7:55:bf:c9:94:42:a4:94:6a:ef:38:cb:28:8e:
                    38:7c:4e:fc:8b:20:e3:dd:f0:f1:06:6e:d7:c2:ac:
                    19:e2:1d:b5:a1:26:9a:95:0a:52:3d:a9:3f:1e:d2:
                    cc:31:47:a9:a7:26:af:d5:9d:db:e0:c7:86:a9:c3:
                    89:11:5a:e8:f0:5e:15:59:93:e3:a6:18:95:11:98:
                    9b:1f:89:0d:5c:a5:65:50:0f:40:c0:6e:0e:83:a1:
                    37:cd:4c:6b:ec:ce:c6:f3:e0:3e:a0:1f:72:10:65:
                    48:c3:9b:3c:03:6f:22:0c:6d:13:e8:62:b7:39:b4:
                    01:6a:60:03:e6:e3:99:f7:7e:ca:88:93:66:f9:5d:
                    bd:2f:65:ca:8f:39:d8:6b:59:7c:5a:ff:5f:22:fa:
                    85:dc:5d:93:b7:81:46:1b:70:f4:d3:4f:80:fd:cd:
                    a7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:12:8F:51:A1:6C:65:35:E1:7A:64:8F:F6:52:0F:10:81:40:D6:84
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/05bc8dbb-c70a-48da-b45b-4448364614ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         aa:9a:84:1f:63:50:09:48:5e:01:f7:33:47:15:66:31:c7:86:
         77:a4:6a:28:0d:b7:f1:fd:c6:b5:78:c3:d0:9d:25:f2:a5:b8:
         6f:28:0e:49:32:8d:e1:ea:aa:4c:71:c6:2a:6b:06:5b:2d:f9:
         e4:ae:8c:b9:1a:21:16:e0:e7:5c:5f:ec:25:0e:8e:d6:b8:43:
         ac:82:de:2f:bd:c8:63:10:5b:d4:f0:de:b4:2a:76:27:5f:ab:
         a5:2c:b6:0c:90:ef:fc:38:1b:1d:58:9d:bd:17:43:f8:ea:fc:
         27:d8:81:f8:e9:81:76:dc:4d:c9:cd:c4:65:1e:9c:4c:a8:19:
         9f:76:6d:ad:ef:08:aa:d1:f7:50:9e:26:89:7f:b2:ac:49:ed:
         5c:97:fd:17:59:82:d2:cf:b6:ba:0c:f8:b0:f3:48:0b:c0:e4:
         f6:87:ce:d3:0e:32:c9:14:99:4d:fe:f1:d8:c8:d3:5c:28:56:
         ca:43:5e:ff:e3:e2:13:1d:8a:4d:8c:58:5d:9d:0c:53:5a:db:
         55:45:17:4f:cb:d8:bd:8b:2a:9c:05:2a:93:8f:64:a1:64:61:
         66:d8:a0:73:3c:ba:10:30:f1:46:2e:c0:8e:91:1a:c6:d6:ed:
         d7:37:5c:35:36:69:b9:95:71:84:46:1e:44:06:55:ff:a0:b2:
         2b:96:8a:77
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUEO20fHe4HvE3KDIhLAaBQOp7pNEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MDcwODAwMDAxN1oX
DTI1MDgxMjIzNTk1OVowejFJMEcGA1UEBRNANzY0MTQ1ZjVlMWEyOTc4YjEzZTQ4
ZThhMTA1NDhkMTEwZjc2YThkYTc2ZWIxODlmNzYxN2NlOTA2MWUxYzE3MTEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQmEr0yS4llvqaZ+3KgJSlt9hyS8
cX20mpaxbRDyWLkI5GHmhvqoCbnNf3qpvlGCENrHuuCKlzJ9+k5LTsYTQ2WG88+J
U0ATgRUOM+Q8S80bLICAfndYIebn51W/yZRCpJRq7zjLKI44fE78iyDj3fDxBm7X
wqwZ4h21oSaalQpSPak/HtLMMUeppyav1Z3b4MeGqcOJEVro8F4VWZPjphiVEZib
H4kNXKVlUA9AwG4Og6E3zUxr7M7G8+A+oB9yEGVIw5s8A28iDG0T6GK3ObQBamAD
5uOZ937KiJNm+V29L2XKjznYa1l8Wv9fIvqF3F2Tt4FGG3D000+A/c2nLQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFIASj1GhbGU14Xpkj/ZSDxCBQNaEMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzA1YmM4ZGJiLWM3MGEtNDhkYS1iNDViLTQ0NDgzNjQ2MTRmZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQErynQMA0GCSqGSIb3DQEBCwUAA4IBAQCqmoQfY1AJSF4B9zNHFWYx
x4Z3pGooDbfx/ca1eMPQnSXypbhvKA5JMo3h6qpMccYqawZbLfnkroy5GiEW4Odc
X+wlDo7WuEOsgt4vvchjEFvU8N60KnYnX6ulLLYMkO/8OBsdWJ29F0P46vwn2IH4
6YF23E3JzcRlHpxMqBmfdm2t7wiq0fdQniaJf7KsSe1cl/0XWYLSz7a6DPiw80gL
wOT2h87TDjLJFJlN/vHYyNNcKFbKQ17/4+ITHYpNjFhdnQxTWttVRRdPy9i9iyqc
BSqTj2ShZGFm2KBzPLoQMPFGLsCOkRrG1u3XN1w1Nmm5lXGERh5EBlX/oLIrlop3
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:45:15 2025 by rpki-client