Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/e32c9cbd-a241-4df6-99bb-e7d15abe4b3b.roa
File:                     e32c9cbd-a241-4df6-99bb-e7d15abe4b3b.roa (raw, json)
Hash identifier:          dClEonqXxXGeK3AlK7PwDwEIvV/bh31mEliYfQYbDzE=
Subject key identifier:   A1:C2:FF:B5:6A:5D:24:77:A8:68:7D:5C:7B:B7:39:8D:C5:8D:AF:A0
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       065574D7FD49000F793CDFF6F5D83B3916207AB3
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/e32c9cbd-a241-4df6-99bb-e7d15abe4b3b.roa
Signing time:             Sat 02 Aug 2025 00:00:01 +0000
ROA not before:           Sat 02 Aug 2025 00:00:01 +0000
ROA not after:            Sat 06 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        122.248.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 15:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:55:74:d7:fd:49:00:0f:79:3c:df:f6:f5:d8:3b:39:16:20:7a:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Aug  2 00:00:01 2025 GMT
            Not After : Sep  6 23:59:59 2025 GMT
        Subject: serialNumber=4609d7e236393e27107c68f3abede4009d0e542648e944b60ef70e58595d5ffe, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:65:54:cb:25:29:33:69:80:ab:a6:08:19:ca:
                    7e:bd:eb:b5:6b:f8:2b:ab:7b:97:13:53:84:a9:7b:
                    2f:1a:2c:00:fe:e5:61:a0:5c:89:9f:b2:3b:58:9e:
                    94:d5:e9:c0:0d:f7:34:ae:6b:2a:5d:b1:2e:1b:5b:
                    01:19:49:f2:e4:43:52:28:25:8f:7f:93:4f:26:d4:
                    9e:e4:48:34:6a:13:7c:91:9f:4d:c4:26:8b:49:c6:
                    fc:c4:f6:73:32:ca:4e:16:3c:0a:80:b7:ce:5d:4e:
                    d7:d7:86:bb:a6:8c:37:92:ba:ed:19:d6:fa:04:45:
                    b6:81:68:ee:56:90:1f:40:6c:2a:77:48:fa:0f:8c:
                    5e:16:78:5e:a7:d6:b8:bc:4d:29:e8:c0:43:d3:cc:
                    96:55:3e:bc:5c:0f:05:a7:04:31:30:04:b6:be:f2:
                    e6:4c:ad:09:d1:92:79:38:48:06:44:87:e3:ce:79:
                    bd:00:bf:71:d7:55:17:ef:b3:08:51:f7:f7:52:a0:
                    62:11:61:0e:7f:13:e3:87:23:5c:8c:4c:e3:28:98:
                    ca:5b:b0:ef:a9:c4:8b:01:9f:7b:8b:e2:15:b6:9b:
                    f0:58:c6:cc:aa:46:fe:67:c3:f2:ca:7d:0f:aa:9b:
                    79:c5:28:ed:a5:46:d2:58:9b:a7:1a:e9:42:6b:1c:
                    e5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C2:FF:B5:6A:5D:24:77:A8:68:7D:5C:7B:B7:39:8D:C5:8D:AF:A0
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/e32c9cbd-a241-4df6-99bb-e7d15abe4b3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.248.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b6:82:3c:d8:99:48:00:94:cf:00:73:7e:7e:3e:13:b1:d2:3f:
         ae:80:13:f2:47:50:27:e6:89:00:ff:b8:b2:43:aa:64:d3:6a:
         e8:bc:6f:43:4d:5c:2a:ff:2e:cd:72:14:18:b8:76:09:aa:06:
         3d:a7:30:39:73:81:06:0b:00:c6:ef:e0:18:65:0b:ef:03:46:
         94:d1:71:a4:9a:7e:3f:b2:69:28:b2:1d:45:10:52:2f:9d:cf:
         cc:ff:80:e2:4c:14:6d:7c:ee:b6:d8:de:2c:c0:88:9d:d5:d8:
         bb:a7:1f:ec:1a:42:e5:7f:e6:a9:c7:dd:97:a3:4b:e4:6b:0b:
         13:94:b1:37:3c:28:a8:0e:ac:d1:92:5b:b0:87:33:39:d2:76:
         23:a9:51:7d:e7:a3:57:ee:45:79:8a:c6:1b:4c:7b:81:10:90:
         ad:10:ed:ee:08:17:28:ba:24:22:9f:b9:4b:16:ef:0b:25:4b:
         5d:af:09:c1:36:3c:0f:b4:69:c8:dd:80:97:13:d2:20:7c:28:
         e5:3b:0a:e2:33:36:3c:49:9b:37:09:c3:19:df:0a:da:e7:49:
         46:52:fd:6d:f5:1b:d7:81:d4:d0:99:8b:f3:c7:dc:7c:0b:a3:
         d7:02:c2:e5:96:b9:bc:07:a1:42:91:30:fb:48:4f:4e:1a:51:
         eb:94:33:3c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUBlV01/1JAA95PN/29dg7ORYgerMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDgwMjAwMDAwMVoX
DTI1MDkwNjIzNTk1OVowejFJMEcGA1UEBRNANDYwOWQ3ZTIzNjM5M2UyNzEwN2M2
OGYzYWJlZGU0MDA5ZDBlNTQyNjQ4ZTk0NGI2MGVmNzBlNTg1OTVkNWZmZTEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mVUyyUpM2mAq6YIGcp+veu1a/gr
q3uXE1OEqXsvGiwA/uVhoFyJn7I7WJ6U1enADfc0rmsqXbEuG1sBGUny5ENSKCWP
f5NPJtSe5Eg0ahN8kZ9NxCaLScb8xPZzMspOFjwKgLfOXU7X14a7pow3krrtGdb6
BEW2gWjuVpAfQGwqd0j6D4xeFnhep9a4vE0p6MBD08yWVT68XA8FpwQxMAS2vvLm
TK0J0ZJ5OEgGRIfjznm9AL9x11UX77MIUff3UqBiEWEOfxPjhyNcjEzjKJjKW7Dv
qcSLAZ97i+IVtpvwWMbMqkb+Z8Pyyn0Pqpt5xSjtpUbSWJunGulCaxzlNwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKHC/7VqXSR3qGh9XHu3OY3Fja+gMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2UzMmM5Y2JkLWEyNDEtNGRmNi05OWJiLWU3ZDE1YWJlNGIzYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDevjoMA0GCSqGSIb3DQEBCwUAA4IBAQC2gjzYmUgAlM8Ac35+PhOx
0j+ugBPyR1An5okA/7iyQ6pk02rovG9DTVwq/y7NchQYuHYJqgY9pzA5c4EGCwDG
7+AYZQvvA0aU0XGkmn4/smkosh1FEFIvnc/M/4DiTBRtfO622N4swIid1di7px/s
GkLlf+apx92Xo0vkawsTlLE3PCioDqzRkluwhzM50nYjqVF956NX7kV5isYbTHuB
EJCtEO3uCBcouiQin7lLFu8LJUtdrwnBNjwPtGnI3YCXE9IgfCjlOwriMzY8SZs3
CcMZ3wra50lGUv1t9RvXgdTQmYvzx9x8C6PXAsLllrm8B6FCkTD7SE9OGlHrlDM8
-----END CERTIFICATE-----
Generated at Mon Aug 4 19:04:23 2025 by rpki-client