Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa
File:                     427017ca-fc05-4df1-9de8-dc6182848704.roa (raw, json)
Hash identifier:          bzRofDoD/t5PfX7C/AHi+TB8IvQ25CicfdU22kGqedg=
Subject key identifier:   37:17:0B:04:A9:F3:82:0A:AF:25:10:8C:E8:3F:BF:D7:A8:C9:F9:2B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6D37AE6C930766A31919412E7F55AA0DE04BAD43
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa
Signing time:             Tue 26 Aug 2025 00:51:13 +0000
ROA not before:           Tue 26 Aug 2025 00:51:13 +0000
ROA not after:            Tue 30 Sep 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        43.198.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 11 Sep 2025 00:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:37:ae:6c:93:07:66:a3:19:19:41:2e:7f:55:aa:0d:e0:4b:ad:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Aug 26 00:51:13 2025 GMT
            Not After : Sep 30 23:59:59 2025 GMT
        Subject: serialNumber=8fdcba28f48b32c66a205e1b80a7f900d74bcc3ebb00f2fc2856884dbec3cfbd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f7:90:93:aa:87:ed:3c:65:6a:2e:9a:3a:bb:
                    ea:aa:dd:40:04:d5:b2:71:24:3e:54:9f:1e:b8:ba:
                    59:21:fe:ac:8c:49:31:41:a9:c1:20:85:cc:81:9c:
                    e8:c4:c4:bd:52:dc:1e:db:23:ed:94:8c:c7:df:2a:
                    a4:50:6f:6a:c0:d6:b5:9a:f2:26:52:80:03:8e:7a:
                    30:64:51:76:a1:3d:44:25:83:04:e9:40:37:b4:b9:
                    20:88:6e:57:a7:12:35:a4:6d:3e:fb:5e:df:cc:25:
                    aa:27:b3:4a:54:ba:79:0f:52:8d:5a:04:9b:25:1e:
                    e3:46:bd:85:ba:0c:44:09:b1:e0:bc:ff:94:b3:14:
                    c5:6d:4e:0d:59:22:f8:89:c2:6e:18:4d:b6:56:ac:
                    3d:75:f6:2f:00:10:0b:fa:7a:0d:81:8d:88:e4:53:
                    b9:73:5c:9e:7d:19:f0:a8:a5:ec:d7:88:a5:85:03:
                    22:c8:16:6a:e9:3f:be:3c:3e:d9:ce:9f:dc:ac:c8:
                    21:7f:5b:ff:e4:eb:68:9b:bc:d8:29:9a:38:1b:d5:
                    0c:c5:8e:7a:72:51:14:14:99:6f:02:ce:3f:04:d0:
                    cf:31:a3:40:e8:ac:4e:5b:e3:e8:18:39:e9:d2:62:
                    68:f8:b5:ad:e4:d3:84:8b:40:84:72:39:89:58:38:
                    2d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:17:0B:04:A9:F3:82:0A:AF:25:10:8C:E8:3F:BF:D7:A8:C9:F9:2B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.198.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b8:00:3a:60:aa:a6:1e:83:96:d4:9a:0d:e7:66:b5:76:d3:4e:
         b4:d1:60:61:6e:a7:38:70:97:c5:26:c5:9c:f7:bd:c6:8f:b6:
         43:3d:9f:30:e0:97:95:b6:f4:74:60:32:5c:a5:d7:dd:3c:5a:
         55:b2:f8:3f:11:75:ba:f0:0b:8c:03:d1:84:02:d8:bf:89:c2:
         16:86:53:d7:20:4f:b0:51:a2:91:d7:bd:92:4d:73:f2:34:09:
         9f:4d:6b:71:6e:63:5d:ad:42:e1:24:96:36:da:2d:39:d5:ba:
         83:d2:d2:13:ce:dd:8b:9a:8a:90:dc:5f:98:e6:24:2c:a6:29:
         ad:95:04:8a:26:52:52:50:7d:8f:df:d5:5b:8d:e6:51:38:ba:
         2c:09:c6:17:41:0d:81:44:5f:ad:35:35:41:84:0b:d9:9a:69:
         27:ee:5c:e5:54:df:e3:41:ac:8e:d2:61:aa:d1:55:a3:a0:f8:
         44:fa:15:97:a4:dc:f4:1e:c7:9a:a4:a1:0a:be:d5:8b:ff:a5:
         09:ac:76:d0:c1:04:d1:74:69:98:a4:7a:3b:4c:c3:f0:73:e4:
         c9:dc:d6:b7:a5:6e:41:42:2f:01:4c:22:0f:50:24:42:aa:79:
         e5:14:73:85:3f:21:e5:70:56:f5:e0:33:01:5b:88:1b:73:8a:
         e0:0b:7e:08
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUbTeubJMHZqMZGUEuf1WqDeBLrUMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDgyNjAwNTExM1oX
DTI1MDkzMDIzNTk1OVowejFJMEcGA1UEBRNAOGZkY2JhMjhmNDhiMzJjNjZhMjA1
ZTFiODBhN2Y5MDBkNzRiY2MzZWJiMDBmMmZjMjg1Njg4NGRiZWMzY2ZiZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPeQk6qH7Txlai6aOrvqqt1ABNWy
cSQ+VJ8euLpZIf6sjEkxQanBIIXMgZzoxMS9Utwe2yPtlIzH3yqkUG9qwNa1mvIm
UoADjnowZFF2oT1EJYME6UA3tLkgiG5XpxI1pG0++17fzCWqJ7NKVLp5D1KNWgSb
JR7jRr2FugxECbHgvP+UsxTFbU4NWSL4icJuGE22Vqw9dfYvABAL+noNgY2I5FO5
c1yefRnwqKXs14ilhQMiyBZq6T++PD7Zzp/crMghf1v/5Otom7zYKZo4G9UMxY56
clEUFJlvAs4/BNDPMaNA6KxOW+PoGDnp0mJo+LWt5NOEi0CEcjmJWDgt3QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFDcXCwSp84IKryUQjOg/v9eoyfkrMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQyNzAxN2NhLWZjMDUtNGRmMS05ZGU4LWRjNjE4Mjg0ODcwNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK8YwDQYJKoZIhvcNAQELBQADggEBALgAOmCqph6DltSaDedmtXbT
TrTRYGFupzhwl8UmxZz3vcaPtkM9nzDgl5W29HRgMlyl1908WlWy+D8RdbrwC4wD
0YQC2L+JwhaGU9cgT7BRopHXvZJNc/I0CZ9Na3FuY12tQuEkljbaLTnVuoPS0hPO
3YuaipDcX5jmJCymKa2VBIomUlJQfY/f1VuN5lE4uiwJxhdBDYFEX601NUGEC9ma
aSfuXOVU3+NBrI7SYarRVaOg+ET6FZek3PQex5qkoQq+1Yv/pQmsdtDBBNF0aZik
ejtMw/Bz5Mnc1relbkFCLwFMIg9QJEKqeeUUc4U/IeVwVvXgMwFbiBtziuALfgg=
-----END CERTIFICATE-----
Generated at Sun Sep 7 11:21:21 2025 by rpki-client