Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/fcc4293c-b24f-4fac-9395-546f748b3b13.roa
File:                     fcc4293c-b24f-4fac-9395-546f748b3b13.roa (raw, json)
Hash identifier:          QrhULn6zzt76qs5UhpO/cScywudd8JUerePubXLVI6E=
Subject key identifier:   59:38:FF:65:C2:08:3F:07:22:24:3E:5B:C9:D5:14:1F:F4:0E:B2:B8
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       05029287745744D790A34E543B9F16DF4851E8F1
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/fcc4293c-b24f-4fac-9395-546f748b3b13.roa
Signing time:             Mon 04 Aug 2025 15:00:51 +0000
ROA not before:           Mon 04 Aug 2025 15:00:51 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8018::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:02:92:87:74:57:44:d7:90:a3:4e:54:3b:9f:16:df:48:51:e8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Aug  4 15:00:51 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=7f92bad9e6b390b3d6d6cd883aebd60a1d1ec7071bad3b52f71fa8a51cfee464, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:56:28:d0:95:70:05:95:15:91:36:84:d3:09:
                    33:49:bd:a0:34:9d:49:bf:ad:ee:d1:f9:01:8c:3e:
                    59:56:2e:12:40:33:91:4c:ba:18:96:20:d0:ad:1b:
                    4e:1e:41:06:4b:98:55:48:89:3d:49:97:3a:d3:c1:
                    19:80:fc:6a:ba:67:cb:dc:9e:5f:ee:05:49:57:f6:
                    d0:1c:02:d1:2f:8f:d4:2d:01:4e:69:31:4c:72:40:
                    35:a6:69:cd:88:5a:f1:c3:e5:39:8d:d5:2f:da:0f:
                    e6:3d:3b:39:98:7b:8c:9d:27:c2:94:bc:b2:80:23:
                    04:44:7b:c6:db:81:f2:74:8e:04:91:d0:e1:b7:55:
                    27:5c:4f:bc:d0:78:85:93:12:e7:04:c6:51:46:c6:
                    4a:2f:5e:22:c0:5e:f2:f1:c0:4f:67:d9:9d:50:86:
                    42:13:24:72:99:0f:7b:31:ef:10:01:b3:06:82:8d:
                    88:21:ae:a0:d0:61:2b:66:7a:3d:20:7e:af:db:c9:
                    29:d4:f5:b6:cd:c4:7b:5d:a3:2b:4b:e9:14:d2:c7:
                    d5:2f:9d:a9:f2:fe:3a:27:3d:f2:38:89:bc:fe:e1:
                    5f:b9:b2:20:ed:81:b8:57:97:28:ad:01:3d:ea:78:
                    86:45:17:64:11:b9:ef:09:be:18:ae:da:33:c3:ca:
                    0e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:38:FF:65:C2:08:3F:07:22:24:3E:5B:C9:D5:14:1F:F4:0E:B2:B8
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/fcc4293c-b24f-4fac-9395-546f748b3b13.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8018::/38

    Signature Algorithm: sha256WithRSAEncryption
         95:ac:3f:df:1a:4f:3a:b2:76:30:46:53:16:da:a3:77:22:6a:
         2a:bf:72:b6:a5:18:d3:59:07:fe:0f:71:35:a7:c3:23:f9:87:
         cc:fa:a0:bb:12:76:cc:64:7b:bc:89:82:3f:e9:8e:cd:0c:b7:
         40:73:d2:ce:ab:1e:91:5f:02:bb:b7:b9:f5:6f:ac:73:96:a6:
         68:c3:b1:40:00:46:87:b9:c6:48:a7:e9:28:4b:77:a3:d5:d8:
         c9:d3:46:9c:e2:50:79:95:de:a7:40:f3:f6:32:f6:75:36:50:
         91:ac:6b:7f:a2:3e:d8:4b:ce:53:0f:8f:f8:6e:4b:7f:aa:bc:
         ef:15:1a:69:cb:6e:38:23:ec:a4:63:4d:45:58:a6:4f:b8:93:
         45:a8:e5:9f:56:d0:9b:c6:93:22:37:e8:58:a6:8f:b4:23:8b:
         3f:03:70:a7:93:ff:f9:69:1c:dc:f5:45:0c:88:ff:67:d7:b0:
         3c:bc:13:0c:a2:bb:d1:82:df:ac:75:ea:bb:83:c4:f2:5e:d1:
         77:65:d4:1e:00:b7:31:52:1f:0f:b8:29:c1:f0:9e:80:6b:a4:
         61:0f:0a:b7:37:a5:53:c2:a8:30:4d:22:9c:6e:5d:e5:a1:21:
         e3:82:cb:4d:1f:c0:8e:9f:e6:da:24:68:a6:d6:44:98:c4:56:
         e0:73:04:e5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUBQKSh3RXRNeQo05UO58W30hR6PEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDgwNDE1MDA1MVoX
DTI1MDkwODIzNTk1OVowejFJMEcGA1UEBRNAN2Y5MmJhZDllNmIzOTBiM2Q2ZDZj
ZDg4M2FlYmQ2MGExZDFlYzcwNzFiYWQzYjUyZjcxZmE4YTUxY2ZlZTQ2NDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1Yo0JVwBZUVkTaE0wkzSb2gNJ1J
v63u0fkBjD5ZVi4SQDORTLoYliDQrRtOHkEGS5hVSIk9SZc608EZgPxqumfL3J5f
7gVJV/bQHALRL4/ULQFOaTFMckA1pmnNiFrxw+U5jdUv2g/mPTs5mHuMnSfClLyy
gCMERHvG24HydI4EkdDht1UnXE+80HiFkxLnBMZRRsZKL14iwF7y8cBPZ9mdUIZC
EyRymQ97Me8QAbMGgo2IIa6g0GErZno9IH6v28kp1PW2zcR7XaMrS+kU0sfVL52p
8v46Jz3yOIm8/uFfubIg7YG4V5corQE96niGRRdkEbnvCb4Yrtozw8oOJQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFk4/2XCCD8HIiQ+W8nVFB/0DrK4MB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2ZjYzQyOTNjLWIyNGYtNGZhYy05Mzk1LTU0NmY3NDhiM2IxMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJA+AGAAwDQYJKoZIhvcNAQELBQADggEBAJWsP98aTzqydjBGUxba
o3ciaiq/cralGNNZB/4PcTWnwyP5h8z6oLsSdsxke7yJgj/pjs0Mt0Bz0s6rHpFf
Aru3ufVvrHOWpmjDsUAARoe5xkin6ShLd6PV2MnTRpziUHmV3qdA8/Yy9nU2UJGs
a3+iPthLzlMPj/huS3+qvO8VGmnLbjgj7KRjTUVYpk+4k0Wo5Z9W0JvGkyI36Fim
j7Qjiz8DcKeT//lpHNz1RQyI/2fXsDy8Ewyiu9GC36x16ruDxPJe0Xdl1B4AtzFS
Hw+4KcHwnoBrpGEPCrc3pVPCqDBNIpxuXeWhIeOCy00fwI6f5tokaKbWRJjEVuBz
BOU=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:44:47 2025 by rpki-client