Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa
File:                     25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa (raw, json)
Hash identifier:          uGiFKPLQDS/QAU59JJG2IGztYjRxhlFBPzF6P6baRXI=
Subject key identifier:   4E:D6:A3:7D:D1:E8:3D:9F:5C:EB:AB:04:65:0C:58:D5:7E:F1:1F:42
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       58F406D79B7206B016882BE8DAF12307EBEEB90D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa
Signing time:             Wed 23 Jul 2025 00:00:15 +0000
ROA not before:           Wed 23 Jul 2025 00:00:15 +0000
ROA not after:            Wed 27 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.212.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:f4:06:d7:9b:72:06:b0:16:88:2b:e8:da:f1:23:07:eb:ee:b9:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 23 00:00:15 2025 GMT
            Not After : Aug 27 23:59:59 2025 GMT
        Subject: serialNumber=21a9b363d4eaa19d041b0ecb0064d02c06041abd7f00d193cde5f3ea6020f8f1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3d:fb:35:de:53:dc:47:a6:5d:f0:6f:df:14:
                    0d:a3:77:e2:d9:98:59:7d:b6:4b:4d:e7:f9:df:74:
                    b5:0d:1d:4d:a6:fc:96:97:3b:3d:4d:47:24:1e:46:
                    a3:e0:06:8c:a9:d6:b2:72:85:90:f6:17:57:9b:31:
                    6a:91:ce:98:57:d7:e0:d3:50:e6:4f:a5:70:5d:bc:
                    a8:b7:09:29:45:ea:3f:8b:95:50:bd:8f:7c:2f:f0:
                    51:b2:42:95:f1:83:af:89:ea:a8:df:c2:54:f8:25:
                    ae:19:14:d3:cc:a0:7e:cb:11:a6:32:46:cb:60:62:
                    06:28:e8:3c:a9:5d:73:96:84:4e:ad:89:80:70:0d:
                    b0:62:b7:37:40:df:64:49:17:1d:96:2b:a4:13:62:
                    53:cf:12:7f:ae:86:7e:bf:51:cd:a8:f2:bc:bd:ba:
                    a6:50:20:0b:34:f3:ce:b8:4e:4f:bd:26:56:bc:66:
                    08:60:d5:89:4a:8f:48:28:ac:aa:08:fe:52:4a:ed:
                    60:e2:40:c5:45:c1:40:0e:e3:03:8f:75:21:e1:1f:
                    1f:e8:0f:f5:89:7e:1d:b6:90:0f:2c:10:b9:d2:79:
                    12:97:94:b2:ec:43:06:dd:7a:93:78:3f:7b:ee:da:
                    be:2e:20:e6:a8:5e:be:fe:e7:e3:ad:e8:63:62:42:
                    ba:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D6:A3:7D:D1:E8:3D:9F:5C:EB:AB:04:65:0C:58:D5:7E:F1:1F:42
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.212.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:34:9f:f3:88:8a:56:b9:95:3a:0c:90:87:73:41:74:d2:0e:
         23:81:f8:dd:82:7b:8d:49:a9:a3:55:b2:7d:43:8a:bc:c6:0d:
         b1:a3:c6:58:a2:6a:e4:d3:3b:21:5d:a3:d6:b1:d3:dc:1c:1b:
         ae:96:22:0f:97:1a:d3:ed:95:4b:9f:16:2c:b3:9d:80:04:4b:
         28:c4:fe:09:42:b0:1a:18:fb:7a:2c:83:aa:05:0a:ec:52:26:
         af:ec:e8:16:47:a7:08:c0:bc:53:86:e4:a3:b6:56:5a:dd:5d:
         38:4a:ea:61:98:45:d7:f4:02:4d:eb:d4:48:5f:b9:8a:d5:e5:
         7b:36:63:59:aa:80:50:0c:9d:05:ef:7a:f2:da:ab:af:4b:ca:
         8a:ae:eb:85:3a:68:80:d8:0c:a8:56:4b:8e:4d:24:54:10:56:
         ae:5b:c9:f9:b6:0e:46:c3:4f:6c:7a:11:31:8d:06:5a:5f:65:
         6e:62:23:f5:89:c5:6e:64:27:2a:a5:23:23:8f:74:0a:03:01:
         2a:1c:e6:ec:48:45:f7:a2:7d:0f:21:a5:36:1c:6c:1a:6a:11:
         2a:d7:74:11:d0:75:17:84:6d:f8:00:1b:88:71:f5:b0:8b:20:
         b4:58:ac:9a:6d:3b:f2:b6:68:38:ad:b6:b9:8d:19:9d:b0:02:
         0c:8e:ba:a5
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUWPQG15tyBrAWiCvo2vEjB+vuuQ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyMzAwMDAxNVoX
DTI1MDgyNzIzNTk1OVowejFJMEcGA1UEBRNAMjFhOWIzNjNkNGVhYTE5ZDA0MWIw
ZWNiMDA2NGQwMmMwNjA0MWFiZDdmMDBkMTkzY2RlNWYzZWE2MDIwZjhmMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT37Nd5T3EemXfBv3xQNo3fi2ZhZ
fbZLTef533S1DR1NpvyWlzs9TUckHkaj4AaMqdaycoWQ9hdXmzFqkc6YV9fg01Dm
T6VwXbyotwkpReo/i5VQvY98L/BRskKV8YOvieqo38JU+CWuGRTTzKB+yxGmMkbL
YGIGKOg8qV1zloROrYmAcA2wYrc3QN9kSRcdliukE2JTzxJ/roZ+v1HNqPK8vbqm
UCALNPPOuE5PvSZWvGYIYNWJSo9IKKyqCP5SSu1g4kDFRcFADuMDj3Uh4R8f6A/1
iX4dtpAPLBC50nkSl5Sy7EMG3XqTeD977tq+LiDmqF6+/ufjrehjYkK6mQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFE7Wo33R6D2fXOurBGUMWNV+8R9CMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI1ZTA0YzVkLTRhZTktNDQ3MC04MTM4LWRlYTFlOGIzMTYwZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAK9RGMA0GCSqGSIb3DQEBCwUAA4IBAQAbNJ/ziIpWuZU6DJCHc0F0
0g4jgfjdgnuNSamjVbJ9Q4q8xg2xo8ZYomrk0zshXaPWsdPcHBuuliIPlxrT7ZVL
nxYss52ABEsoxP4JQrAaGPt6LIOqBQrsUiav7OgWR6cIwLxThuSjtlZa3V04Suph
mEXX9AJN69RIX7mK1eV7NmNZqoBQDJ0F73ry2quvS8qKruuFOmiA2AyoVkuOTSRU
EFauW8n5tg5Gw09sehExjQZaX2VuYiP1icVuZCcqpSMjj3QKAwEqHObsSEX3on0P
IaU2HGwaahEq13QR0HUXhG34ABuIcfWwiyC0WKyabTvytmg4rba5jRmdsAIMjrql
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:03:55 2025 by rpki-client