Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0bce91dc-229b-42a7-9c92-722aa69f577e.roa
File:                     0bce91dc-229b-42a7-9c92-722aa69f577e.roa (raw, json)
Hash identifier:          ej3gyaLE8AOmjl+zR+CHfWt68pZ2c/BQQYIiDGPM6MY=
Subject key identifier:   8E:9A:53:BA:94:FA:16:26:8E:BC:E1:88:72:42:1E:4D:54:E0:24:55
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       49D5CB888828D904EF74FD79F6C71BD176920AB7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0bce91dc-229b-42a7-9c92-722aa69f577e.roa
Signing time:             Mon 07 Jul 2025 16:00:03 +0000
ROA not before:           Mon 07 Jul 2025 16:00:03 +0000
ROA not after:            Mon 11 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.198.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:d5:cb:88:88:28:d9:04:ef:74:fd:79:f6:c7:1b:d1:76:92:0a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul  7 16:00:03 2025 GMT
            Not After : Aug 11 23:59:59 2025 GMT
        Subject: serialNumber=2c7bbc55e06a03647311e492ae0730a16e29bf3a9a9df45e7496b8b18a3f198c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4b:9b:89:be:a8:fb:31:cb:c2:61:ee:cb:58:
                    d3:73:74:be:7e:ac:42:af:2d:03:5b:9f:99:9d:b2:
                    8e:7a:6f:df:ab:f4:20:a2:c9:b4:76:72:fd:d4:49:
                    34:de:02:8e:46:65:a3:2a:16:2d:7e:a9:ce:4f:e1:
                    ef:bd:3a:31:e1:18:9c:13:6b:07:ac:5c:37:01:b9:
                    f7:f6:6d:27:5b:89:0c:93:9b:e9:3a:01:4f:53:72:
                    f6:a2:17:25:c3:14:ab:51:83:fa:7d:7e:c3:f9:48:
                    05:34:6c:5c:21:c1:9b:b3:ab:ea:bb:cc:25:82:aa:
                    d8:ed:1b:60:61:13:eb:98:79:9e:2f:09:da:69:aa:
                    d1:c5:9f:ed:70:df:cf:73:36:1a:84:9b:27:4c:75:
                    b9:ec:91:70:1a:fa:0b:a3:e5:e2:94:c6:37:28:52:
                    63:96:88:2b:9d:f7:11:cd:51:63:cd:9e:77:81:12:
                    5b:85:de:a3:0a:25:78:b2:8f:62:93:e2:7b:d3:c1:
                    54:af:3b:67:79:23:37:4f:65:2c:29:c4:d6:14:3e:
                    e2:5b:87:e6:70:91:bc:a6:6e:b7:12:76:5a:d9:75:
                    21:34:08:e8:a7:21:72:11:70:88:17:4a:41:6e:dd:
                    9b:94:2d:a1:84:25:2b:d1:eb:05:65:fa:7d:b1:58:
                    b1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:9A:53:BA:94:FA:16:26:8E:BC:E1:88:72:42:1E:4D:54:E0:24:55
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0bce91dc-229b-42a7-9c92-722aa69f577e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.198.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8f:c4:97:72:dd:01:95:dc:39:59:12:dc:c3:5c:36:ee:34:bf:
         25:3e:f7:1f:60:0d:6c:48:70:7f:73:d6:7e:0e:aa:0c:c0:7f:
         c2:18:91:cc:2b:61:a9:96:10:f6:85:69:c0:03:0b:46:2f:ba:
         c6:7f:ed:7a:d9:63:02:89:9c:d6:3f:fd:c7:48:a5:a9:e3:1f:
         8e:19:78:97:ce:b4:77:e7:7e:7f:a4:77:ce:bb:54:80:50:21:
         ee:16:38:8c:79:75:ea:22:64:46:1b:15:27:66:bc:80:94:72:
         7d:1d:da:78:f4:ea:50:52:ca:43:7a:90:88:29:33:39:a6:79:
         ae:43:68:39:c6:4f:06:e6:8a:29:5e:26:f1:b7:47:7a:d0:94:
         68:69:ca:6a:e8:b2:c7:0a:6b:11:fa:ad:ba:05:4d:76:69:00:
         0c:61:66:1d:5c:d5:f8:60:3d:2d:8a:cc:d8:93:8b:8e:d0:db:
         64:5e:c6:ef:e2:91:b4:19:92:3e:f4:63:19:93:d9:53:b2:cd:
         7e:4f:b3:53:bd:22:aa:a8:87:b3:74:ef:af:4c:c3:05:cb:b0:
         29:83:10:96:f0:28:74:26:b2:82:db:ea:05:09:b8:f9:cf:83:
         1f:1f:8a:cb:42:94:b3:9c:06:a3:6d:8e:75:6b:62:b8:82:fa:
         02:d2:3a:b4
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUSdXLiIgo2QTvdP159scb0XaSCrcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcwNzE2MDAwM1oX
DTI1MDgxMTIzNTk1OVowejFJMEcGA1UEBRNAMmM3YmJjNTVlMDZhMDM2NDczMTFl
NDkyYWUwNzMwYTE2ZTI5YmYzYTlhOWRmNDVlNzQ5NmI4YjE4YTNmMTk4YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0ubib6o+zHLwmHuy1jTc3S+fqxC
ry0DW5+ZnbKOem/fq/Qgosm0dnL91Ek03gKORmWjKhYtfqnOT+HvvTox4RicE2sH
rFw3Abn39m0nW4kMk5vpOgFPU3L2ohclwxSrUYP6fX7D+UgFNGxcIcGbs6vqu8wl
gqrY7RtgYRPrmHmeLwnaaarRxZ/tcN/PczYahJsnTHW57JFwGvoLo+XilMY3KFJj
logrnfcRzVFjzZ53gRJbhd6jCiV4so9ik+J708FUrztneSM3T2UsKcTWFD7iW4fm
cJG8pm63EnZa2XUhNAjopyFyEXCIF0pBbt2blC2hhCUr0esFZfp9sVixJwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFI6aU7qU+hYmjrzhiHJCHk1U4CRVMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBiY2U5MWRjLTIyOWItNDJhNy05YzkyLTcyMmFhNjlmNTc3ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK8YwDQYJKoZIhvcNAQELBQADggEBAI/El3LdAZXcOVkS3MNcNu40
vyU+9x9gDWxIcH9z1n4OqgzAf8IYkcwrYamWEPaFacADC0YvusZ/7XrZYwKJnNY/
/cdIpanjH44ZeJfOtHfnfn+kd867VIBQIe4WOIx5deoiZEYbFSdmvICUcn0d2nj0
6lBSykN6kIgpMzmmea5DaDnGTwbmiileJvG3R3rQlGhpymrosscKaxH6rboFTXZp
AAxhZh1c1fhgPS2KzNiTi47Q22Rexu/ikbQZkj70YxmT2VOyzX5Ps1O9Iqqoh7N0
769MwwXLsCmDEJbwKHQmsoLb6gUJuPnPgx8fistClLOcBqNtjnVrYriC+gLSOrQ=
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:00:36 2025 by rpki-client