Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa
File:                     cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa (raw, json)
Hash identifier:          yOhD934HipKIALKOkXyUMhOVSxeOQG/b0pVEnB2hZ9E=
Subject key identifier:   BB:0F:EA:31:11:69:71:50:7C:B6:C3:F8:B4:6F:A5:AA:B9:9C:EF:4A
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       35EFE45EB1064B912A321A6AC89863E468E160F7
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa
Signing time:             Wed 02 Jul 2025 00:00:05 +0000
ROA not before:           Wed 02 Jul 2025 00:00:05 +0000
ROA not after:            Wed 06 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.250.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 06 Jul 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ef:e4:5e:b1:06:4b:91:2a:32:1a:6a:c8:98:63:e4:68:e1:60:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jul  2 00:00:05 2025 GMT
            Not After : Aug  6 23:59:59 2025 GMT
        Subject: serialNumber=341b5f51a6375b5de8e0ef89efc9e54dc47971e2212300a5b1ddccb686d1ae50, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0b:73:4d:19:35:ae:6b:4b:aa:73:e5:85:f1:
                    30:bd:dd:16:2a:d2:4c:9a:75:9c:e7:e0:c7:08:e2:
                    a8:d0:1a:bd:d5:87:73:59:dd:7e:b5:99:b4:e6:2e:
                    8f:6e:97:3d:6a:ca:32:d2:e2:48:39:1a:28:66:6e:
                    4f:ae:d5:77:9f:f4:34:67:47:50:79:24:05:d2:34:
                    e4:13:88:aa:05:6c:0c:d1:0c:cf:a1:d5:d2:80:20:
                    89:89:73:64:e2:07:c4:3c:c3:b2:b2:60:d3:43:bc:
                    cb:3d:67:29:85:43:9a:55:a9:99:34:09:1b:86:dc:
                    e7:b1:59:d0:ed:84:54:94:8a:26:a4:31:6c:0a:3e:
                    11:0c:c4:3f:3f:6a:3b:3e:07:ea:4a:e6:20:05:2f:
                    18:2a:43:e6:1a:17:bc:d4:df:f8:61:e7:87:f8:68:
                    d3:d5:03:ac:9d:32:f2:bb:cd:3e:09:c9:ac:cf:62:
                    e1:16:90:21:7b:0d:e1:ca:ad:27:10:ce:a6:bf:21:
                    9c:3d:9c:7a:68:77:e3:17:b3:18:77:59:b8:dc:ec:
                    67:73:a1:e8:0c:89:5d:36:de:58:8a:8f:ce:94:45:
                    eb:c8:76:f4:73:82:30:cf:56:83:36:53:39:e8:a4:
                    b8:cb:4a:20:f4:a2:3c:4c:96:f5:45:01:ee:dd:91:
                    e2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:0F:EA:31:11:69:71:50:7C:B6:C3:F8:B4:6F:A5:AA:B9:9C:EF:4A
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:21:12:55:c0:ce:9e:57:0c:f0:e3:ce:a7:89:78:49:e6:b5:
         df:42:5f:83:1f:62:a8:04:b7:9d:85:58:9e:e2:f2:61:ae:b0:
         89:d6:ed:f7:f2:4e:d6:d7:28:d2:05:35:63:ba:32:4a:71:bc:
         89:6a:e1:26:7e:51:01:68:a9:92:15:00:78:b1:9f:51:41:20:
         9c:f3:ee:6e:f6:b4:04:6f:94:f2:d4:cf:26:29:65:61:8b:89:
         31:76:69:90:fc:50:ab:25:70:8e:a4:45:61:36:ee:89:66:dd:
         0d:4d:96:a0:20:c2:a5:87:79:34:2a:65:17:2e:76:92:0a:a7:
         03:12:96:d5:f9:cb:3b:d8:10:98:1c:6b:4c:b6:fb:42:63:70:
         e9:6e:24:e2:a2:aa:36:b3:13:08:88:a0:28:4a:de:e8:79:ce:
         f2:ee:ad:59:11:aa:2c:54:64:0b:48:f7:f9:37:81:e1:ed:10:
         c0:ce:56:43:41:17:e2:78:33:e6:6c:b0:bc:f1:3b:e3:44:af:
         dd:74:e9:a0:b9:cc:29:80:be:6e:1d:64:a8:15:bd:d6:ef:fe:
         98:00:db:8b:5e:9a:de:43:8a:f3:dc:a1:f3:2d:ce:91:c4:0e:
         f2:3a:23:e4:b4:d2:90:f8:2a:f0:83:97:bd:b7:29:78:90:27:
         16:0d:fd:6c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUNe/kXrEGS5EqMhpqyJhj5GjhYPcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDcwMjAwMDAwNVoX
DTI1MDgwNjIzNTk1OVowejFJMEcGA1UEBRNAMzQxYjVmNTFhNjM3NWI1ZGU4ZTBl
Zjg5ZWZjOWU1NGRjNDc5NzFlMjIxMjMwMGE1YjFkZGNjYjY4NmQxYWU1MDEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgtzTRk1rmtLqnPlhfEwvd0WKtJM
mnWc5+DHCOKo0Bq91YdzWd1+tZm05i6Pbpc9asoy0uJIORooZm5PrtV3n/Q0Z0dQ
eSQF0jTkE4iqBWwM0QzPodXSgCCJiXNk4gfEPMOysmDTQ7zLPWcphUOaVamZNAkb
htznsVnQ7YRUlIompDFsCj4RDMQ/P2o7PgfqSuYgBS8YKkPmGhe81N/4YeeH+GjT
1QOsnTLyu80+Ccmsz2LhFpAhew3hyq0nEM6mvyGcPZx6aHfjF7MYd1m43Oxnc6Ho
DIldNt5Yio/OlEXryHb0c4Iwz1aDNlM56KS4y0og9KI8TJb1RQHu3ZHinQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFLsP6jERaXFQfLbD+LRvpaq5nO9KMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2NiMmU1YThjLTIxZjEtNDY3OS1hMzcyLTYxNzczMmZjM2VhNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/rAMA0GCSqGSIb3DQEBCwUAA4IBAQDIIRJVwM6eVwzw486niXhJ
5rXfQl+DH2KoBLedhVie4vJhrrCJ1u338k7W1yjSBTVjujJKcbyJauEmflEBaKmS
FQB4sZ9RQSCc8+5u9rQEb5Ty1M8mKWVhi4kxdmmQ/FCrJXCOpEVhNu6JZt0NTZag
IMKlh3k0KmUXLnaSCqcDEpbV+cs72BCYHGtMtvtCY3DpbiTioqo2sxMIiKAoSt7o
ec7y7q1ZEaosVGQLSPf5N4Hh7RDAzlZDQRfieDPmbLC88TvjRK/ddOmgucwpgL5u
HWSoFb3W7/6YANuLXpreQ4rz3KHzLc6RxA7yOiPktNKQ+Crwg5e9tyl4kCcWDf1s
-----END CERTIFICATE-----
Generated at Wed Jul 2 03:12:50 2025 by rpki-client