Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/8c170584-7c9b-414b-8cba-a934a0a79bbe.roa
File:                     8c170584-7c9b-414b-8cba-a934a0a79bbe.roa (raw, json)
Hash identifier:          MpHMr+yOCUzQRFUKkTgd81TD/8QRLDFKm2v/LK5PTCg=
Subject key identifier:   B3:B2:17:38:2B:45:63:2B:4B:65:85:89:7F:8C:AE:19:8D:0E:E1:12
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       23C66C0F2DB3A4FAFB133A7D639C4BC5C85CF036
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/8c170584-7c9b-414b-8cba-a934a0a79bbe.roa
Signing time:             Wed 09 Jul 2025 00:00:06 +0000
ROA not before:           Wed 09 Jul 2025 00:00:06 +0000
ROA not after:            Wed 13 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2400:6500:4000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 00:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:c6:6c:0f:2d:b3:a4:fa:fb:13:3a:7d:63:9c:4b:c5:c8:5c:f0:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jul  9 00:00:06 2025 GMT
            Not After : Aug 13 23:59:59 2025 GMT
        Subject: serialNumber=63b7d35e1f35e245dbe22bd88783d142ad7f48e662828282a45a5d56120d40ba, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a3:7f:bc:e7:e8:91:88:da:b2:1b:60:79:e8:
                    0b:49:0a:e7:c3:8f:da:d1:75:5e:8a:7f:29:f0:5d:
                    dd:c5:91:8b:16:b2:f2:85:3a:48:98:e0:f7:ce:db:
                    e1:5b:b0:8b:74:1d:b5:91:fa:4a:84:c3:14:54:6a:
                    89:9d:51:e3:d4:76:0c:94:ce:1a:89:31:87:9a:67:
                    6a:4a:bd:79:0a:11:48:83:bb:0b:67:13:66:63:20:
                    64:e2:6b:4e:b3:5e:d6:9e:4e:12:48:74:04:28:9d:
                    2c:34:d6:d4:be:bf:e4:30:4d:7c:c8:02:d7:77:42:
                    9a:27:51:ed:51:ee:54:39:1e:de:bd:a0:52:80:55:
                    00:ef:c8:90:ff:80:ff:bd:64:f0:18:b8:e8:7b:9f:
                    1a:3f:cb:43:59:40:a9:b8:c7:4f:db:d3:8e:91:90:
                    91:52:31:db:37:04:61:ee:8d:ef:d2:31:e0:a5:99:
                    e5:0f:c1:2b:1c:17:11:ba:05:75:05:3f:93:12:b6:
                    1b:00:8a:70:f0:bb:5b:0f:0c:d3:7e:f9:e1:c0:9f:
                    cf:ee:c0:a6:38:0b:a7:0a:1b:08:6b:2b:0a:8e:bd:
                    49:ef:f7:a8:74:85:f9:c7:73:a1:99:e7:ee:59:2c:
                    91:01:0d:c9:67:8f:cc:b8:11:34:91:f0:1b:34:19:
                    89:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:B2:17:38:2B:45:63:2B:4B:65:85:89:7F:8C:AE:19:8D:0E:E1:12
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/8c170584-7c9b-414b-8cba-a934a0a79bbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:6500:4000::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:7a:8a:e6:04:4d:ea:af:4e:f9:6d:0c:76:6b:b2:86:6b:b1:
         75:ba:ab:85:50:5d:a5:05:c0:de:39:77:cf:14:f1:ae:6f:9a:
         2c:6b:3b:ae:30:14:2a:6e:ca:ee:84:a7:e8:72:55:e1:b0:50:
         34:9d:ba:33:2e:00:fa:19:6f:3f:1e:78:65:9a:f9:d3:56:14:
         1b:32:ed:44:5a:bc:82:e2:fc:b8:1a:63:38:d8:aa:cb:13:19:
         a4:4c:5e:53:5f:53:80:6c:a2:e3:e1:b7:67:d7:7c:71:7a:86:
         01:8e:a2:9a:e7:69:45:97:27:d7:10:72:51:20:a7:bf:e9:0d:
         63:fd:e0:e6:50:25:20:2a:b5:69:48:95:15:47:14:07:6c:8f:
         41:87:db:3e:cd:68:97:78:cc:0f:9d:58:7a:fb:de:01:46:e2:
         13:88:ff:02:a1:91:77:bd:01:4d:0e:32:51:7f:7f:cf:56:70:
         e1:34:ac:ce:6a:0e:c4:96:28:77:37:3f:0d:19:3d:5c:d2:d1:
         36:17:53:f0:16:cf:2f:0a:0c:b9:c8:b6:7d:63:02:d2:77:2a:
         af:6f:63:8d:64:36:df:32:83:bd:3b:47:fe:57:5c:92:15:b1:
         0d:e5:64:b1:7f:d8:dd:7e:83:75:72:a8:ad:de:b4:9c:6c:d1:
         fc:96:28:4c
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUI8ZsDy2zpPr7Ezp9Y5xLxchc8DYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDcwOTAwMDAwNloX
DTI1MDgxMzIzNTk1OVowejFJMEcGA1UEBRNANjNiN2QzNWUxZjM1ZTI0NWRiZTIy
YmQ4ODc4M2QxNDJhZDdmNDhlNjYyODI4MjgyYTQ1YTVkNTYxMjBkNDBiYTEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKN/vOfokYjashtgeegLSQrnw4/a
0XVein8p8F3dxZGLFrLyhTpImOD3ztvhW7CLdB21kfpKhMMUVGqJnVHj1HYMlM4a
iTGHmmdqSr15ChFIg7sLZxNmYyBk4mtOs17Wnk4SSHQEKJ0sNNbUvr/kME18yALX
d0KaJ1HtUe5UOR7evaBSgFUA78iQ/4D/vWTwGLjoe58aP8tDWUCpuMdP29OOkZCR
UjHbNwRh7o3v0jHgpZnlD8ErHBcRugV1BT+TErYbAIpw8LtbDwzTfvnhwJ/P7sCm
OAunChsIaysKjr1J7/eodIX5x3OhmefuWSyRAQ3JZ4/MuBE0kfAbNBmJ+QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLOyFzgrRWMrS2WFiX+MrhmNDuESMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzhjMTcwNTg0LTdjOWItNDE0Yi04Y2JhLWE5MzRhMGE3OWJiZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJABlAEAAMA0GCSqGSIb3DQEBCwUAA4IBAQA3eormBE3qr075bQx2
a7KGa7F1uquFUF2lBcDeOXfPFPGub5osazuuMBQqbsruhKfoclXhsFA0nbozLgD6
GW8/HnhlmvnTVhQbMu1EWryC4vy4GmM42KrLExmkTF5TX1OAbKLj4bdn13xxeoYB
jqKa52lFlyfXEHJRIKe/6Q1j/eDmUCUgKrVpSJUVRxQHbI9Bh9s+zWiXeMwPnVh6
+94BRuITiP8CoZF3vQFNDjJRf3/PVnDhNKzOag7Elih3Nz8NGT1c0tE2F1PwFs8v
Cgy5yLZ9YwLSdyqvb2ONZDbfMoO9O0f+V1ySFbEN5WSxf9jdfoN1cqit3rScbNH8
lihM
-----END CERTIFICATE-----
Generated at Mon Aug 4 16:08:08 2025 by rpki-client