Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa
File:                     c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa (raw, json)
Hash identifier:          29W9baS1ezgnMspblpV6tO4kzMsgrl55pWp4L4oJYuc=
Subject key identifier:   7B:A8:58:89:1E:45:FB:D3:A3:46:B4:F7:33:C5:79:8C:D2:30:E7:4E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       10AD8DF19477BAF9DB7439B3D6866F0293C9281E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa
Signing time:             Tue 08 Jul 2025 00:00:54 +0000
ROA not before:           Tue 08 Jul 2025 00:00:54 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.218.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ad:8d:f1:94:77:ba:f9:db:74:39:b3:d6:86:6f:02:93:c9:28:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul  8 00:00:54 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=de33f09c64add5bbde5962362ecbc95e62c22fcc0c5d84f33cfae801df066777, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:07:45:1f:e1:85:b1:c9:86:d0:8f:4c:74:ce:
                    39:af:42:2a:14:e5:64:c9:2b:90:8e:4f:f8:78:17:
                    8b:9a:32:c6:23:87:d7:d7:7b:63:3f:1b:66:56:bc:
                    5f:1e:e1:c6:d2:09:eb:f9:df:cc:aa:d0:24:6d:7f:
                    30:d5:cf:d6:f1:b9:43:7c:e7:42:69:3a:ba:7c:b2:
                    4f:6d:ff:ba:9f:e8:bc:b9:93:5b:92:73:c6:8c:af:
                    79:22:a3:be:1f:3b:8c:c1:17:27:2a:f1:f9:fd:43:
                    73:8d:8a:3c:00:a1:5f:b7:10:55:e3:09:05:08:81:
                    1d:d4:2a:d1:5f:f6:9c:12:8f:45:b2:d7:cc:7a:f1:
                    9a:87:a8:df:ef:d8:b3:d9:ce:f3:eb:f8:0d:3d:cf:
                    65:77:a5:72:d0:53:18:f4:f7:b8:1f:4c:79:e2:81:
                    5d:cd:20:b2:96:89:01:ce:70:33:cf:1d:a5:df:d8:
                    71:59:b0:67:fc:48:6f:39:5f:72:ff:18:d5:bc:0a:
                    c0:5c:9f:c5:3b:62:6a:5c:6f:b9:de:e7:72:b4:68:
                    0e:3f:8b:e0:68:1b:08:3c:e6:f4:bb:d3:e6:63:67:
                    ee:11:fd:96:2d:4c:59:fb:68:83:41:f2:b8:2c:0b:
                    1c:dc:b2:6d:ae:2f:15:98:1e:b3:40:1b:1c:ae:fe:
                    6a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A8:58:89:1E:45:FB:D3:A3:46:B4:F7:33:C5:79:8C:D2:30:E7:4E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.218.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:e0:ab:30:84:91:69:17:27:27:1a:6e:08:6e:ba:ae:5f:af:
         72:2b:a5:ec:26:71:91:db:2d:82:08:7c:b2:37:89:22:1b:2a:
         39:11:59:23:75:47:b4:d2:01:39:89:64:cd:34:76:37:04:a5:
         66:8b:3e:60:bd:e9:49:0a:ae:4b:11:82:d3:bb:31:48:e3:d7:
         85:3d:02:e0:24:d3:59:5b:7d:4f:65:7f:51:93:aa:d5:64:14:
         42:ba:ca:87:f3:94:04:b8:64:6a:a8:25:1e:ba:4d:95:6e:ec:
         cf:c8:7e:1a:70:85:0d:9d:10:72:22:28:c7:d8:da:23:b3:c4:
         43:89:cb:0b:86:b6:c4:f6:60:52:c5:b6:d5:d7:ac:cf:fa:46:
         cf:f8:7c:bd:b1:62:01:34:58:70:26:e6:9e:d2:32:16:36:4c:
         2a:47:bc:d5:66:81:89:93:b5:62:5a:41:c3:d5:01:8d:6e:69:
         3d:e6:22:74:cf:8f:44:a8:db:80:b9:1f:b4:78:6b:46:a2:7e:
         44:2f:00:7b:74:66:c2:d0:21:cd:23:68:60:00:3e:67:44:44:
         b5:9f:b2:bf:92:c7:31:27:65:45:de:8b:2c:d5:92:19:44:73:
         a1:5a:b1:68:e2:4c:92:2b:69:84:9a:05:22:63:a9:99:08:12:
         9d:a7:79:31
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUEK2N8ZR3uvnbdDmz1oZvApPJKB4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcwODAwMDA1NFoX
DTI1MDgxMjIzNTk1OVowejFJMEcGA1UEBRNAZGUzM2YwOWM2NGFkZDViYmRlNTk2
MjM2MmVjYmM5NWU2MmMyMmZjYzBjNWQ4NGYzM2NmYWU4MDFkZjA2Njc3NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAdFH+GFscmG0I9MdM45r0IqFOVk
ySuQjk/4eBeLmjLGI4fX13tjPxtmVrxfHuHG0gnr+d/MqtAkbX8w1c/W8blDfOdC
aTq6fLJPbf+6n+i8uZNbknPGjK95IqO+HzuMwRcnKvH5/UNzjYo8AKFftxBV4wkF
CIEd1CrRX/acEo9FstfMevGah6jf79iz2c7z6/gNPc9ld6Vy0FMY9Pe4H0x54oFd
zSCylokBznAzzx2l39hxWbBn/EhvOV9y/xjVvArAXJ/FO2JqXG+53udytGgOP4vg
aBsIPOb0u9PmY2fuEf2WLUxZ+2iDQfK4LAsc3LJtri8VmB6zQBscrv5qdQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFHuoWIkeRfvTo0a09zPFeYzSMOdOMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MwZTA3MzVkLWE5MWUtNDc4ZC04MmQyLWEzZjA0ZWU0MzVkMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBK9qeMA0GCSqGSIb3DQEBCwUAA4IBAQAr4KswhJFpFycnGm4Ibrqu
X69yK6XsJnGR2y2CCHyyN4kiGyo5EVkjdUe00gE5iWTNNHY3BKVmiz5gvelJCq5L
EYLTuzFI49eFPQLgJNNZW31PZX9Rk6rVZBRCusqH85QEuGRqqCUeuk2VbuzPyH4a
cIUNnRByIijH2Nojs8RDicsLhrbE9mBSxbbV16zP+kbP+Hy9sWIBNFhwJuae0jIW
NkwqR7zVZoGJk7ViWkHD1QGNbmk95iJ0z49EqNuAuR+0eGtGon5ELwB7dGbC0CHN
I2hgAD5nRES1n7K/kscxJ2VF3oss1ZIZRHOhWrFo4kySK2mEmgUiY6mZCBKdp3kx
-----END CERTIFICATE-----
Generated at Thu Jul 31 00:57:26 2025 by rpki-client