Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/9e37f855-48bf-420a-a86c-5eeb4fc1f790.roa
File:                     9e37f855-48bf-420a-a86c-5eeb4fc1f790.roa (raw, json)
Hash identifier:          89Q54azxDN3ASeR/6p4+Ave3WHYO3C21Hbmap/CklK4=
Subject key identifier:   FB:D9:97:A3:BD:86:88:73:C7:23:B0:79:0F:1C:25:67:10:D6:F9:36
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       7CD1F3B3F79C5F0972C09C695D830D8E783C8EED
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/9e37f855-48bf-420a-a86c-5eeb4fc1f790.roa
Signing time:             Sat 02 Aug 2025 00:00:08 +0000
ROA not before:           Sat 02 Aug 2025 00:00:08 +0000
ROA not after:            Sat 06 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 00:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:d1:f3:b3:f7:9c:5f:09:72:c0:9c:69:5d:83:0d:8e:78:3c:8e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Aug  2 00:00:08 2025 GMT
            Not After : Sep  6 23:59:59 2025 GMT
        Subject: serialNumber=f547c6a60284fceeb0b68e8275abd78a1b2a5cf448f759d05780952a7379140f, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f0:0b:16:91:8f:36:ce:bf:f0:79:99:8c:0b:
                    82:fa:b2:3d:60:1c:34:85:65:6d:d7:60:06:86:05:
                    25:0a:9f:91:aa:ea:39:ed:27:4a:ba:24:6c:96:7d:
                    d7:7a:eb:81:47:41:a5:55:8a:a2:3b:45:6f:3e:60:
                    2f:e4:c5:12:0f:fe:c5:87:6b:f1:3f:7c:bf:06:17:
                    7d:cf:35:a1:ca:21:32:5e:af:1c:aa:d1:6b:8f:aa:
                    19:c3:16:a3:ab:ec:26:4e:39:ce:ad:61:04:3f:cd:
                    0c:38:de:7c:68:3b:90:be:ce:33:fd:12:cc:44:1f:
                    57:f5:a4:af:5a:10:9a:02:f3:2a:a0:df:e6:47:74:
                    1f:0b:74:ed:a0:d3:17:ef:97:e2:43:b0:28:c0:55:
                    1e:44:39:93:4c:49:d1:e3:7b:15:83:dd:92:87:c5:
                    e1:37:14:46:17:6a:53:4b:33:42:ac:4d:5d:6a:ee:
                    47:0b:ac:5b:6f:ea:b1:e2:ea:7b:1d:b3:07:23:9c:
                    d0:e3:bf:c9:f2:a0:5f:55:41:54:0c:f7:65:a2:ac:
                    26:65:44:4a:92:f7:78:e0:36:48:3e:8b:fb:37:cf:
                    53:0c:51:ba:01:5e:ee:1f:a3:58:ff:bb:ca:89:ac:
                    b7:10:ee:3a:cd:e6:b4:98:65:34:d7:33:1c:32:31:
                    36:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D9:97:A3:BD:86:88:73:C7:23:B0:79:0F:1C:25:67:10:D6:F9:36
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/9e37f855-48bf-420a-a86c-5eeb4fc1f790.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         e3:7c:d1:0e:e2:86:1b:17:2d:9e:18:a3:8e:f8:ef:cd:e4:3c:
         ff:70:41:75:02:79:46:db:cd:8d:c4:8a:60:30:20:f6:da:89:
         e8:02:a1:ea:9d:12:2f:a9:90:a7:46:63:df:1d:ea:77:28:f2:
         ac:37:80:db:44:0e:97:ae:cd:57:36:81:0b:4b:ba:1a:65:3b:
         29:ee:29:c7:8f:23:3d:d8:23:96:aa:c3:0a:d2:d0:9d:d7:85:
         ba:05:41:32:0a:2d:b0:4d:29:ec:3c:84:c7:27:bf:6f:a0:87:
         20:ca:75:ac:4c:cf:fa:a4:0f:fc:33:11:5f:82:ee:2e:56:88:
         ea:11:84:fd:5f:4e:3a:90:de:f5:d4:ff:90:f2:cf:2a:51:bf:
         f8:be:f5:2f:df:b4:a6:4d:69:8e:7e:84:60:6b:07:f0:11:87:
         87:33:e0:d5:64:fa:03:55:31:ad:15:7b:f5:8e:df:ad:b5:2b:
         f1:29:ab:b7:b3:da:aa:1c:27:08:69:09:dc:84:dc:24:d9:d7:
         c7:02:1c:25:83:d1:74:5b:a8:21:0d:93:5d:88:1c:3a:d1:82:
         27:4b:36:be:dd:8d:93:f9:e2:91:7d:58:3d:f9:a7:f8:f6:22:
         de:53:0a:80:06:55:b9:2e:4e:d7:aa:66:41:06:b4:22:89:f2:
         f1:48:06:93
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUfNHzs/ecXwlywJxpXYMNjng8ju0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDgwMjAwMDAwOFoX
DTI1MDkwNjIzNTk1OVowejFJMEcGA1UEBRNAZjU0N2M2YTYwMjg0ZmNlZWIwYjY4
ZTgyNzVhYmQ3OGExYjJhNWNmNDQ4Zjc1OWQwNTc4MDk1MmE3Mzc5MTQwZjEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPALFpGPNs6/8HmZjAuC+rI9YBw0
hWVt12AGhgUlCp+Rquo57SdKuiRsln3XeuuBR0GlVYqiO0VvPmAv5MUSD/7Fh2vx
P3y/Bhd9zzWhyiEyXq8cqtFrj6oZwxajq+wmTjnOrWEEP80MON58aDuQvs4z/RLM
RB9X9aSvWhCaAvMqoN/mR3QfC3TtoNMX75fiQ7AowFUeRDmTTEnR43sVg92Sh8Xh
NxRGF2pTSzNCrE1dau5HC6xbb+qx4up7HbMHI5zQ47/J8qBfVUFUDPdloqwmZURK
kvd44DZIPov7N89TDFG6AV7uH6NY/7vKiay3EO46zea0mGU01zMcMjE2rwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPvZl6O9hohzxyOweQ8cJWcQ1vk2MB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzllMzdmODU1LTQ4YmYtNDIwYS1hODZjLTVlZWI0ZmMxZjc5MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQGrymAMA0GCSqGSIb3DQEBCwUAA4IBAQDjfNEO4oYbFy2eGKOO+O/N
5Dz/cEF1AnlG282NxIpgMCD22onoAqHqnRIvqZCnRmPfHep3KPKsN4DbRA6Xrs1X
NoELS7oaZTsp7inHjyM92COWqsMK0tCd14W6BUEyCi2wTSnsPITHJ79voIcgynWs
TM/6pA/8MxFfgu4uVojqEYT9X046kN711P+Q8s8qUb/4vvUv37SmTWmOfoRgawfw
EYeHM+DVZPoDVTGtFXv1jt+ttSvxKau3s9qqHCcIaQnchNwk2dfHAhwlg9F0W6gh
DZNdiBw60YInSza+3Y2T+eKRfVg9+af49iLeUwqABlW5Lk7XqmZBBrQiifLxSAaT
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:07:39 2025 by rpki-client