Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa
File:                     ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa (raw, json)
Hash identifier:          IanbMIoNWuKJktyIAASDRM313mfWasURt0z0kBVLvSQ=
Subject key identifier:   D7:19:8C:D6:42:20:AD:45:CA:EA:2C:5C:F3:07:4D:33:E8:A1:F8:CF
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       132B806273444EF5889A33E935B89D42FA4F3730
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa
Signing time:             Mon 04 Aug 2025 15:00:34 +0000
ROA not before:           Mon 04 Aug 2025 15:00:34 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80ff:8020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:2b:80:62:73:44:4e:f5:88:9a:33:e9:35:b8:9d:42:fa:4f:37:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Aug  4 15:00:34 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=ea54897719cb1cefd3bf9b7146de96d2e32d646ec7066f1d545fd42f4d5f7d32, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f6:8f:02:81:23:c4:cf:5a:8a:c8:34:b6:9f:
                    98:df:cb:a5:d5:60:6b:16:aa:c4:4c:df:6a:6a:49:
                    d2:86:43:03:3c:0d:3c:ca:2f:7c:64:7c:58:87:f1:
                    83:3d:05:da:0d:75:1c:7c:4f:74:73:3d:c3:49:a2:
                    02:cf:cf:cd:5e:e9:09:30:44:4e:3a:02:24:cc:2e:
                    45:c5:6f:64:4a:f6:7a:d6:54:7d:b7:87:c5:b6:71:
                    ec:ca:af:c4:a6:5f:d0:ca:51:b2:4a:a8:15:71:4f:
                    d9:32:7d:24:42:26:cb:3b:2d:25:00:10:3a:f0:b4:
                    ce:01:f3:b3:85:aa:2b:3c:9b:0a:a4:4f:db:e2:a3:
                    07:0c:23:a9:32:36:ec:05:0e:ca:44:c8:21:e0:e2:
                    f5:e6:e0:ba:db:9c:1c:37:1a:9f:64:2e:28:1c:1a:
                    a8:27:21:ab:7a:55:52:10:0a:13:eb:7d:8e:30:f6:
                    d4:32:52:3d:a3:72:70:84:38:bf:36:4b:cf:3c:98:
                    97:f4:c0:88:99:08:a7:fa:2a:0c:4f:90:7c:ef:42:
                    bc:58:04:cd:2d:08:e6:81:d0:5e:b9:0d:ee:17:1b:
                    a0:b1:53:1c:ca:6e:f8:45:bb:09:19:bc:ef:d9:6b:
                    16:9f:73:60:dc:9f:56:6d:fd:8d:8a:1c:8b:2d:a4:
                    0c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:19:8C:D6:42:20:AD:45:CA:EA:2C:5C:F3:07:4D:33:E8:A1:F8:CF
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/ab4ad185-2bfb-4281-9e23-00a2ab4b6e8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80ff:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:7b:49:2c:2c:e4:72:2b:ee:b5:36:3c:ac:11:9f:b6:ab:bc:
         0d:e2:cc:9c:61:ad:4e:91:d6:0a:77:cf:e3:07:fe:7a:38:80:
         9d:2f:78:ea:f6:be:04:ca:c0:96:4f:57:c2:91:62:4e:f9:6b:
         83:14:55:7f:0f:e9:bb:6d:fb:e7:ea:03:0a:af:3c:0d:9e:02:
         b9:ed:6b:9f:56:29:12:3a:01:a7:fb:f8:95:9b:bb:2d:fe:e7:
         2a:35:16:d6:71:56:17:4c:cb:bb:cd:95:7e:3b:d6:ac:75:07:
         25:cc:b2:08:de:dd:be:68:9c:b8:bc:a8:18:22:d2:5b:d0:f7:
         41:0c:d9:92:77:73:df:42:20:d7:56:16:c4:f3:7a:36:c5:1e:
         6a:63:a2:38:ca:ed:50:a3:3e:e8:d8:36:f9:c2:53:76:b8:c9:
         47:0c:f9:d9:7c:ab:c9:24:a2:a2:a0:e4:5b:0e:a4:cd:23:39:
         df:b7:73:a5:97:26:84:ec:56:0b:97:a0:06:e2:5a:ae:54:4a:
         6e:f9:7e:ca:c0:d6:bb:3c:05:f8:9e:4f:35:60:6a:03:8c:9d:
         c4:3b:54:50:4b:6f:17:c7:f8:c6:25:88:30:98:4d:32:a5:57:
         fd:96:72:20:f7:a7:04:55:73:28:e5:84:d7:6a:2d:d7:75:e7:
         31:96:19:ce
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUEyuAYnNETvWImjPpNbidQvpPNzAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDgwNDE1MDAzNFoX
DTI1MDkwODIzNTk1OVowejFJMEcGA1UEBRNAZWE1NDg5NzcxOWNiMWNlZmQzYmY5
YjcxNDZkZTk2ZDJlMzJkNjQ2ZWM3MDY2ZjFkNTQ1ZmQ0MmY0ZDVmN2QzMjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfaPAoEjxM9aisg0tp+Y38ul1WBr
FqrETN9qaknShkMDPA08yi98ZHxYh/GDPQXaDXUcfE90cz3DSaICz8/NXukJMERO
OgIkzC5FxW9kSvZ61lR9t4fFtnHsyq/Epl/QylGySqgVcU/ZMn0kQibLOy0lABA6
8LTOAfOzhaorPJsKpE/b4qMHDCOpMjbsBQ7KRMgh4OL15uC625wcNxqfZC4oHBqo
JyGrelVSEAoT632OMPbUMlI9o3JwhDi/NkvPPJiX9MCImQin+ioMT5B870K8WATN
LQjmgdBeuQ3uFxugsVMcym74RbsJGbzv2WsWn3Ng3J9Wbf2NihyLLaQMawIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNcZjNZCIK1FyuosXPMHTTPoofjPMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2FiNGFkMTg1LTJiZmItNDI4MS05ZTIzLTAwYTJhYjRiNmU4Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJA+A/4AgMA0GCSqGSIb3DQEBCwUAA4IBAQC1e0ksLORyK+61Njys
EZ+2q7wN4sycYa1OkdYKd8/jB/56OICdL3jq9r4EysCWT1fCkWJO+WuDFFV/D+m7
bfvn6gMKrzwNngK57WufVikSOgGn+/iVm7st/ucqNRbWcVYXTMu7zZV+O9asdQcl
zLII3t2+aJy4vKgYItJb0PdBDNmSd3PfQiDXVhbE83o2xR5qY6I4yu1Qoz7o2Db5
wlN2uMlHDPnZfKvJJKKioORbDqTNIznft3OllyaE7FYLl6AG4lquVEpu+X7KwNa7
PAX4nk81YGoDjJ3EO1RQS28Xx/jGJYgwmE0ypVf9lnIg96cEVXMo5YTXai3Xdecx
lhnO
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:46 2025 by rpki-client