Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa
File:                     c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa (raw, json)
Hash identifier:          RbifkmKX0gttJdxicGVAF8ENk7b10F2Ra4d8YIsqjHA=
Subject key identifier:   9F:0C:C2:E0:1C:0A:DE:22:53:C7:D1:26:C8:B1:83:3C:ED:85:4C:CF
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       4669B830DBE4AC9548EE89FDAF4D3B583CA60B0F
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa
Signing time:             Wed 11 Jun 2025 00:00:05 +0000
ROA not before:           Wed 11 Jun 2025 00:00:05 +0000
ROA not after:            Wed 16 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fe:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 18 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:69:b8:30:db:e4:ac:95:48:ee:89:fd:af:4d:3b:58:3c:a6:0b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jun 11 00:00:05 2025 GMT
            Not After : Jul 16 23:59:59 2025 GMT
        Subject: serialNumber=9e6fda66eec486494412391a2fe7baf5dee6fec6b9a08868dece0e2915d7898c, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f8:07:35:6e:fe:72:bd:ca:60:bb:a7:6c:d8:
                    f5:cc:29:21:8f:8d:9c:c9:47:07:70:95:7c:dd:cf:
                    d3:86:cf:af:05:b0:09:1e:1e:83:db:1a:b1:01:f1:
                    a0:88:ae:9e:3a:7c:de:a2:ea:eb:d7:a5:85:b8:d7:
                    b6:5b:8e:db:90:4b:67:34:dc:e0:03:07:7e:e4:92:
                    4b:14:d8:b5:0c:23:27:8a:c3:55:c2:06:c6:fc:a4:
                    3f:7f:d2:70:89:5c:d6:84:b0:0b:d4:46:5f:ac:2b:
                    8e:85:27:c6:16:0c:ff:94:36:f5:8e:53:0f:b9:b5:
                    30:fb:84:ff:92:ef:ac:b7:3d:13:a8:9d:dd:82:8c:
                    78:22:70:32:d8:d9:98:f2:f3:19:d8:81:f7:40:48:
                    49:bb:a1:6a:d6:c7:13:58:40:be:d6:32:be:82:72:
                    5b:d9:71:90:9e:cc:2d:d9:fb:c5:04:ea:4a:1f:50:
                    0e:57:87:3e:3c:bd:1f:a7:ba:45:15:c0:1c:08:63:
                    15:1d:0f:de:da:05:c3:b5:2a:b4:e1:fc:12:75:dd:
                    1e:44:ad:e8:ee:25:00:fd:83:d3:4a:60:95:02:c5:
                    7e:ea:c8:3d:8d:32:90:a2:95:98:77:fa:6c:a1:a3:
                    73:96:a6:c2:4e:e4:82:10:82:3e:5d:cf:63:04:05:
                    af:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:0C:C2:E0:1C:0A:DE:22:53:C7:D1:26:C8:B1:83:3C:ED:85:4C:CF
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fe:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:7e:82:22:e2:75:6e:4a:88:1f:a5:42:b8:fc:e4:dc:9d:7a:
         b1:88:9c:8f:95:8b:d9:23:e7:ca:c6:84:69:97:b7:c4:07:6c:
         db:3e:73:55:f8:1f:aa:0a:03:32:cb:fa:0f:3a:b2:f1:36:c9:
         af:20:10:25:f8:1d:62:3d:cf:af:60:f6:6d:e7:d4:9a:7c:02:
         2f:00:55:8c:9e:22:3e:ae:8f:4c:63:b4:9c:94:a1:f2:28:1a:
         85:66:11:d2:2f:0c:9f:23:b7:89:3c:da:73:aa:57:7f:d3:12:
         c5:52:3f:76:49:8a:fc:c4:8e:d2:d0:34:a6:79:64:24:e0:36:
         f6:03:2a:2c:88:ae:da:a2:8f:dd:f1:ab:8c:40:55:73:84:8f:
         61:76:15:8e:87:d9:dc:ea:83:f2:fc:c6:b2:78:22:83:58:81:
         c5:1b:c3:f2:84:09:aa:c8:ec:49:50:39:46:0f:2b:fb:6f:61:
         9b:85:1e:80:c1:eb:79:f4:3c:31:ff:c3:6d:a9:19:b5:0e:42:
         c8:4c:e4:4f:b0:2b:f5:71:76:b6:3f:cd:4f:1c:93:43:06:85:
         57:ea:7f:9d:a1:1f:b7:11:d1:86:f1:0d:c7:d7:e0:02:eb:6d:
         cc:da:f1:ea:58:d0:a6:1e:72:36:b2:eb:e4:65:b0:eb:fe:c7:
         df:fa:c5:8e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIURmm4MNvkrJVI7on9r007WDymCw8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDYxMTAwMDAwNVoX
DTI1MDcxNjIzNTk1OVowejFJMEcGA1UEBRNAOWU2ZmRhNjZlZWM0ODY0OTQ0MTIz
OTFhMmZlN2JhZjVkZWU2ZmVjNmI5YTA4ODY4ZGVjZTBlMjkxNWQ3ODk4YzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/gHNW7+cr3KYLunbNj1zCkhj42c
yUcHcJV83c/Ths+vBbAJHh6D2xqxAfGgiK6eOnzeourr16WFuNe2W47bkEtnNNzg
Awd+5JJLFNi1DCMnisNVwgbG/KQ/f9JwiVzWhLAL1EZfrCuOhSfGFgz/lDb1jlMP
ubUw+4T/ku+stz0TqJ3dgox4InAy2NmY8vMZ2IH3QEhJu6Fq1scTWEC+1jK+gnJb
2XGQnswt2fvFBOpKH1AOV4c+PL0fp7pFFcAcCGMVHQ/e2gXDtSq04fwSdd0eRK3o
7iUA/YPTSmCVAsV+6sg9jTKQopWYd/psoaNzlqbCTuSCEII+Xc9jBAWvDwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJ8MwuAcCt4iU8fRJsixgzzthUzPMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2M2YzhjMmM4LTI2MTAtNGI0Ni05ZTU1LTY3YzEyY2VjY2JiZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/oAwDQYJKoZIhvcNAQELBQADggEBAC5+giLidW5KiB+lQrj8
5NyderGInI+Vi9kj58rGhGmXt8QHbNs+c1X4H6oKAzLL+g86svE2ya8gECX4HWI9
z69g9m3n1Jp8Ai8AVYyeIj6uj0xjtJyUofIoGoVmEdIvDJ8jt4k82nOqV3/TEsVS
P3ZJivzEjtLQNKZ5ZCTgNvYDKiyIrtqij93xq4xAVXOEj2F2FY6H2dzqg/L8xrJ4
IoNYgcUbw/KECarI7ElQOUYPK/tvYZuFHoDB63n0PDH/w22pGbUOQshM5E+wK/Vx
drY/zU8ck0MGhVfqf52hH7cR0YbxDcfX4ALrbcza8epY0KYecjay6+RlsOv+x9/6
xY4=
-----END CERTIFICATE-----
Generated at Sat Jun 14 23:17:42 2025 by rpki-client