Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/1dffeac8-b779-49ef-ba27-58bc19891e60.roa
File:                     1dffeac8-b779-49ef-ba27-58bc19891e60.roa (raw, json)
Hash identifier:          +dgLMbF0Pa9+nV1whtS18K/OYeyEPHxLgt1uJNdX/z8=
Subject key identifier:   F9:0B:D4:03:3A:BB:47:93:28:A8:4B:4B:4C:EA:40:85:C9:25:20:F4
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       6785BE6F57EB85964634D85213738F47654463EB
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/1dffeac8-b779-49ef-ba27-58bc19891e60.roa
Signing time:             Sat 02 Aug 2025 00:00:12 +0000
ROA not before:           Sat 02 Aug 2025 00:00:12 +0000
ROA not after:            Sat 06 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 15:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:85:be:6f:57:eb:85:96:46:34:d8:52:13:73:8f:47:65:44:63:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Aug  2 00:00:12 2025 GMT
            Not After : Sep  6 23:59:59 2025 GMT
        Subject: serialNumber=ca7b20e92a5617746d493c3398ed7370c65505d07512cd85e099361e3c48bda7, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:83:b8:e9:05:21:f0:9f:07:92:d4:a4:dd:d1:
                    df:8b:be:15:70:89:89:59:a2:b7:17:bc:f7:28:92:
                    4e:cd:7e:bd:11:25:5f:c0:1c:8f:c2:98:fa:4a:26:
                    93:ad:01:aa:f4:07:4d:97:e8:bf:bb:6c:b3:39:fa:
                    1d:31:74:29:30:e7:7e:9f:5e:db:fb:ef:ca:7e:d6:
                    e5:69:6c:72:fb:5e:12:e4:d1:44:70:9a:7b:af:fb:
                    4e:67:f4:69:92:ad:73:92:32:77:d1:07:88:c3:dc:
                    86:c9:3b:62:34:eb:1e:1d:cc:a9:ec:be:ce:9e:bc:
                    03:60:92:1a:ff:2e:ba:7a:45:3c:07:26:b8:c4:55:
                    cc:fb:1f:a0:a0:6c:58:62:c8:a1:89:d9:fc:2f:2b:
                    97:1a:c7:29:8a:e6:a2:05:5d:b4:c3:7c:8b:d8:c8:
                    ac:bd:01:2f:ac:be:51:03:5c:a8:63:33:3b:d5:c4:
                    2a:97:48:fd:52:8c:cb:55:2f:4d:28:d6:8a:d2:7f:
                    53:c3:b2:bd:71:e4:77:41:0e:9d:ea:0e:27:05:05:
                    47:e4:8b:21:f5:b3:6f:7c:44:8c:90:4b:41:d1:96:
                    4a:21:31:04:7b:40:15:60:a8:8f:9b:ca:26:1f:92:
                    a9:7c:ca:86:05:80:cf:bd:e0:69:ad:53:0f:0e:86:
                    1a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0B:D4:03:3A:BB:47:93:28:A8:4B:4B:4C:EA:40:85:C9:25:20:F4
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/1dffeac8-b779-49ef-ba27-58bc19891e60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         f4:cb:10:da:10:1f:98:d8:53:d8:b4:5d:e9:2c:fe:1c:0c:f7:
         f0:90:8d:60:18:34:50:3c:d0:5f:43:77:78:99:b1:f4:f2:96:
         7c:8f:63:59:b1:b8:9a:de:fa:ad:e0:b7:16:73:92:4a:fd:00:
         72:b2:8b:99:7b:df:ab:17:83:ae:f9:c1:a1:8c:c2:f3:3e:78:
         04:ee:38:f5:6f:a2:f7:d3:56:a9:6a:40:fc:51:c8:59:7e:5c:
         db:5a:4b:d7:d7:6b:d9:46:4f:cc:08:81:08:4d:13:c9:a7:6c:
         76:1f:8b:3b:97:b6:41:8b:0a:cc:bc:92:54:38:96:b1:72:a4:
         81:a8:73:94:ad:43:87:2d:04:28:bd:27:99:a6:18:70:f8:e2:
         87:31:1f:24:c7:13:7f:7b:e4:e3:bd:85:e5:44:72:94:5f:43:
         0f:84:00:35:2c:49:b6:1b:3e:0c:af:34:38:01:76:07:7d:ab:
         a5:a0:15:cf:55:cd:0b:b7:8d:7f:85:30:01:fe:85:27:3b:49:
         b5:5a:c7:18:0b:b7:ee:fd:5d:29:34:ba:fa:01:aa:10:d7:f4:
         8a:96:ed:e6:a9:c9:8b:cc:42:d3:83:03:7d:14:1c:24:83:da:
         41:9c:da:e2:b4:2f:c2:66:9e:db:5c:01:34:65:7b:45:d3:80:
         e8:40:36:be
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUZ4W+b1frhZZGNNhSE3OPR2VEY+swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDgwMjAwMDAxMloX
DTI1MDkwNjIzNTk1OVowejFJMEcGA1UEBRNAY2E3YjIwZTkyYTU2MTc3NDZkNDkz
YzMzOThlZDczNzBjNjU1MDVkMDc1MTJjZDg1ZTA5OTM2MWUzYzQ4YmRhNzEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIO46QUh8J8HktSk3dHfi74VcImJ
WaK3F7z3KJJOzX69ESVfwByPwpj6SiaTrQGq9AdNl+i/u2yzOfodMXQpMOd+n17b
++/KftblaWxy+14S5NFEcJp7r/tOZ/Rpkq1zkjJ30QeIw9yGyTtiNOseHcyp7L7O
nrwDYJIa/y66ekU8Bya4xFXM+x+goGxYYsihidn8LyuXGscpiuaiBV20w3yL2Mis
vQEvrL5RA1yoYzM71cQql0j9UozLVS9NKNaK0n9Tw7K9ceR3QQ6d6g4nBQVH5Ish
9bNvfESMkEtB0ZZKITEEe0AVYKiPm8omH5KpfMqGBYDPveBprVMPDoYa1QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPkL1AM6u0eTKKhLS0zqQIXJJSD0MB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzFkZmZlYWM4LWI3NzktNDllZi1iYTI3LTU4YmMxOTg5MWU2MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCrymQMA0GCSqGSIb3DQEBCwUAA4IBAQD0yxDaEB+Y2FPYtF3pLP4c
DPfwkI1gGDRQPNBfQ3d4mbH08pZ8j2NZsbia3vqt4LcWc5JK/QBysouZe9+rF4Ou
+cGhjMLzPngE7jj1b6L301apakD8UchZflzbWkvX12vZRk/MCIEITRPJp2x2H4s7
l7ZBiwrMvJJUOJaxcqSBqHOUrUOHLQQovSeZphhw+OKHMR8kxxN/e+TjvYXlRHKU
X0MPhAA1LEm2Gz4MrzQ4AXYHfauloBXPVc0Lt41/hTAB/oUnO0m1WscYC7fu/V0p
NLr6AaoQ1/SKlu3mqcmLzELTgwN9FBwkg9pBnNritC/CZp7bXAE0ZXtF04DoQDa+
-----END CERTIFICATE-----
Generated at Wed Aug 6 10:15:09 2025 by rpki-client