Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c886fdcc-d9c4-485a-a941-7aa2c7d093e3.roa
File:                     c886fdcc-d9c4-485a-a941-7aa2c7d093e3.roa (raw, json)
Hash identifier:          T3gsymJUS8s30z9kx9PQPglJWwCc3pHg01xQmntYQKE=
Subject key identifier:   1E:F9:73:0F:EE:34:01:9C:41:9A:E6:0A:C5:81:FF:BF:66:F7:58:AF
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       1EB12B754DC90290396516320132C75262DA369D
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c886fdcc-d9c4-485a-a941-7aa2c7d093e3.roa
Signing time:             Fri 01 Aug 2025 00:50:09 +0000
ROA not before:           Fri 01 Aug 2025 00:50:09 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fe:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:b1:2b:75:4d:c9:02:90:39:65:16:32:01:32:c7:52:62:da:36:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Aug  1 00:50:09 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=d757f051795a9620d1a8272d46a9640c91c4199f0f728158255966d2494c9cd1, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e0:f5:0c:2c:c6:e3:0d:cc:88:25:09:28:a7:
                    32:b9:93:09:e4:fa:7f:2a:24:c7:ca:a0:ea:5a:1d:
                    b0:04:99:29:da:24:42:d3:90:cb:e9:5b:f9:1d:54:
                    3b:8b:ab:9d:ca:b5:8e:a3:e9:7f:b9:c4:ab:04:74:
                    cb:c5:82:7e:3b:3d:c4:2d:01:7d:f8:12:77:94:98:
                    23:a7:22:f1:ad:c1:78:f0:9b:b0:97:02:8f:7f:da:
                    9f:81:00:0e:e9:f2:67:7e:f6:1d:73:dd:45:85:22:
                    27:23:08:84:a6:1e:5f:d3:58:31:47:ba:b9:0d:a5:
                    e5:00:8b:6c:b6:ff:ee:46:3f:ee:d2:0b:82:fa:ff:
                    9e:c2:60:44:01:90:d8:52:43:de:03:3a:d5:99:05:
                    76:13:5f:6d:88:f9:9c:16:ea:25:d4:c4:2c:36:43:
                    0d:7b:b8:ba:70:58:c0:65:11:8c:b3:33:f9:8c:c1:
                    5d:3b:c1:e9:38:49:35:5b:5c:b3:3d:17:0a:38:e4:
                    25:1a:e4:75:29:56:c9:3e:ac:3a:76:bf:a8:38:25:
                    f1:5e:a3:3b:53:2d:55:db:8b:98:d6:16:50:c4:57:
                    01:31:25:86:b6:bd:56:5a:e0:77:2a:eb:75:ab:b3:
                    34:bb:57:4d:74:e7:59:56:5f:bd:05:13:89:7d:dd:
                    39:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:F9:73:0F:EE:34:01:9C:41:9A:E6:0A:C5:81:FF:BF:66:F7:58:AF
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c886fdcc-d9c4-485a-a941-7aa2c7d093e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fe:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:34:a5:0e:f3:86:b9:9f:d5:e4:81:4b:fd:c0:5d:54:86:d5:
         d4:e5:dc:96:58:51:8f:74:b0:0f:8f:57:09:7d:2d:5a:80:5f:
         6c:6a:80:6e:86:3c:8e:08:1d:7b:95:f0:19:7e:72:70:de:51:
         e3:28:51:35:19:de:f9:27:a7:bd:09:ca:5f:a3:de:ea:5c:4c:
         dc:2e:5a:bc:49:1d:16:74:f5:ef:6f:32:ee:1c:f6:47:57:42:
         97:63:e7:ad:45:c3:1e:0c:7f:06:1f:7b:e3:cb:86:1b:db:b5:
         13:8d:fc:d6:84:c1:5d:b3:2a:e7:ed:81:40:37:0c:bc:96:9a:
         71:8c:e8:9e:ba:56:4c:bd:74:71:8e:13:ac:a5:b1:01:d7:16:
         63:e8:b0:3e:a7:c6:1b:67:a1:a6:35:5a:b8:6f:e9:d0:c3:f2:
         c0:f4:4e:32:73:3c:d3:a5:df:1d:39:d1:02:ae:97:a4:36:61:
         c3:14:af:f7:69:71:f1:43:c7:4c:70:d4:02:df:8f:65:28:01:
         3d:e0:04:a1:96:0a:60:a6:b3:87:ed:df:40:a3:ab:98:6a:79:
         23:e0:51:dc:13:be:b7:ad:0a:14:53:44:1a:5f:3a:37:8b:8c:
         ff:7e:75:52:61:e6:dd:fd:76:6f:04:d5:6d:02:12:79:d7:cc:
         b0:12:df:aa
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUHrErdU3JApA5ZRYyATLHUmLaNp0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDgwMTAwNTAwOVoX
DTI1MDkwNTIzNTk1OVowejFJMEcGA1UEBRNAZDc1N2YwNTE3OTVhOTYyMGQxYTgy
NzJkNDZhOTY0MGM5MWM0MTk5ZjBmNzI4MTU4MjU1OTY2ZDI0OTRjOWNkMTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleD1DCzG4w3MiCUJKKcyuZMJ5Pp/
KiTHyqDqWh2wBJkp2iRC05DL6Vv5HVQ7i6udyrWOo+l/ucSrBHTLxYJ+Oz3ELQF9
+BJ3lJgjpyLxrcF48JuwlwKPf9qfgQAO6fJnfvYdc91FhSInIwiEph5f01gxR7q5
DaXlAItstv/uRj/u0guC+v+ewmBEAZDYUkPeAzrVmQV2E19tiPmcFuol1MQsNkMN
e7i6cFjAZRGMszP5jMFdO8HpOEk1W1yzPRcKOOQlGuR1KVbJPqw6dr+oOCXxXqM7
Uy1V24uY1hZQxFcBMSWGtr1WWuB3Kut1q7M0u1dNdOdZVl+9BROJfd05uwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFB75cw/uNAGcQZrmCsWB/79m91ivMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2M4ODZmZGNjLWQ5YzQtNDg1YS1hOTQxLTdhYTJjN2QwOTNlMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/kAwDQYJKoZIhvcNAQELBQADggEBABE0pQ7zhrmf1eSBS/3A
XVSG1dTl3JZYUY90sA+PVwl9LVqAX2xqgG6GPI4IHXuV8Bl+cnDeUeMoUTUZ3vkn
p70Jyl+j3upcTNwuWrxJHRZ09e9vMu4c9kdXQpdj561Fwx4MfwYfe+PLhhvbtRON
/NaEwV2zKuftgUA3DLyWmnGM6J66Vky9dHGOE6ylsQHXFmPosD6nxhtnoaY1Wrhv
6dDD8sD0TjJzPNOl3x050QKul6Q2YcMUr/dpcfFDx0xw1ALfj2UoAT3gBKGWCmCm
s4ft30Cjq5hqeSPgUdwTvretChRTRBpfOjeLjP9+dVJh5t39dm8E1W0CEnnXzLAS
36o=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:18 2025 by rpki-client