Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa
File:                     32bf2c39-b536-43d0-b557-f68d8ee64091.roa (raw, json)
Hash identifier:          +FOBi/z2I7VBVf7AMNc4UhpJtSv9/MspRRMAA2EL5Go=
Subject key identifier:   44:D9:8D:A0:89:F9:75:F1:DC:5C:BE:05:75:23:1E:2D:EC:37:30:DA
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       079020A5CC349AE4761E285CB9E202DBCF7935F6
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa
Signing time:             Wed 02 Jul 2025 00:00:40 +0000
ROA not before:           Wed 02 Jul 2025 00:00:40 +0000
ROA not after:            Wed 06 Aug 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        159.248.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 10 Jul 2025 00:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:90:20:a5:cc:34:9a:e4:76:1e:28:5c:b9:e2:02:db:cf:79:35:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jul  2 00:00:40 2025 GMT
            Not After : Aug  6 23:59:59 2025 GMT
        Subject: serialNumber=51d3aec25a9a94434f2ff981b0eddc7eb7f29211c762e55fd14a7d55567482af, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4e:91:fd:4a:b7:fd:02:8f:06:eb:71:32:c9:
                    fd:19:fe:d6:90:8b:f6:c0:03:0e:02:ba:ad:b4:a6:
                    de:08:0f:61:6b:41:26:6f:98:b0:cf:55:27:a7:e1:
                    a2:c3:9d:e3:04:e1:5d:c6:58:cb:68:b3:b2:2f:d0:
                    43:57:88:36:da:b4:17:9c:a9:9e:c8:83:dc:10:da:
                    6b:65:16:2e:dd:bd:e7:31:bf:75:2a:32:08:85:f7:
                    0e:76:b7:35:77:d2:40:f0:64:4f:30:01:d0:66:a9:
                    07:fc:47:30:ca:ac:95:f0:f2:5a:82:a8:a5:a1:5b:
                    96:53:83:0e:36:67:08:4a:37:b2:4c:11:92:25:0d:
                    23:af:0a:4a:67:fc:e6:db:bc:df:d3:8d:6b:18:9c:
                    be:a1:c9:b9:1f:84:2f:16:bf:58:b5:be:c8:1f:12:
                    a8:37:f0:ee:89:05:74:0f:39:04:99:60:da:a7:70:
                    d2:94:de:9b:f6:0f:0e:7d:e0:19:a7:2c:03:b1:18:
                    fc:f8:5f:4d:8b:99:fc:2b:6f:d1:f8:d8:60:93:89:
                    74:11:23:5d:51:27:c1:fb:4f:5d:04:2b:0f:36:30:
                    f3:dc:b7:f3:de:be:b1:89:b1:8f:4d:da:35:a0:80:
                    48:d8:df:68:61:34:be:df:76:04:ab:2b:42:d2:e8:
                    e4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D9:8D:A0:89:F9:75:F1:DC:5C:BE:05:75:23:1E:2D:EC:37:30:DA
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:f9:ec:9e:85:f9:09:0a:93:f0:c5:fe:7d:6f:ef:90:33:9b:
         d6:3e:c0:c2:e9:02:cf:58:11:aa:80:bc:84:49:f5:cd:c3:23:
         b4:48:ab:98:d9:c4:89:b6:43:23:8f:3f:8e:d8:26:cc:48:40:
         b3:ea:8e:d2:56:6a:73:ea:86:3a:6c:03:aa:f1:c3:d5:17:46:
         52:8a:b4:70:b4:18:7a:eb:dc:06:61:39:ae:93:01:28:04:ea:
         cb:c0:02:76:01:e1:36:18:dd:b7:aa:01:a1:82:98:09:ca:a5:
         5b:f4:d9:df:d2:9a:c8:42:a3:cd:b7:f5:d3:17:c7:1e:b6:73:
         04:45:2e:66:9d:2e:4e:47:c5:1e:a4:77:d4:ce:b7:72:1a:54:
         a9:6f:f6:8d:b1:41:a1:88:6c:75:71:52:ac:02:73:45:25:03:
         79:61:67:8e:d1:16:ef:f5:46:90:42:09:16:78:06:4c:30:1f:
         0e:76:3b:bf:03:71:44:80:d9:79:2d:70:2b:75:0d:35:6d:f3:
         36:c6:7f:5f:92:7f:b0:0f:78:00:ec:f5:9c:81:62:21:27:59:
         b4:0c:35:8c:bc:bc:4a:d1:0e:db:ad:6c:30:cb:ff:c9:f5:bb:
         a7:77:6b:0b:88:ba:d2:2b:8b:f8:21:ad:ea:0d:84:ba:02:ed:
         e9:4a:a1:db
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUB5Agpcw0muR2HihcueIC2895NfYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDcwMjAwMDA0MFoX
DTI1MDgwNjIzNTk1OVowejFJMEcGA1UEBRNANTFkM2FlYzI1YTlhOTQ0MzRmMmZm
OTgxYjBlZGRjN2ViN2YyOTIxMWM3NjJlNTVmZDE0YTdkNTU1Njc0ODJhZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E6R/Uq3/QKPButxMsn9Gf7WkIv2
wAMOArqttKbeCA9ha0Emb5iwz1Unp+Giw53jBOFdxljLaLOyL9BDV4g22rQXnKme
yIPcENprZRYu3b3nMb91KjIIhfcOdrc1d9JA8GRPMAHQZqkH/EcwyqyV8PJagqil
oVuWU4MONmcISjeyTBGSJQ0jrwpKZ/zm27zf041rGJy+ocm5H4QvFr9Ytb7IHxKo
N/DuiQV0DzkEmWDap3DSlN6b9g8OfeAZpywDsRj8+F9Ni5n8K2/R+Nhgk4l0ESNd
USfB+09dBCsPNjDz3Lfz3r6xibGPTdo1oIBI2N9oYTS+33YEqytC0ujkUwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFETZjaCJ+XXx3Fy+BXUjHi3sNzDaMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMyYmYyYzM5LWI1MzYtNDNkMC1iNTU3LWY2OGQ4ZWU2NDA5MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCn/iAMA0GCSqGSIb3DQEBCwUAA4IBAQAI+eyehfkJCpPwxf59b++Q
M5vWPsDC6QLPWBGqgLyESfXNwyO0SKuY2cSJtkMjjz+O2CbMSECz6o7SVmpz6oY6
bAOq8cPVF0ZSirRwtBh669wGYTmukwEoBOrLwAJ2AeE2GN23qgGhgpgJyqVb9Nnf
0prIQqPNt/XTF8cetnMERS5mnS5OR8UepHfUzrdyGlSpb/aNsUGhiGx1cVKsAnNF
JQN5YWeO0Rbv9UaQQgkWeAZMMB8Odju/A3FEgNl5LXArdQ01bfM2xn9fkn+wD3gA
7PWcgWIhJ1m0DDWMvLxK0Q7brWwwy//J9bund2sLiLrSK4v4Ia3qDYS6Au3pSqHb
-----END CERTIFICATE-----
Generated at Sun Jul 6 23:00:19 2025 by rpki-client