Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/22d6913e-5f3d-4f99-9a60-48579f471838.roa
File:                     22d6913e-5f3d-4f99-9a60-48579f471838.roa (raw, json)
Hash identifier:          HJIWOyYe38lELu3rJl66xPnUxv4UykP49+nbKbbeZnk=
Subject key identifier:   C4:A0:BF:13:63:43:80:FE:AB:90:D2:19:8F:E7:15:51:C7:20:26:3E
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       4E4966A2206E3F8526C22E62DE422AE8DE30D564
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/22d6913e-5f3d-4f99-9a60-48579f471838.roa
Signing time:             Wed 09 Jul 2025 00:00:07 +0000
ROA not before:           Wed 09 Jul 2025 00:00:07 +0000
ROA not after:            Wed 13 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2400:6500:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 00:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:49:66:a2:20:6e:3f:85:26:c2:2e:62:de:42:2a:e8:de:30:d5:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jul  9 00:00:07 2025 GMT
            Not After : Aug 13 23:59:59 2025 GMT
        Subject: serialNumber=be63096f28300412b83b85681f9e6851c0746d0997222946496dc60216e014ba, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:47:1c:02:2d:94:e6:42:18:fc:84:52:f8:47:
                    73:50:fa:27:66:53:d2:3e:52:ca:ca:81:ef:1f:2c:
                    60:b9:df:b0:b3:9b:62:d5:ec:a3:f3:8f:65:c7:2d:
                    89:73:21:3d:95:fc:0b:52:5e:d2:9c:f3:5a:a7:dc:
                    a3:e9:83:2e:30:fb:fa:b9:c9:69:57:7c:95:7e:9d:
                    47:07:20:5a:17:c7:3b:74:96:f1:57:2f:30:bf:74:
                    ba:57:e1:42:a4:77:8f:7d:d5:50:16:6c:79:00:d1:
                    28:d0:16:f3:95:c9:ba:58:db:13:31:84:a0:d1:0f:
                    2a:1b:0f:0c:3d:9d:04:2b:e0:af:e8:78:c8:52:82:
                    81:7c:b4:5e:d1:44:d2:51:e1:79:c0:81:57:88:b4:
                    93:56:4a:04:86:de:8e:59:4d:9a:20:8a:bd:bd:00:
                    d3:7c:16:06:ca:03:bb:a2:50:62:65:18:6c:9d:08:
                    c0:30:d0:b8:0b:6e:f0:d1:35:d8:4c:ef:b5:56:3c:
                    7d:19:d9:26:3a:5c:08:6f:ad:cb:4c:f1:97:99:1b:
                    89:89:3d:21:6e:ae:6d:0d:4c:b1:aa:de:cd:2c:10:
                    c6:2d:74:f3:81:15:7b:8f:99:8d:e6:cd:e4:16:dd:
                    c6:be:75:89:9f:59:89:be:65:06:d0:e8:18:09:ab:
                    76:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A0:BF:13:63:43:80:FE:AB:90:D2:19:8F:E7:15:51:C7:20:26:3E
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/22d6913e-5f3d-4f99-9a60-48579f471838.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:6500:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         ab:86:a3:8a:31:2c:11:fb:8c:40:d5:42:4f:31:de:a2:53:cf:
         40:92:0d:da:02:3e:4e:8d:61:51:97:2c:8d:80:3d:26:f0:ad:
         da:af:ca:9c:db:26:e1:a0:74:09:b5:8f:03:27:0f:8b:38:22:
         88:88:ae:eb:62:68:9e:52:2f:bc:0b:17:5b:83:83:d0:6f:83:
         2c:35:be:d5:61:27:0c:1d:79:8a:00:e0:88:3c:9d:f5:ae:78:
         c7:8a:87:db:1b:14:24:2d:dc:7c:65:02:34:9a:57:59:4c:9b:
         f3:21:e2:7f:01:e6:ad:12:6f:c1:7a:22:1c:c3:3b:db:4e:5d:
         4b:6f:a7:e9:fe:e9:c3:02:83:9c:fc:60:66:8e:8d:b6:95:6a:
         9a:d1:f9:02:6d:80:25:ae:ef:17:73:68:1b:a7:fd:4d:6d:50:
         27:9b:36:a1:e1:8d:b8:c3:2c:28:ec:94:36:ca:58:c0:bb:d0:
         34:64:b1:a2:91:83:65:99:01:ff:8d:b8:cd:d8:ea:62:3e:14:
         84:0d:7c:a5:db:c8:d8:31:71:36:05:b9:51:05:38:b0:34:bf:
         d2:bf:18:69:15:c0:e1:3b:fb:5f:f1:cf:79:93:2e:18:00:14:
         04:a9:68:33:9d:43:6e:9d:4c:36:8a:33:20:99:f3:bc:a6:62:
         13:fe:cc:38
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTklmoiBuP4Umwi5i3kIq6N4w1WQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDcwOTAwMDAwN1oX
DTI1MDgxMzIzNTk1OVowejFJMEcGA1UEBRNAYmU2MzA5NmYyODMwMDQxMmI4M2I4
NTY4MWY5ZTY4NTFjMDc0NmQwOTk3MjIyOTQ2NDk2ZGM2MDIxNmUwMTRiYTEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0ccAi2U5kIY/IRS+EdzUPonZlPS
PlLKyoHvHyxgud+ws5ti1eyj849lxy2JcyE9lfwLUl7SnPNap9yj6YMuMPv6uclp
V3yVfp1HByBaF8c7dJbxVy8wv3S6V+FCpHePfdVQFmx5ANEo0Bbzlcm6WNsTMYSg
0Q8qGw8MPZ0EK+Cv6HjIUoKBfLRe0UTSUeF5wIFXiLSTVkoEht6OWU2aIIq9vQDT
fBYGygO7olBiZRhsnQjAMNC4C27w0TXYTO+1Vjx9GdkmOlwIb63LTPGXmRuJiT0h
bq5tDUyxqt7NLBDGLXTzgRV7j5mN5s3kFt3GvnWJn1mJvmUG0OgYCat2iwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMSgvxNjQ4D+q5DSGY/nFVHHICY+MB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzIyZDY5MTNlLTVmM2QtNGY5OS05YTYwLTQ4NTc5ZjQ3MTgzOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJABlACAwDQYJKoZIhvcNAQELBQADggEBAKuGo4oxLBH7jEDVQk8x
3qJTz0CSDdoCPk6NYVGXLI2APSbwrdqvypzbJuGgdAm1jwMnD4s4IoiIrutiaJ5S
L7wLF1uDg9Bvgyw1vtVhJwwdeYoA4Ig8nfWueMeKh9sbFCQt3HxlAjSaV1lMm/Mh
4n8B5q0Sb8F6IhzDO9tOXUtvp+n+6cMCg5z8YGaOjbaVaprR+QJtgCWu7xdzaBun
/U1tUCebNqHhjbjDLCjslDbKWMC70DRksaKRg2WZAf+NuM3Y6mI+FIQNfKXbyNgx
cTYFuVEFOLA0v9K/GGkVwOE7+1/xz3mTLhgAFASpaDOdQ26dTDaKMyCZ87ymYhP+
zDg=
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:26:50 2025 by rpki-client