Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa
File:                     b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa (raw, json)
Hash identifier:          8jtITmxQcgFTuPUfGNxD1XR3U6nEqKJ9eCaGL9uv2iI=
Subject key identifier:   15:C9:C6:D4:A5:49:41:D1:B8:53:E0:28:93:AC:B9:7B:70:3E:AD:C1
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       16DD6C4CE30E9BDA90AEDF0EF150F5C706CAC154
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa
Signing time:             Wed 16 Jul 2025 00:00:04 +0000
ROA not before:           Wed 16 Jul 2025 00:00:04 +0000
ROA not after:            Wed 20 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.224.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:dd:6c:4c:e3:0e:9b:da:90:ae:df:0e:f1:50:f5:c7:06:ca:c1:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jul 16 00:00:04 2025 GMT
            Not After : Aug 20 23:59:59 2025 GMT
        Subject: serialNumber=c2b9aa80b82cd2517e86720647e631e76576ccf95c7a299a851978666d0d8cc2, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a1:d1:65:bd:af:94:04:0f:b0:fd:b3:d5:fa:
                    3a:09:89:a7:52:1f:93:ca:37:2f:58:61:58:fd:1e:
                    50:41:08:03:e8:c9:95:d6:15:87:ec:90:31:b6:a0:
                    70:04:f0:0a:1c:15:5f:30:c2:8f:4f:39:04:32:42:
                    22:36:00:c1:d6:4f:31:73:45:56:aa:41:40:0a:b9:
                    83:8d:40:38:7d:2a:cc:af:92:f9:c4:90:44:14:0a:
                    c9:13:94:c3:4c:5f:db:f2:97:52:9b:1c:cc:a9:87:
                    d2:b1:0b:65:7b:d3:39:7c:74:b4:8c:1e:87:37:67:
                    d2:3b:3c:1c:e9:3e:9e:c5:16:11:11:c6:e1:46:e1:
                    fd:5e:98:15:1e:df:f7:2f:a8:e3:4e:55:03:18:66:
                    08:51:0d:ef:80:48:c2:e0:97:9a:c4:9b:46:a2:e7:
                    ea:4f:f7:9a:6b:b6:7b:52:65:e5:cf:f0:48:dc:10:
                    e3:3d:78:47:e6:98:d0:f0:c1:85:12:8c:b9:0e:fe:
                    72:71:32:d0:99:b9:e4:b2:6b:f4:ed:1d:7c:04:e0:
                    c9:9a:b1:ec:df:62:20:64:79:2b:01:50:3e:c2:b5:
                    a2:31:52:46:e3:67:77:32:b2:6b:1d:3a:ef:28:a8:
                    eb:f4:55:7e:9e:98:85:12:16:04:79:18:5a:76:c3:
                    f1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C9:C6:D4:A5:49:41:D1:B8:53:E0:28:93:AC:B9:7B:70:3E:AD:C1
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b0c38f03-3ced-484e-aa5b-7b06f125ad74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.224.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:1d:ea:0c:0b:ec:b6:5f:d2:5c:16:ed:e3:07:ad:6b:a0:76:
         9e:7c:2e:ac:6c:f2:f6:c2:72:99:5f:d4:2e:6a:86:c8:62:f9:
         b0:ea:5f:96:d3:a7:f4:62:e0:51:13:d7:5d:1c:f0:64:31:15:
         7b:84:5e:ae:c3:5e:c2:21:8b:1a:d1:9b:1d:4d:10:73:39:47:
         68:fb:29:ea:49:ed:0c:fb:03:b8:ad:ac:93:e8:dd:d1:24:7d:
         bc:78:1a:52:22:51:53:85:3c:43:4f:9f:16:90:3b:28:55:23:
         55:f8:72:9d:33:5f:59:1e:6b:c3:b8:62:1c:71:a8:d1:53:a9:
         08:43:86:60:58:e7:ba:b7:1b:9f:06:14:8f:58:09:79:6b:5e:
         df:85:34:48:0e:71:f8:ac:ef:1e:d9:3c:e5:c2:6f:37:0a:d0:
         58:76:c5:bc:73:72:8e:a1:72:3b:ea:4d:37:00:b3:b6:8d:e9:
         ad:3a:b1:1f:55:82:27:9e:96:9a:79:42:a9:95:0b:a3:3a:20:
         0f:5e:ee:fa:86:32:64:aa:72:f5:58:75:55:8c:76:0d:b5:d6:
         23:29:64:08:a7:71:60:ce:51:05:bc:f7:bc:f6:d8:16:3d:37:
         d3:43:59:af:c0:a7:72:3d:d9:05:fc:cf:43:43:00:34:0c:6c:
         6d:75:f7:2b
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUFt1sTOMOm9qQrt8O8VD1xwbKwVQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDcxNjAwMDAwNFoX
DTI1MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAYzJiOWFhODBiODJjZDI1MTdlODY3
MjA2NDdlNjMxZTc2NTc2Y2NmOTVjN2EyOTlhODUxOTc4NjY2ZDBkOGNjMjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaHRZb2vlAQPsP2z1fo6CYmnUh+T
yjcvWGFY/R5QQQgD6MmV1hWH7JAxtqBwBPAKHBVfMMKPTzkEMkIiNgDB1k8xc0VW
qkFACrmDjUA4fSrMr5L5xJBEFArJE5TDTF/b8pdSmxzMqYfSsQtle9M5fHS0jB6H
N2fSOzwc6T6exRYREcbhRuH9XpgVHt/3L6jjTlUDGGYIUQ3vgEjC4JeaxJtGoufq
T/eaa7Z7UmXlz/BI3BDjPXhH5pjQ8MGFEoy5Dv5ycTLQmbnksmv07R18BODJmrHs
32IgZHkrAVA+wrWiMVJG42d3MrJrHTrvKKjr9FV+npiFEhYEeRhadsPxNwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBXJxtSlSUHRuFPgKJOsuXtwPq3BMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2IwYzM4ZjAzLTNjZWQtNDg0ZS1hYTViLTdiMDZmMTI1YWQ3NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK+CQMA0GCSqGSIb3DQEBCwUAA4IBAQBMHeoMC+y2X9JcFu3jB61r
oHaefC6sbPL2wnKZX9QuaobIYvmw6l+W06f0YuBRE9ddHPBkMRV7hF6uw17CIYsa
0ZsdTRBzOUdo+ynqSe0M+wO4rayT6N3RJH28eBpSIlFThTxDT58WkDsoVSNV+HKd
M19ZHmvDuGIccajRU6kIQ4ZgWOe6txufBhSPWAl5a17fhTRIDnH4rO8e2Tzlwm83
CtBYdsW8c3KOoXI76k03ALO2jemtOrEfVYInnpaaeUKplQujOiAPXu76hjJkqnL1
WHVVjHYNtdYjKWQIp3FgzlEFvPe89tgWPTfTQ1mvwKdyPdkF/M9DQwA0DGxtdfcr
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:37:34 2025 by rpki-client