Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/29fe4454-f7a8-42fd-8c35-77a6d6f8e60f.roa
File:                     29fe4454-f7a8-42fd-8c35-77a6d6f8e60f.roa (raw, json)
Hash identifier:          UNlvXbSji4/gailLnynhzidmgreteP5YRcXHXIOJ03A=
Subject key identifier:   56:FA:8E:99:FC:6A:2E:4D:95:8E:2B:6D:86:2E:10:D4:73:F8:BB:BA
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       2C71D1E1EE3CE0520AC6120BF08F7F0CA7C0F60E
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/29fe4454-f7a8-42fd-8c35-77a6d6f8e60f.roa
Signing time:             Sat 14 Jun 2025 00:00:13 +0000
ROA not before:           Sat 14 Jun 2025 00:00:13 +0000
ROA not after:            Sat 19 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8018:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 18 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:71:d1:e1:ee:3c:e0:52:0a:c6:12:0b:f0:8f:7f:0c:a7:c0:f6:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jun 14 00:00:13 2025 GMT
            Not After : Jul 19 23:59:59 2025 GMT
        Subject: serialNumber=90267f64f8af03a43bf0571d7b1250fc55df2e5e418e00c782a9d2c6e4fcc200, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:de:dc:69:22:4c:ab:ed:93:f1:dd:81:3b:a4:
                    7d:a8:8a:21:b8:32:1f:0a:01:04:0d:56:a4:86:50:
                    cd:67:20:3f:d0:41:4c:95:87:4c:4c:20:88:ed:27:
                    48:3a:83:40:9b:e0:9a:a6:a1:33:6f:25:d8:45:9b:
                    78:fe:24:71:90:23:92:00:dd:dc:44:ad:4a:15:30:
                    03:c6:e2:99:08:24:ad:37:34:43:5e:2d:c2:95:ce:
                    ee:b1:f5:b4:93:f6:31:6e:2f:70:20:09:d1:73:a5:
                    68:c3:9b:7f:71:28:b4:8b:d9:8d:2d:c0:e7:e7:61:
                    10:85:45:d5:70:6f:6b:06:b2:56:e3:91:c4:8b:df:
                    ad:72:77:f0:b8:29:3a:79:8a:44:e3:4a:f1:ee:02:
                    1e:c7:ac:e1:d1:e1:05:fb:1e:f5:7d:93:84:78:9e:
                    89:cb:72:67:c9:a0:a7:ef:8b:43:07:55:e8:21:73:
                    1e:58:4f:71:14:3d:a9:7f:7e:cf:53:ad:1c:99:67:
                    37:f0:48:ab:0c:82:4c:d2:06:8f:4d:fc:f4:c0:32:
                    fd:00:fd:b2:bb:b7:8f:44:05:ca:44:e7:4d:31:50:
                    d8:ab:1b:38:40:97:41:f0:61:c0:c0:80:7c:23:39:
                    39:99:62:c2:68:55:eb:ec:08:94:3a:9e:cb:91:08:
                    c3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:FA:8E:99:FC:6A:2E:4D:95:8E:2B:6D:86:2E:10:D4:73:F8:BB:BA
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/29fe4454-f7a8-42fd-8c35-77a6d6f8e60f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8018:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         83:a9:00:bb:62:04:38:c7:d5:da:b7:c2:30:6b:92:ad:73:27:
         e9:81:df:8a:1a:5e:75:9e:01:6a:b4:2c:52:6e:ab:79:4e:bf:
         04:24:20:28:06:83:1e:cd:56:23:c8:50:5e:7e:f2:ef:4b:b4:
         e4:84:ac:70:1e:0e:63:60:cd:b5:1a:72:15:23:79:0a:2e:4e:
         41:c1:20:29:98:b0:d3:34:f9:63:5c:4d:67:73:21:92:af:da:
         2d:ad:13:ba:64:7f:4a:a9:36:89:df:86:9b:b2:61:00:79:ca:
         04:c9:c4:b4:dc:39:a6:c0:b1:0a:bb:7e:e3:9a:db:fc:66:93:
         ba:32:43:fd:3a:45:b1:c6:d1:a6:d5:17:4a:7d:b6:69:0c:12:
         8d:10:09:9a:04:7b:24:28:81:3c:3f:fc:be:f2:21:4e:35:43:
         b4:0f:bc:55:bc:72:0e:98:89:6b:4a:18:6b:00:81:53:03:4a:
         0c:75:6b:bf:d5:2b:5f:71:e4:09:85:fe:58:79:ed:51:87:62:
         3b:69:04:fb:0f:fe:c9:8b:21:b8:2d:4f:c8:00:be:08:2a:1c:
         71:73:c9:20:39:06:6c:f3:e5:9a:1f:a6:55:c8:ee:4b:ba:19:
         5b:2a:8b:c1:3a:6c:25:22:3b:10:8a:c5:c2:24:9a:bb:93:f0:
         53:6d:97:88
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULHHR4e484FIKxhIL8I9/DKfA9g4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDYxNDAwMDAxM1oX
DTI1MDcxOTIzNTk1OVowejFJMEcGA1UEBRNAOTAyNjdmNjRmOGFmMDNhNDNiZjA1
NzFkN2IxMjUwZmM1NWRmMmU1ZTQxOGUwMGM3ODJhOWQyYzZlNGZjYzIwMDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2t7caSJMq+2T8d2BO6R9qIohuDIf
CgEEDVakhlDNZyA/0EFMlYdMTCCI7SdIOoNAm+CapqEzbyXYRZt4/iRxkCOSAN3c
RK1KFTADxuKZCCStNzRDXi3Clc7usfW0k/Yxbi9wIAnRc6Vow5t/cSi0i9mNLcDn
52EQhUXVcG9rBrJW45HEi9+tcnfwuCk6eYpE40rx7gIex6zh0eEF+x71fZOEeJ6J
y3JnyaCn74tDB1XoIXMeWE9xFD2pf37PU60cmWc38EirDIJM0gaPTfz0wDL9AP2y
u7ePRAXKROdNMVDYqxs4QJdB8GHAwIB8Izk5mWLCaFXr7AiUOp7LkQjDWwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFb6jpn8ai5NlY4rbYYuENRz+Lu6MB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzI5ZmU0NDU0LWY3YTgtNDJmZC04YzM1LTc3YTZkNmY4ZTYwZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJA+AGAwwDQYJKoZIhvcNAQELBQADggEBAIOpALtiBDjH1dq3wjBr
kq1zJ+mB34oaXnWeAWq0LFJuq3lOvwQkICgGgx7NViPIUF5+8u9LtOSErHAeDmNg
zbUachUjeQouTkHBICmYsNM0+WNcTWdzIZKv2i2tE7pkf0qpNonfhpuyYQB5ygTJ
xLTcOabAsQq7fuOa2/xmk7oyQ/06RbHG0abVF0p9tmkMEo0QCZoEeyQogTw//L7y
IU41Q7QPvFW8cg6YiWtKGGsAgVMDSgx1a7/VK19x5AmF/lh57VGHYjtpBPsP/smL
IbgtT8gAvggqHHFzySA5Bmzz5ZofplXI7ku6GVsqi8E6bCUiOxCKxcIkmruT8FNt
l4g=
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:56:05 2025 by rpki-client