Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cba22a5-dc61-4413-aed2-8fb4cc8e3a49.roa
File:                     7cba22a5-dc61-4413-aed2-8fb4cc8e3a49.roa (raw, json)
Hash identifier:          d/GvIs95HKxgd5MYMY8S3fcCsbmaZnv0V7yIaUg/0Dc=
Subject key identifier:   2D:80:34:C5:AD:DE:1E:6E:69:06:F9:EC:49:68:1A:69:7B:AD:13:8F
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       27642A368ACEE05EB421051505D52684C9B7A182
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cba22a5-dc61-4413-aed2-8fb4cc8e3a49.roa
Signing time:             Sat 14 Jun 2025 00:00:05 +0000
ROA not before:           Sat 14 Jun 2025 00:00:05 +0000
ROA not after:            Sat 19 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80ff:8000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 18 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:64:2a:36:8a:ce:e0:5e:b4:21:05:15:05:d5:26:84:c9:b7:a1:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jun 14 00:00:05 2025 GMT
            Not After : Jul 19 23:59:59 2025 GMT
        Subject: serialNumber=87ddc10c2c007e9f3c17aa4f31daab589b8ca40911cca157d5469bd449c7be13, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:92:6c:c5:14:e6:9c:f5:ea:d8:dd:b0:97:d0:
                    a2:d8:e8:70:4d:95:20:76:36:ca:d6:26:71:37:6b:
                    15:2a:02:12:59:6a:18:15:20:97:cc:f1:c4:b0:95:
                    99:2a:8a:ef:56:21:e2:fd:d6:c0:fc:d5:48:2b:6d:
                    a5:32:29:0b:c9:cf:f6:72:8c:54:8a:0b:1c:00:79:
                    f5:0d:6b:51:97:bd:bb:4a:f8:cb:1b:3a:d9:c4:e5:
                    ad:9b:4b:40:a0:44:05:0c:fd:fc:0e:97:ae:40:4e:
                    d7:22:32:20:53:c0:ee:a2:44:5c:a9:55:79:62:91:
                    9b:d5:f5:ff:7b:4a:92:9e:4d:49:3f:15:63:02:37:
                    77:37:4a:fd:9a:96:bd:55:0d:db:30:83:ea:e6:44:
                    94:3e:68:28:7c:99:bc:80:b4:cc:b5:40:bb:49:82:
                    68:41:1a:1e:da:d2:0d:c8:af:be:85:ae:dd:99:45:
                    2e:3c:6e:07:af:80:71:02:b6:37:22:ee:57:5a:67:
                    b9:24:8a:e5:eb:f3:da:2d:28:dd:75:5c:13:31:0d:
                    bb:76:71:17:5a:61:a7:d1:cd:12:10:da:11:7d:20:
                    6e:71:24:2d:4f:0a:db:aa:af:59:91:44:f6:d4:14:
                    61:bb:06:39:f3:5f:f1:04:53:ad:65:23:75:83:57:
                    32:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:80:34:C5:AD:DE:1E:6E:69:06:F9:EC:49:68:1A:69:7B:AD:13:8F
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cba22a5-dc61-4413-aed2-8fb4cc8e3a49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80ff:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:cd:87:1d:a3:e7:6e:b8:f2:4a:43:2c:f6:7a:28:a7:76:93:
         0e:2a:3b:61:26:60:f8:45:ba:ce:e4:c1:b4:08:1b:c6:8f:a4:
         d6:f7:98:33:ff:52:06:f0:a2:a7:3b:78:c6:61:b1:21:fd:81:
         24:98:be:2c:2b:b8:2e:f3:38:15:6e:7d:26:27:86:dc:8c:8a:
         94:3f:75:90:80:84:08:2e:3e:a6:10:70:64:25:7a:06:cf:ef:
         c9:95:d7:d3:22:56:ba:8c:67:0d:41:fc:76:1a:63:d3:38:50:
         df:a5:f6:65:88:c2:2a:90:a8:81:e3:35:e4:08:26:38:69:63:
         ff:ff:0e:07:15:a6:58:ec:08:10:3e:98:94:67:43:0d:d8:4d:
         9e:ca:e5:96:58:7f:be:71:73:80:68:ba:84:7c:3b:3d:cd:d9:
         8f:43:d1:d1:55:46:53:4d:ee:a4:d4:41:4b:30:32:ac:e7:df:
         40:05:4f:1a:69:76:88:7f:49:49:78:31:89:3a:a8:b7:49:10:
         34:53:57:7e:2f:07:29:3c:45:02:f1:95:15:67:8a:84:3a:c8:
         0e:9d:2f:8c:8c:40:00:fa:6d:f4:1b:73:9d:23:39:3f:c3:17:
         b3:fd:51:e0:a0:a2:84:90:e6:9e:24:a3:d2:55:ec:17:c9:7d:
         c3:32:bb:c6
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUJ2QqNorO4F60IQUVBdUmhMm3oYIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDYxNDAwMDAwNVoX
DTI1MDcxOTIzNTk1OVowejFJMEcGA1UEBRNAODdkZGMxMGMyYzAwN2U5ZjNjMTdh
YTRmMzFkYWFiNTg5YjhjYTQwOTExY2NhMTU3ZDU0NjliZDQ0OWM3YmUxMzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspJsxRTmnPXq2N2wl9Ci2OhwTZUg
djbK1iZxN2sVKgISWWoYFSCXzPHEsJWZKorvViHi/dbA/NVIK22lMikLyc/2coxU
igscAHn1DWtRl727SvjLGzrZxOWtm0tAoEQFDP38DpeuQE7XIjIgU8DuokRcqVV5
YpGb1fX/e0qSnk1JPxVjAjd3N0r9mpa9VQ3bMIPq5kSUPmgofJm8gLTMtUC7SYJo
QRoe2tINyK++ha7dmUUuPG4Hr4BxArY3Iu5XWme5JIrl6/PaLSjddVwTMQ27dnEX
WmGn0c0SENoRfSBucSQtTwrbqq9ZkUT21BRhuwY581/xBFOtZSN1g1cyYQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFC2ANMWt3h5uaQb57EloGml7rROPMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzdjYmEyMmE1LWRjNjEtNDQxMy1hZWQyLThmYjRjYzhlM2E0OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/4AwDQYJKoZIhvcNAQELBQADggEBABXNhx2j52648kpDLPZ6
KKd2kw4qO2EmYPhFus7kwbQIG8aPpNb3mDP/Ugbwoqc7eMZhsSH9gSSYviwruC7z
OBVufSYnhtyMipQ/dZCAhAguPqYQcGQlegbP78mV19MiVrqMZw1B/HYaY9M4UN+l
9mWIwiqQqIHjNeQIJjhpY///DgcVpljsCBA+mJRnQw3YTZ7K5ZZYf75xc4BouoR8
Oz3N2Y9D0dFVRlNN7qTUQUswMqzn30AFTxppdoh/SUl4MYk6qLdJEDRTV34vByk8
RQLxlRVnioQ6yA6dL4yMQAD6bfQbc50jOT/DF7P9UeCgooSQ5p4ko9JV7BfJfcMy
u8Y=
-----END CERTIFICATE-----
Generated at Sat Jun 14 23:17:39 2025 by rpki-client