Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c7b491e4-76ae-4305-8132-a670b41c66fd.roa
File:                     c7b491e4-76ae-4305-8132-a670b41c66fd.roa (raw, json)
Hash identifier:          Y/Qe9rryhqaKcdQ65jS4eaN1QDb4nE9PefB5Qi55IQQ=
Subject key identifier:   DF:D5:D4:19:0C:82:51:1B:78:57:CE:07:63:A8:D4:54:00:94:BC:EF
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       25F91DD7460D868D9907041D68A9862A95E16B26
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c7b491e4-76ae-4305-8132-a670b41c66fd.roa
Signing time:             Mon 04 Aug 2025 15:00:37 +0000
ROA not before:           Mon 04 Aug 2025 15:00:37 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80ff:4000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f9:1d:d7:46:0d:86:8d:99:07:04:1d:68:a9:86:2a:95:e1:6b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Aug  4 15:00:37 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=9fff4eceba56e8bc515bd46c6f71f05ccd2548537779b703ee1a6e0a4cb6fb36, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:46:89:0f:df:d9:7d:43:95:b9:c7:ae:1a:58:
                    be:33:ef:00:4c:31:13:7f:b0:e2:a7:da:80:48:9b:
                    8b:05:e7:06:7a:50:ae:9f:32:e0:68:8e:58:d1:fc:
                    94:d5:3e:88:e7:47:9a:58:8b:82:3b:d9:e2:38:85:
                    60:4a:6c:07:8a:46:89:55:2e:5f:dc:20:33:be:31:
                    e3:84:ac:81:13:ff:4b:49:ff:be:62:56:64:8c:13:
                    7c:de:6c:5c:ae:ff:8d:84:ca:3d:0e:68:65:c7:8c:
                    18:39:c6:24:a5:5d:c7:76:73:a6:3e:d8:4f:c9:77:
                    4c:88:78:c3:e9:9e:9f:a1:62:94:14:c1:35:a6:fc:
                    43:47:d6:79:11:8b:c1:21:4a:fa:91:66:4d:27:56:
                    c0:af:4a:42:45:4e:01:11:07:67:c4:cd:94:7f:f6:
                    dd:bd:1c:c9:b9:03:32:9d:f4:a4:ee:70:a5:aa:d8:
                    08:a8:fa:5f:bf:19:c7:b3:50:64:68:3d:8e:23:bc:
                    6e:a8:3f:fd:24:ba:a8:58:94:2c:da:82:25:e5:2e:
                    7a:59:54:71:f5:5d:70:31:56:0a:95:d5:3b:80:84:
                    10:c9:d3:21:29:78:18:b0:d0:5a:36:93:f9:64:31:
                    d0:85:d9:59:32:f1:98:bd:d7:67:55:e0:20:6f:51:
                    2c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:D5:D4:19:0C:82:51:1B:78:57:CE:07:63:A8:D4:54:00:94:BC:EF
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c7b491e4-76ae-4305-8132-a670b41c66fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80ff:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:d6:42:d0:3c:5a:cb:3d:31:a1:14:60:45:d8:7e:35:11:a8:
         b0:ff:b1:ba:41:c2:45:52:82:4f:01:ba:c4:16:50:8b:26:74:
         5a:15:67:18:90:0a:21:98:e6:52:a0:18:08:e5:43:fc:9b:61:
         9a:18:fd:b2:3d:20:c4:7b:41:c8:99:9c:a1:04:54:56:e1:51:
         db:a3:44:52:a0:65:39:01:bd:dd:3f:69:2a:69:2b:8f:54:08:
         33:21:7f:ef:f7:96:bc:42:82:73:8a:62:72:d6:45:4b:3c:2a:
         1c:b9:01:b0:2b:cf:a1:ff:a4:e2:ae:d6:54:f9:97:4e:93:fb:
         bc:21:39:60:38:08:a7:05:de:07:e3:4b:e0:1c:c1:b1:f2:d3:
         37:93:cd:ff:c5:5e:9c:f0:e9:12:7d:f9:35:c0:6b:ba:c5:5f:
         09:61:1d:d5:d0:d7:75:e9:ee:47:e8:14:52:0d:d4:da:9a:cb:
         57:15:26:0c:0c:9d:65:66:0d:31:99:ce:e4:3a:55:43:b2:02:
         17:31:9e:2a:2f:95:0b:51:e1:f5:76:5d:e1:47:93:d8:f1:34:
         3b:d5:8c:ef:94:86:63:6e:b5:f7:7f:02:77:d0:09:65:8d:0b:
         f7:83:4b:e2:1a:cd:9e:9d:77:fd:88:e8:dc:ab:c0:86:fd:ec:
         12:bb:c2:1e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUJfkd10YNho2ZBwQdaKmGKpXhayYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDgwNDE1MDAzN1oX
DTI1MDkwODIzNTk1OVowejFJMEcGA1UEBRNAOWZmZjRlY2ViYTU2ZThiYzUxNWJk
NDZjNmY3MWYwNWNjZDI1NDg1Mzc3NzliNzAzZWUxYTZlMGE0Y2I2ZmIzNjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykaJD9/ZfUOVuceuGli+M+8ATDET
f7Dip9qASJuLBecGelCunzLgaI5Y0fyU1T6I50eaWIuCO9niOIVgSmwHikaJVS5f
3CAzvjHjhKyBE/9LSf++YlZkjBN83mxcrv+NhMo9Dmhlx4wYOcYkpV3HdnOmPthP
yXdMiHjD6Z6foWKUFME1pvxDR9Z5EYvBIUr6kWZNJ1bAr0pCRU4BEQdnxM2Uf/bd
vRzJuQMynfSk7nClqtgIqPpfvxnHs1BkaD2OI7xuqD/9JLqoWJQs2oIl5S56WVRx
9V1wMVYKldU7gIQQydMhKXgYsNBaNpP5ZDHQhdlZMvGYvddnVeAgb1EsGwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFN/V1BkMglEbeFfOB2Oo1FQAlLzvMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2M3YjQ5MWU0LTc2YWUtNDMwNS04MTMyLWE2NzBiNDFjNjZmZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/0AwDQYJKoZIhvcNAQELBQADggEBAK7WQtA8Wss9MaEUYEXY
fjURqLD/sbpBwkVSgk8BusQWUIsmdFoVZxiQCiGY5lKgGAjlQ/ybYZoY/bI9IMR7
QciZnKEEVFbhUdujRFKgZTkBvd0/aSppK49UCDMhf+/3lrxCgnOKYnLWRUs8Khy5
AbArz6H/pOKu1lT5l06T+7whOWA4CKcF3gfjS+AcwbHy0zeTzf/FXpzw6RJ9+TXA
a7rFXwlhHdXQ13Xp7kfoFFIN1Nqay1cVJgwMnWVmDTGZzuQ6VUOyAhcxniovlQtR
4fV2XeFHk9jxNDvVjO+UhmNutfd/AnfQCWWNC/eDS+IazZ6dd/2I6NyrwIb97BK7
wh4=
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:10:38 2025 by rpki-client