Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0384c943-d0ac-4d4c-b5c3-a670c7e33c51.roa
File:                     0384c943-d0ac-4d4c-b5c3-a670c7e33c51.roa (raw, json)
Hash identifier:          Bq6TP43vAnRuDxlUOvkDxPndDjbVrL7K/Tg7kXBWAoA=
Subject key identifier:   51:97:5B:0C:88:89:73:5F:97:AB:71:15:10:46:63:D4:D2:49:21:25
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       262D958498EC041AAC4BACC589E4C77C607701E4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0384c943-d0ac-4d4c-b5c3-a670c7e33c51.roa
Signing time:             Fri 13 Jun 2025 00:00:59 +0000
ROA not before:           Fri 13 Jun 2025 00:00:59 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.216.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 18 Jun 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:2d:95:84:98:ec:04:1a:ac:4b:ac:c5:89:e4:c7:7c:60:77:01:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 13 00:00:59 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=81cc25d573f6e62f186fd1e7ee30b54a228cc0233ca2822584977f56d38e1c11, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f6:a8:e2:e8:4c:94:5c:e0:61:8d:6a:5f:56:
                    9c:73:61:0c:bb:f3:51:f8:9d:28:37:56:dc:7b:da:
                    4d:16:2d:ea:09:e6:bd:ec:37:c8:ce:fb:95:07:c2:
                    5c:e1:61:7f:7d:de:47:68:1f:2e:df:5f:c1:dd:28:
                    15:83:e7:21:e3:92:db:49:26:d3:c8:13:25:66:7f:
                    7c:3a:e3:e2:9d:ff:68:75:b4:39:62:c3:07:08:2b:
                    eb:a7:ea:27:40:b4:f7:ab:6f:ef:61:91:94:e6:a5:
                    fc:3c:27:71:10:90:af:48:b5:8f:68:89:40:2c:0c:
                    a2:83:a3:da:47:a7:35:7f:c2:20:0e:1b:6d:95:3d:
                    34:fd:c2:20:e0:6b:e1:35:b8:6b:10:1c:2f:08:c4:
                    b3:23:02:2a:d2:20:d0:e9:58:91:f2:fe:9d:20:0a:
                    77:92:86:77:a7:e0:a8:77:ab:da:26:0b:24:9d:73:
                    7a:94:84:cc:d6:f0:01:27:c5:86:f1:17:d5:ba:a9:
                    b2:ef:b1:18:91:25:91:f0:d6:da:91:ca:3b:76:c3:
                    ea:79:d0:a2:dd:60:d8:ae:31:d4:93:88:43:ed:93:
                    42:58:19:f4:90:e0:3e:0a:b4:83:10:ae:95:17:38:
                    9e:3d:54:87:4d:e2:56:53:2a:6d:c5:d8:45:d0:70:
                    d8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:97:5B:0C:88:89:73:5F:97:AB:71:15:10:46:63:D4:D2:49:21:25
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0384c943-d0ac-4d4c-b5c3-a670c7e33c51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.216.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1d:32:84:37:67:8a:78:67:fe:0b:50:bb:dd:17:c8:1a:3b:14:
         be:6c:c7:24:4a:7d:6e:f0:99:0d:55:10:55:0c:7d:68:1e:e7:
         00:2f:35:d7:2f:ab:19:be:19:86:95:d7:6a:2f:a3:ca:f1:91:
         76:cb:57:b7:a5:3a:e6:23:95:09:d0:db:09:96:05:2e:ff:d8:
         7e:a5:8c:7e:32:b9:c7:7e:08:4d:44:bc:a8:ef:ef:0b:d3:b3:
         ba:06:91:bc:d4:08:8c:aa:18:8c:ba:24:61:3e:55:1b:1d:77:
         66:80:6b:7e:0f:7a:bc:2c:e9:1e:86:8f:86:0b:bf:c4:c5:bc:
         ab:6a:2c:ab:c5:6d:4a:82:92:fc:6a:74:20:16:d8:97:26:64:
         8a:b4:8b:1c:88:dd:2a:21:b4:be:b4:79:ce:71:d4:ca:27:c3:
         70:39:5a:3d:99:65:36:41:3c:6c:27:d8:3a:a7:4b:b3:bc:41:
         54:09:2d:d7:57:28:61:15:08:66:98:41:be:fb:97:54:15:ec:
         2d:fa:8e:0e:b9:2c:62:d2:22:e5:b7:a1:f8:f8:1b:d5:65:c9:
         51:b4:da:fd:57:69:c3:17:a7:bd:04:f3:02:ba:d5:be:a5:8b:
         45:b4:c0:e1:25:10:53:b4:ad:be:d8:f2:39:77:15:05:30:48:
         84:69:93:9b
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUJi2VhJjsBBqsS6zFieTHfGB3AeQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDYxMzAwMDA1OVoX
DTI1MDcxODIzNTk1OVowejFJMEcGA1UEBRNAODFjYzI1ZDU3M2Y2ZTYyZjE4NmZk
MWU3ZWUzMGI1NGEyMjhjYzAyMzNjYTI4MjI1ODQ5NzdmNTZkMzhlMWMxMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfao4uhMlFzgYY1qX1acc2EMu/NR
+J0oN1bce9pNFi3qCea97DfIzvuVB8Jc4WF/fd5HaB8u31/B3SgVg+ch45LbSSbT
yBMlZn98OuPinf9odbQ5YsMHCCvrp+onQLT3q2/vYZGU5qX8PCdxEJCvSLWPaIlA
LAyig6PaR6c1f8IgDhttlT00/cIg4GvhNbhrEBwvCMSzIwIq0iDQ6ViR8v6dIAp3
koZ3p+Cod6vaJgsknXN6lITM1vABJ8WG8RfVuqmy77EYkSWR8Nbakco7dsPqedCi
3WDYrjHUk4hD7ZNCWBn0kOA+CrSDEK6VFziePVSHTeJWUyptxdhF0HDYvwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFGXWwyIiXNfl6txFRBGY9TSSSElMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAzODRjOTQzLWQwYWMtNGQ0Yy1iNWMzLWE2NzBjN2UzM2M1MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK9gwDQYJKoZIhvcNAQELBQADggEBAB0yhDdninhn/gtQu90XyBo7
FL5sxyRKfW7wmQ1VEFUMfWge5wAvNdcvqxm+GYaV12ovo8rxkXbLV7elOuYjlQnQ
2wmWBS7/2H6ljH4yucd+CE1EvKjv7wvTs7oGkbzUCIyqGIy6JGE+VRsdd2aAa34P
erws6R6Gj4YLv8TFvKtqLKvFbUqCkvxqdCAW2JcmZIq0ixyI3SohtL60ec5x1Mon
w3A5Wj2ZZTZBPGwn2DqnS7O8QVQJLddXKGEVCGaYQb77l1QV7C36jg65LGLSIuW3
ofj4G9VlyVG02v1XacMXp70E8wK61b6li0W0wOElEFO0rb7Y8jl3FQUwSIRpk5s=
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:56:03 2025 by rpki-client