Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa
File:                     25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa (raw, json)
Hash identifier:          uvPF1yFleLfWH0AhdCNli/T88JqcqnsD3ivyY7GWXw4=
Subject key identifier:   04:8B:16:4C:75:FE:7F:73:BC:AF:A0:D0:E8:F1:17:A2:35:CB:95:F8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1BCB8A6900D245BD9ACE95D5F049D058850E8B62
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa
Signing time:             Tue 07 Oct 2025 00:01:18 +0000
ROA not before:           Tue 07 Oct 2025 00:01:18 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.212.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:cb:8a:69:00:d2:45:bd:9a:ce:95:d5:f0:49:d0:58:85:0e:8b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct  7 00:01:18 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=e1945935b9a663e28156baab5de3d29c22c737c62996c188597ed26008d2d0f3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:63:95:97:d4:d4:58:56:ea:7e:19:79:c9:
                    b4:fc:86:13:99:1f:dc:51:b6:84:53:a7:0e:c3:26:
                    04:0c:dd:1f:b4:a1:d7:25:c2:47:a8:a0:1e:90:91:
                    c5:8d:01:96:05:7a:c7:a8:45:65:67:e9:7e:cd:6c:
                    65:1e:93:2d:f7:2c:37:41:7c:20:b9:5b:3b:16:67:
                    81:60:fc:9b:05:cb:ed:3a:02:94:a4:95:a5:c7:6a:
                    b2:02:84:a7:b1:99:4a:97:22:4d:6b:54:f9:66:9b:
                    8f:79:b9:7f:64:8b:e7:1e:9f:b2:f8:8b:ff:28:3d:
                    31:6c:4c:f4:2c:6b:f8:8c:0d:6e:b8:d4:db:85:f0:
                    00:14:b0:87:e6:a5:0f:fd:3d:7e:cc:af:4f:fa:b0:
                    6b:28:5a:a9:e4:09:4a:7d:3d:d3:5d:27:73:06:5b:
                    b4:a5:4e:b5:c4:7d:04:7a:4a:91:61:80:ee:0e:09:
                    60:b7:e8:86:71:13:81:85:66:46:f4:b1:92:91:61:
                    cf:cf:07:40:84:70:0a:5b:50:1a:1f:5e:10:01:36:
                    97:4b:37:c2:26:e3:b3:de:c4:2e:fa:3c:64:50:06:
                    f7:70:b2:dc:4a:6f:64:a5:9a:e8:4e:88:d4:39:30:
                    d7:a8:1e:32:36:55:4b:14:1b:73:ff:8a:0c:bd:7d:
                    9f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:8B:16:4C:75:FE:7F:73:BC:AF:A0:D0:E8:F1:17:A2:35:CB:95:F8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25e04c5d-4ae9-4470-8138-dea1e8b3160e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.212.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:dc:fe:7d:57:4d:ab:9e:a4:0a:a8:4a:9d:c6:17:06:7b:49:
         81:29:21:bb:54:51:57:57:a2:80:2c:73:b3:43:98:10:90:72:
         a2:e8:d4:19:15:73:36:9d:3a:50:d7:7b:f5:a0:d8:a3:b3:e4:
         60:1f:97:39:bc:36:66:6f:f0:5b:53:26:1c:27:be:de:ef:f0:
         40:2e:f6:cf:cd:10:2c:f2:fd:c3:12:20:47:e9:d5:6d:6e:65:
         07:7a:8d:4e:78:24:46:c0:e4:d8:02:d3:b7:91:ca:1c:02:5f:
         f1:50:d2:80:b3:0c:65:b1:70:3d:29:1b:61:67:7d:73:77:46:
         e0:a0:62:aa:70:75:5a:44:02:57:72:20:25:06:be:1b:d0:e4:
         d9:0c:30:48:c3:12:63:cc:a6:9a:58:1e:7e:88:58:19:d5:8c:
         cc:9d:85:c2:33:3b:9e:ae:0b:a3:81:d3:42:0c:a0:50:45:06:
         83:92:f2:6f:5e:34:c2:22:db:7b:69:21:bb:a6:03:95:26:5a:
         99:10:d2:e0:dc:e2:1d:17:08:54:7d:dd:2a:83:4f:1e:28:f7:
         45:39:19:3b:e4:23:77:7b:48:0a:48:bd:c1:91:18:3f:15:73:
         ca:56:13:2e:43:76:48:4c:aa:76:eb:95:b6:98:2d:6a:4a:5f:
         2a:f2:7f:93
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUG8uKaQDSRb2azpXV8EnQWIUOi2IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAwNzAwMDExOFoX
DTI1MTExMTIzNTk1OVowejFJMEcGA1UEBRNAZTE5NDU5MzViOWE2NjNlMjgxNTZi
YWFiNWRlM2QyOWMyMmM3MzdjNjI5OTZjMTg4NTk3ZWQyNjAwOGQyZDBmMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcVjlZfU1FhW6n4Zecm0/IYTmR/c
UbaEU6cOwyYEDN0ftKHXJcJHqKAekJHFjQGWBXrHqEVlZ+l+zWxlHpMt9yw3QXwg
uVs7FmeBYPybBcvtOgKUpJWlx2qyAoSnsZlKlyJNa1T5ZpuPebl/ZIvnHp+y+Iv/
KD0xbEz0LGv4jA1uuNTbhfAAFLCH5qUP/T1+zK9P+rBrKFqp5AlKfT3TXSdzBlu0
pU61xH0EekqRYYDuDglgt+iGcROBhWZG9LGSkWHPzwdAhHAKW1AaH14QATaXSzfC
JuOz3sQu+jxkUAb3cLLcSm9kpZroTojUOTDXqB4yNlVLFBtz/4oMvX2fDwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFASLFkx1/n9zvK+g0OjxF6I1y5X4MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI1ZTA0YzVkLTRhZTktNDQ3MC04MTM4LWRlYTFlOGIzMTYwZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAK9RGMA0GCSqGSIb3DQEBCwUAA4IBAQCq3P59V02rnqQKqEqdxhcG
e0mBKSG7VFFXV6KALHOzQ5gQkHKi6NQZFXM2nTpQ13v1oNijs+RgH5c5vDZmb/Bb
UyYcJ77e7/BALvbPzRAs8v3DEiBH6dVtbmUHeo1OeCRGwOTYAtO3kcocAl/xUNKA
swxlsXA9KRthZ31zd0bgoGKqcHVaRAJXciAlBr4b0OTZDDBIwxJjzKaaWB5+iFgZ
1YzMnYXCMzuergujgdNCDKBQRQaDkvJvXjTCItt7aSG7pgOVJlqZENLg3OIdFwhU
fd0qg08eKPdFORk75CN3e0gKSL3BkRg/FXPKVhMuQ3ZITKp265W2mC1qSl8q8n+T
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:34:31 2025 by rpki-client