Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/40956690-3661-49f2-8ebc-2fa5a47a98ad.roa
File:                     40956690-3661-49f2-8ebc-2fa5a47a98ad.roa (raw, json)
Hash identifier:          rgJvuK04T9dCqdk0k3/+MpwSAH/1W0e0dxh8MI4Rhkk=
Subject key identifier:   17:F5:D4:3B:12:CA:7C:D5:FE:46:B4:F6:DD:8A:CE:8D:7E:05:88:A2
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       3027ED36789DE74FB4FEACD91ECCAB05351D7DEE
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/40956690-3661-49f2-8ebc-2fa5a47a98ad.roa
Signing time:             Mon 04 Aug 2025 15:00:17 +0000
ROA not before:           Mon 04 Aug 2025 15:00:17 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 00:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:27:ed:36:78:9d:e7:4f:b4:fe:ac:d9:1e:cc:ab:05:35:1d:7d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Aug  4 15:00:17 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=7605130f15b88e7403d6c6412ef3c273a244dbb37629beabd5d9ebd42a5a2f3b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a1:20:c3:5c:16:a6:60:69:50:35:01:d5:9d:
                    45:d2:77:44:9e:06:38:29:24:65:01:d7:79:5f:25:
                    41:21:71:b3:f3:ba:c3:8a:f3:ea:54:a9:c3:b4:47:
                    0e:ea:87:b2:50:05:a7:8f:4d:0a:c3:6f:86:46:37:
                    d7:5f:70:b5:32:8d:e8:91:6a:2f:88:56:32:7c:d5:
                    38:a8:a1:ed:0d:8e:a5:f3:70:96:82:f4:0e:91:39:
                    1f:d2:75:11:f3:64:02:5e:ee:be:1b:11:6d:7b:46:
                    e3:e8:e1:28:fd:2a:b0:9e:d1:0c:66:7a:44:c1:8f:
                    1a:25:ec:89:81:d7:c8:4d:1c:6e:42:5d:33:4e:86:
                    13:02:33:e8:bd:a6:2b:10:20:62:7b:4b:b0:91:f8:
                    6c:e4:3e:1e:24:06:c8:9b:6d:d3:2b:4e:7c:1c:65:
                    01:18:68:66:e3:f3:8d:69:80:84:7e:6a:b4:ff:7e:
                    d8:05:71:ab:cc:9e:c6:88:98:22:21:07:b1:f2:59:
                    23:1d:5e:a6:c1:7c:d4:48:57:a2:8b:a3:9c:9f:3f:
                    d0:96:8d:e9:3a:58:ac:89:af:9e:7c:d6:cd:41:bc:
                    11:e0:c5:02:b4:f2:b0:55:ee:9a:cf:c7:df:e1:54:
                    08:9e:9d:12:52:b8:3e:ef:c0:01:24:90:9f:27:ed:
                    58:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F5:D4:3B:12:CA:7C:D5:FE:46:B4:F6:DD:8A:CE:8D:7E:05:88:A2
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/40956690-3661-49f2-8ebc-2fa5a47a98ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7f:d8:d9:ef:d5:75:e8:58:78:dd:61:c8:21:d6:e8:b7:42:fd:
         ad:29:20:d6:92:1e:88:96:18:29:30:4e:29:e5:c9:09:bd:81:
         7f:bf:b5:dd:61:f8:27:ca:44:f3:66:f4:d5:7e:d4:21:cd:dc:
         6c:a1:b5:03:f9:2d:71:17:64:ed:21:f1:c3:41:76:aa:d9:f7:
         63:61:2c:c8:bd:9d:8b:1e:2c:37:32:e1:94:14:97:ea:82:bd:
         5c:0d:8c:e5:1f:ae:1e:54:49:8c:b7:24:f1:30:3b:d8:40:7d:
         6a:19:b7:b9:02:8d:a3:f9:b1:af:fe:c5:96:50:82:62:ef:37:
         08:4d:13:b4:dd:cf:20:d3:10:ff:c4:8d:45:70:f6:e5:85:34:
         6d:62:48:34:64:2e:90:c8:bb:c7:90:b7:d5:44:fc:30:46:c2:
         25:fb:0c:95:49:8c:03:2a:76:4d:30:89:25:e4:e7:58:f0:41:
         a4:4b:db:09:e0:96:1f:75:b9:cf:b7:5e:d6:2e:d3:eb:88:3b:
         ad:8d:ca:64:e8:83:21:4b:98:30:e1:b4:53:b7:69:84:eb:84:
         0d:41:39:e2:99:c2:93:f0:ce:6e:09:b6:c2:d4:47:01:bd:74:
         4f:09:50:3b:87:2c:be:66:ef:57:85:24:02:91:74:07:07:70:
         c8:50:c7:82
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUMCftNnid50+0/qzZHsyrBTUdfe4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDgwNDE1MDAxN1oX
DTI1MDkwODIzNTk1OVowejFJMEcGA1UEBRNANzYwNTEzMGYxNWI4OGU3NDAzZDZj
NjQxMmVmM2MyNzNhMjQ0ZGJiMzc2MjliZWFiZDVkOWViZDQyYTVhMmYzYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqEgw1wWpmBpUDUB1Z1F0ndEngY4
KSRlAdd5XyVBIXGz87rDivPqVKnDtEcO6oeyUAWnj00Kw2+GRjfXX3C1Mo3okWov
iFYyfNU4qKHtDY6l83CWgvQOkTkf0nUR82QCXu6+GxFte0bj6OEo/SqwntEMZnpE
wY8aJeyJgdfITRxuQl0zToYTAjPovaYrECBie0uwkfhs5D4eJAbIm23TK058HGUB
GGhm4/ONaYCEfmq0/37YBXGrzJ7GiJgiIQex8lkjHV6mwXzUSFeii6Ocnz/Qlo3p
Olisia+efNbNQbwR4MUCtPKwVe6az8ff4VQInp0SUrg+78ABJJCfJ+1YTwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBf11DsSynzV/ka09t2Kzo1+BYiiMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQwOTU2NjkwLTM2NjEtNDlmMi04ZWJjLTJmYTVhNDdhOThhZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDn/jwMA0GCSqGSIb3DQEBCwUAA4IBAQB/2Nnv1XXoWHjdYcgh1ui3
Qv2tKSDWkh6IlhgpME4p5ckJvYF/v7XdYfgnykTzZvTVftQhzdxsobUD+S1xF2Tt
IfHDQXaq2fdjYSzIvZ2LHiw3MuGUFJfqgr1cDYzlH64eVEmMtyTxMDvYQH1qGbe5
Ao2j+bGv/sWWUIJi7zcITRO03c8g0xD/xI1FcPblhTRtYkg0ZC6QyLvHkLfVRPww
RsIl+wyVSYwDKnZNMIkl5OdY8EGkS9sJ4JYfdbnPt17WLtPriDutjcpk6IMhS5gw
4bRTt2mE64QNQTnimcKT8M5uCbbC1EcBvXRPCVA7hyy+Zu9XhSQCkXQHB3DIUMeC
-----END CERTIFICATE-----
Generated at Tue Aug 5 20:21:06 2025 by rpki-client