Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/3537691c-1a10-4699-a8a0-4cec50a35534.roa
File:                     3537691c-1a10-4699-a8a0-4cec50a35534.roa (raw, json)
Hash identifier:          nKpVJAWiRwtQjBWWybm61WYeKTVmx6+lqFzGOIw7pJE=
Subject key identifier:   FF:4F:4A:C9:6B:DB:4E:04:DE:2D:E6:CC:70:51:E8:2C:9F:B9:9F:D4
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       6A6EF318C4FA82B33F69824E423751595DD4D184
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/3537691c-1a10-4699-a8a0-4cec50a35534.roa
Signing time:             Fri 01 Aug 2025 00:50:08 +0000
ROA not before:           Fri 01 Aug 2025 00:50:08 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fa:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:6e:f3:18:c4:fa:82:b3:3f:69:82:4e:42:37:51:59:5d:d4:d1:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Aug  1 00:50:08 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=dc4ba7bd6742add7473cb046e3cd8c42a3b9baad5a3f995cc363c462e5503f10, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4a:70:85:55:3b:7b:a1:d7:9f:a7:1e:7c:a9:
                    d7:d2:47:f3:b1:3d:c6:39:cd:60:af:42:0d:47:59:
                    8a:5f:12:70:fd:2d:d0:4a:f2:9b:93:fb:bc:58:82:
                    7d:b7:51:2d:37:8c:cb:93:74:b5:87:44:02:b9:d6:
                    95:63:2e:5a:6c:b7:82:36:90:ad:08:91:c1:dc:95:
                    95:0b:62:54:1b:6a:99:71:a2:b0:62:65:bf:4b:31:
                    27:76:f8:0f:e1:e6:53:7a:44:0a:50:db:23:7c:88:
                    d8:c2:14:1c:7f:46:a7:b6:90:16:c1:0d:53:dd:12:
                    67:b3:5f:24:e2:fe:67:55:d6:a9:cd:a6:cb:4a:26:
                    e3:80:d5:f8:26:12:32:db:67:71:b8:07:5f:15:38:
                    3d:b3:61:47:1e:f8:ec:48:5b:f8:81:ac:9a:45:1d:
                    3d:0f:12:10:75:2e:9f:58:62:cd:31:35:89:c0:3c:
                    a3:39:78:5f:2e:94:39:ad:50:87:f9:d8:9d:5e:05:
                    de:36:16:58:92:75:b2:a0:f8:7a:c1:3d:fc:a1:65:
                    6d:dc:70:af:41:c9:e7:83:c4:4e:62:9a:fc:3a:04:
                    ba:33:2e:a8:b2:46:71:a0:46:04:ab:cf:56:b2:d4:
                    be:5a:90:54:53:24:12:71:89:59:50:be:b9:00:49:
                    33:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4F:4A:C9:6B:DB:4E:04:DE:2D:E6:CC:70:51:E8:2C:9F:B9:9F:D4
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/3537691c-1a10-4699-a8a0-4cec50a35534.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fa:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:54:70:67:29:27:9f:79:62:7d:0a:9a:43:bd:52:c3:21:20:
         2b:11:99:10:05:4f:a9:35:e9:1a:74:97:71:be:d4:1c:d0:2d:
         f6:e7:1e:b8:47:34:b9:11:9d:44:aa:2a:c1:9a:22:ed:a8:14:
         c7:14:f3:a8:26:d8:00:74:cc:22:c0:63:14:b7:66:91:b1:07:
         ab:ed:8b:4d:05:10:27:55:0b:91:b3:bc:5d:ee:a7:32:f3:fa:
         f7:45:84:fe:29:72:01:29:3b:a4:7d:f5:c4:45:27:a1:34:7b:
         43:2e:3f:3d:49:1f:22:72:ac:17:ff:90:ef:62:e9:08:01:ba:
         a9:cf:41:d4:61:37:c5:0c:aa:16:18:54:90:21:89:cb:93:a7:
         c9:6d:45:7a:cf:d7:fe:c7:4e:5e:a4:44:f0:ca:f4:32:ac:c8:
         be:40:a0:f9:2d:9b:ad:f9:47:1a:93:89:dc:48:98:01:56:70:
         8a:69:e8:19:c5:12:15:8e:e6:68:a3:03:fd:81:b8:e6:43:af:
         8d:87:8d:30:a5:c2:a0:ac:39:ec:82:44:e4:0d:b0:e3:23:dc:
         28:b5:db:02:03:59:8c:e9:62:83:57:fa:a8:06:d5:54:a2:a3:
         40:59:d5:f1:c3:cf:f1:81:7e:ef:f5:48:7b:3c:e4:2e:ed:20:
         56:e0:33:3d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUam7zGMT6grM/aYJOQjdRWV3U0YQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDgwMTAwNTAwOFoX
DTI1MDkwNTIzNTk1OVowejFJMEcGA1UEBRNAZGM0YmE3YmQ2NzQyYWRkNzQ3M2Ni
MDQ2ZTNjZDhjNDJhM2I5YmFhZDVhM2Y5OTVjYzM2M2M0NjJlNTUwM2YxMDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00pwhVU7e6HXn6cefKnX0kfzsT3G
Oc1gr0INR1mKXxJw/S3QSvKbk/u8WIJ9t1EtN4zLk3S1h0QCudaVYy5abLeCNpCt
CJHB3JWVC2JUG2qZcaKwYmW/SzEndvgP4eZTekQKUNsjfIjYwhQcf0antpAWwQ1T
3RJns18k4v5nVdapzabLSibjgNX4JhIy22dxuAdfFTg9s2FHHvjsSFv4gayaRR09
DxIQdS6fWGLNMTWJwDyjOXhfLpQ5rVCH+didXgXeNhZYknWyoPh6wT38oWVt3HCv
Qcnng8ROYpr8OgS6My6oskZxoEYEq89WstS+WpBUUyQScYlZUL65AEkzpQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFP9PSslr204E3i3mzHBR6CyfuZ/UMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzM1Mzc2OTFjLTFhMTAtNDY5OS1hOGEwLTRjZWM1MGEzNTUzNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+oAwDQYJKoZIhvcNAQELBQADggEBAI5UcGcpJ595Yn0KmkO9
UsMhICsRmRAFT6k16Rp0l3G+1BzQLfbnHrhHNLkRnUSqKsGaIu2oFMcU86gm2AB0
zCLAYxS3ZpGxB6vti00FECdVC5GzvF3upzLz+vdFhP4pcgEpO6R99cRFJ6E0e0Mu
Pz1JHyJyrBf/kO9i6QgBuqnPQdRhN8UMqhYYVJAhicuTp8ltRXrP1/7HTl6kRPDK
9DKsyL5AoPktm635RxqTidxImAFWcIpp6BnFEhWO5mijA/2BuOZDr42HjTClwqCs
OeyCROQNsOMj3Ci12wIDWYzpYoNX+qgG1VSio0BZ1fHDz/GBfu/1SHs85C7tIFbg
Mz0=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:44:25 2025 by rpki-client