Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/6982f3ac-c7ae-423c-a028-517d7541d973.roa
File:                     6982f3ac-c7ae-423c-a028-517d7541d973.roa (raw, json)
Hash identifier:          g4RFBdr8RDCAoQ4TYjRSUf63E3aYT4/8kDlIFEDDVH8=
Subject key identifier:   DB:1A:B8:C8:D6:99:8E:0A:E9:24:E6:2D:1C:05:95:E0:B6:4F:DA:AF
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       39F627FD112F93F8304603E4F5A047EC455368B2
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/6982f3ac-c7ae-423c-a028-517d7541d973.roa
Signing time:             Fri 01 Aug 2025 00:50:05 +0000
ROA not before:           Fri 01 Aug 2025 00:50:05 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 00:51:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:f6:27:fd:11:2f:93:f8:30:46:03:e4:f5:a0:47:ec:45:53:68:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000, serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Aug  1 00:50:05 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=64c2a70aa5ce0f0f9322995b560a299ffb368833c2f4dcbae94415403cb646a4, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:51:ad:12:d0:99:4e:6b:ec:f5:1b:38:98:0c:
                    90:4c:fa:04:96:d9:31:b2:61:fb:8f:83:1a:44:e3:
                    9a:a1:cb:fc:3c:8d:9d:64:3f:8d:3d:ca:c0:60:e9:
                    f1:e2:fa:bf:11:7b:a1:e6:9d:49:ab:87:92:60:e8:
                    e6:64:71:18:de:64:1c:8b:99:4e:b6:20:86:72:36:
                    47:2c:ae:14:b9:56:74:21:fb:1a:1f:2b:96:22:87:
                    99:e3:a3:38:9b:a4:eb:08:4e:08:2a:bd:98:2f:90:
                    7a:8e:96:4e:39:89:17:cc:af:7c:38:92:28:47:e5:
                    85:85:97:03:d8:df:3b:9f:e6:30:e8:75:a5:55:28:
                    d9:d0:ef:e1:79:52:9c:28:b1:17:8a:a8:3f:74:74:
                    77:9c:03:8e:aa:ea:41:e7:eb:08:7f:d7:93:91:4e:
                    80:8e:0b:0b:f0:fd:25:fa:71:99:81:11:76:1c:51:
                    29:65:e7:79:16:e3:08:67:75:10:2b:5a:11:1e:8b:
                    c0:cd:df:e8:2f:2b:72:8d:20:d7:8c:8f:71:7c:1f:
                    f2:2f:84:20:be:ae:dd:5d:bb:9c:9d:b5:eb:d1:a0:
                    20:11:60:93:ee:f8:f5:32:14:08:1e:66:c9:30:02:
                    4d:e1:e0:25:f1:11:8c:2b:7d:85:04:e6:47:37:8f:
                    06:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:1A:B8:C8:D6:99:8E:0A:E9:24:E6:2D:1C:05:95:E0:B6:4F:DA:AF
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/6982f3ac-c7ae-423c-a028-517d7541d973.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         25:71:1d:f9:a7:7b:6b:f7:59:09:95:71:c0:99:49:bf:fb:a8:
         1d:c8:e6:ba:3b:ee:4f:ec:cd:e7:bc:bf:d2:17:b8:a1:b0:b0:
         68:09:f4:5e:ea:6d:b2:e9:31:a3:9e:14:89:92:03:b3:98:69:
         48:61:7c:0a:a9:7b:1d:83:a1:3a:34:55:3e:43:64:cc:76:42:
         51:62:4f:79:a3:e4:31:52:d0:04:5e:db:c8:d7:1c:3a:79:91:
         20:8b:81:53:57:81:f2:f9:01:ca:1f:ff:ca:ee:18:8e:b1:c3:
         dd:89:2e:59:7b:cd:c5:98:5b:64:a1:6c:4a:2b:2f:91:b4:b8:
         31:3d:1e:5d:bb:a1:a9:18:c2:53:20:0d:68:88:ea:af:af:59:
         39:26:7d:32:a4:3b:74:33:0b:e3:52:bf:82:0b:60:2c:26:7f:
         97:63:eb:d6:4c:63:6b:79:18:e4:ee:91:f4:4e:24:96:ba:38:
         4d:1b:d1:89:fe:1d:d9:02:6b:9a:bc:cc:a3:10:fd:5a:d1:a8:
         dc:1a:d2:5e:3d:b2:4a:3b:48:ef:32:ed:84:d4:f1:a8:b5:d0:
         a8:13:40:bb:b8:20:00:25:8b:20:34:b4:c6:23:5a:df:50:38:
         e9:a0:18:55:7b:39:13:19:ae:3b:7d:0e:0c:bd:ca:76:69:e9:
         4d:7f:9c:14
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUOfYn/REvk/gwRgPk9aBH7EVTaLIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI1MDgwMTAwNTAwNVoX
DTI1MDkwNTIzNTk1OVowejFJMEcGA1UEBRNANjRjMmE3MGFhNWNlMGYwZjkzMjI5
OTViNTYwYTI5OWZmYjM2ODgzM2MyZjRkY2JhZTk0NDE1NDAzY2I2NDZhNDEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VGtEtCZTmvs9Rs4mAyQTPoEltkx
smH7j4MaROOaocv8PI2dZD+NPcrAYOnx4vq/EXuh5p1Jq4eSYOjmZHEY3mQci5lO
tiCGcjZHLK4UuVZ0IfsaHyuWIoeZ46M4m6TrCE4IKr2YL5B6jpZOOYkXzK98OJIo
R+WFhZcD2N87n+Yw6HWlVSjZ0O/heVKcKLEXiqg/dHR3nAOOqupB5+sIf9eTkU6A
jgsL8P0l+nGZgRF2HFEpZed5FuMIZ3UQK1oRHovAzd/oLytyjSDXjI9xfB/yL4Qg
vq7dXbucnbXr0aAgEWCT7vj1MhQIHmbJMAJN4eAl8RGMK32FBOZHN48GaQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNsauMjWmY4K6STmLRwFleC2T9qvMB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzY5ODJmM2FjLWM3YWUtNDIzYy1hMDI4LTUxN2Q3NTQxZDk3My5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAOzABAwDQYJKoZIhvcNAQELBQADggEBACVxHfmne2v3WQmVccCZ
Sb/7qB3I5ro77k/szee8v9IXuKGwsGgJ9F7qbbLpMaOeFImSA7OYaUhhfAqpex2D
oTo0VT5DZMx2QlFiT3mj5DFS0ARe28jXHDp5kSCLgVNXgfL5Acof/8ruGI6xw92J
Lll7zcWYW2ShbEorL5G0uDE9Hl27oakYwlMgDWiI6q+vWTkmfTKkO3QzC+NSv4IL
YCwmf5dj69ZMY2t5GOTukfROJJa6OE0b0Yn+HdkCa5q8zKMQ/VrRqNwa0l49sko7
SO8y7YTU8ai10KgTQLu4IAAliyA0tMYjWt9QOOmgGFV7ORMZrjt9Dgy9ynZp6U1/
nBQ=
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:25:57 2025 by rpki-client