Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/5663bf34-10ed-4309-a236-7466afd6f02f.roa
File:                     5663bf34-10ed-4309-a236-7466afd6f02f.roa (raw, json)
Hash identifier:          M0GrvXOE20uhKuyeVVUTHSV0Sp/NNw7IvIGk1QmX7es=
Subject key identifier:   5E:3F:6E:AA:3C:6B:20:F6:E3:10:3B:3A:34:9A:BC:75:FA:EF:94:35
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       677B76259366F61E1B4563ED81FF2BA679F93145
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/5663bf34-10ed-4309-a236-7466afd6f02f.roa
Signing time:             Mon 26 May 2025 15:00:04 +0000
ROA not before:           Mon 26 May 2025 15:00:04 +0000
ROA not after:            Mon 30 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:ff00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 07 Jun 2025 15:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:7b:76:25:93:66:f6:1e:1b:45:63:ed:81:ff:2b:a6:79:f9:31:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000, serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: May 26 15:00:04 2025 GMT
            Not After : Jun 30 23:59:59 2025 GMT
        Subject: serialNumber=85c9017fcde865fb9d1d8fc1ece81e587f26d274db9c6c14123591fdbb699a22, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ce:b4:27:b9:84:e3:b1:5b:ad:e5:66:4b:91:
                    aa:b0:22:1b:ba:b6:1e:cb:4f:b9:69:09:6e:d5:34:
                    aa:79:66:75:1b:f3:3a:4e:af:c6:1a:3e:17:0d:26:
                    48:6a:cb:e1:34:da:43:a1:78:19:41:ef:55:de:45:
                    db:48:99:9b:04:3d:94:a2:58:97:92:e0:5b:0c:6f:
                    5d:3b:a7:b4:5d:29:c8:10:c1:33:75:c7:90:1c:a5:
                    0e:3d:31:14:d3:85:9a:d3:ef:13:01:33:0a:df:ec:
                    91:24:9e:01:ff:e6:19:30:da:f0:72:e3:8f:fc:e3:
                    1d:11:fa:69:c1:d6:90:6f:06:4c:aa:5c:01:3f:41:
                    56:9a:69:66:7e:f9:46:f0:22:01:39:75:4f:b6:52:
                    16:9e:25:9a:b2:fa:4c:98:9a:fd:81:13:e0:71:8d:
                    08:a3:70:39:d5:ce:50:aa:a8:93:d6:46:3e:54:81:
                    07:55:16:3c:8f:85:3e:4d:ef:81:1d:8f:59:bc:b1:
                    80:ff:75:7c:39:67:ff:9d:86:69:6f:b1:a3:a6:90:
                    c8:99:e3:33:c5:8b:63:6f:24:64:a3:62:96:02:59:
                    56:93:a8:52:16:43:82:fa:7c:4d:e4:fa:cf:79:73:
                    e8:93:a2:b4:05:37:1f:50:56:ad:fd:be:8b:29:9e:
                    38:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:3F:6E:AA:3C:6B:20:F6:E3:10:3B:3A:34:9A:BC:75:FA:EF:94:35
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/5663bf34-10ed-4309-a236-7466afd6f02f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:ff00::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:cc:fa:2b:2d:48:bf:b1:42:9f:ed:96:52:a4:d1:65:81:33:
         54:6c:cf:16:fa:a9:fd:b1:db:54:86:9d:07:9f:8c:73:33:20:
         2c:cf:4e:f2:76:87:cf:63:b4:f9:db:73:6d:dc:83:83:80:ed:
         38:2b:3b:e1:53:e5:54:94:ce:88:fa:9d:7f:3e:44:ce:fa:86:
         e1:14:3c:4d:31:76:32:27:75:54:37:c5:a8:f8:bf:3b:ee:37:
         35:62:cd:47:03:96:af:cd:6f:fe:10:e9:89:79:a6:53:65:f5:
         1b:e1:f8:82:28:d3:4d:96:43:2a:fc:f5:90:bb:87:03:45:1a:
         c2:1c:ec:eb:37:c7:eb:30:8f:37:f2:f7:e7:14:f0:d7:9d:55:
         64:b1:95:e8:f8:22:2d:34:4d:82:27:84:1c:c4:04:44:07:3b:
         f1:c9:a8:1a:3e:0c:6b:23:06:23:27:bb:fd:8c:2c:05:3d:2f:
         75:bf:b4:fb:4a:97:51:43:b5:3d:ac:6f:59:57:fa:88:ce:b3:
         07:47:6e:8b:cd:08:e1:f3:85:96:a1:3d:91:61:95:72:9c:ab:
         ea:e2:a9:ee:ef:0b:c5:b5:e8:00:94:40:b8:bb:f9:4f:04:4d:
         c2:83:30:32:bf:3c:8a:38:0a:90:18:fc:f3:0b:a1:2c:07:69:
         ec:5e:17:60
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUZ3t2JZNm9h4bRWPtgf8rpnn5MUUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI1MDUyNjE1MDAwNFoX
DTI1MDYzMDIzNTk1OVowejFJMEcGA1UEBRNAODVjOTAxN2ZjZGU4NjVmYjlkMWQ4
ZmMxZWNlODFlNTg3ZjI2ZDI3NGRiOWM2YzE0MTIzNTkxZmRiYjY5OWEyMjEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxc60J7mE47FbreVmS5GqsCIburYe
y0+5aQlu1TSqeWZ1G/M6Tq/GGj4XDSZIasvhNNpDoXgZQe9V3kXbSJmbBD2UoliX
kuBbDG9dO6e0XSnIEMEzdceQHKUOPTEU04Wa0+8TATMK3+yRJJ4B/+YZMNrwcuOP
/OMdEfppwdaQbwZMqlwBP0FWmmlmfvlG8CIBOXVPtlIWniWasvpMmJr9gRPgcY0I
o3A51c5QqqiT1kY+VIEHVRY8j4U+Te+BHY9ZvLGA/3V8OWf/nYZpb7GjppDImeMz
xYtjbyRko2KWAllWk6hSFkOC+nxN5PrPeXPok6K0BTcfUFat/b6LKZ44BwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFF4/bqo8ayD24xA7OjSavHX675Q1MB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzU2NjNiZjM0LTEwZWQtNDMwOS1hMjM2LTc0NjZhZmQ2ZjAyZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzAP8AMA0GCSqGSIb3DQEBCwUAA4IBAQApzPorLUi/sUKf7ZZS
pNFlgTNUbM8W+qn9sdtUhp0Hn4xzMyAsz07ydofPY7T523Nt3IODgO04KzvhU+VU
lM6I+p1/PkTO+obhFDxNMXYyJ3VUN8Wo+L877jc1Ys1HA5avzW/+EOmJeaZTZfUb
4fiCKNNNlkMq/PWQu4cDRRrCHOzrN8frMI838vfnFPDXnVVksZXo+CItNE2CJ4Qc
xAREBzvxyagaPgxrIwYjJ7v9jCwFPS91v7T7SpdRQ7U9rG9ZV/qIzrMHR26LzQjh
84WWoT2RYZVynKvq4qnu7wvFtegAlEC4u/lPBE3CgzAyvzyKOAqQGPzzC6EsB2ns
Xhdg
-----END CERTIFICATE-----
Generated at Tue Jun 3 23:36:05 2025 by rpki-client