Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3d1fb1c7-6140-4c57-928f-1a59586f9e2b.roa
File:                     3d1fb1c7-6140-4c57-928f-1a59586f9e2b.roa (raw, json)
Hash identifier:          FB1Qpi6ubFBBb9QiCsmL14R/uNLcJYJQgm5SPXnPMkY=
Subject key identifier:   62:88:5C:CB:C5:1D:D5:B1:D7:B2:99:83:F6:1E:4F:AC:C3:58:25:36
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       0B0605DEBBF8B6493E73E7C811073B42D012B970
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3d1fb1c7-6140-4c57-928f-1a59586f9e2b.roa
Signing time:             Sun 19 Oct 2025 00:00:05 +0000
ROA not before:           Sun 19 Oct 2025 00:00:05 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        160.235.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:06:05:de:bb:f8:b6:49:3e:73:e7:c8:11:07:3b:42:d0:12:b9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Oct 19 00:00:05 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=66397a9d2a523d64fa33e9b1856d3e7247aed0917b687fcf1e2d42aaddfb6c83, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1c:e9:9f:81:d5:24:00:3c:0c:98:f1:f1:16:
                    66:93:8e:e2:d7:57:34:78:65:0c:05:2d:60:6f:ad:
                    04:56:a8:95:b7:9e:c1:7a:ea:68:00:62:24:85:36:
                    3b:b7:5a:ce:ff:f0:3b:08:02:99:d3:4f:bf:07:6f:
                    b1:80:9b:72:ec:bf:1e:b9:04:60:f9:9c:17:99:a1:
                    c5:c5:e9:fa:1d:2c:e1:fe:c2:75:d0:c3:b5:e6:d1:
                    88:03:68:f4:5b:fa:83:7a:1e:3c:79:4c:f3:8b:ad:
                    fd:4e:f9:b7:18:41:12:83:cf:b3:57:43:b2:d5:cb:
                    d5:1e:55:0c:02:42:14:ed:81:b2:6d:18:7b:ae:da:
                    8f:54:c3:a6:54:5b:ba:5e:2e:5c:7e:07:d5:19:53:
                    04:e5:db:2a:99:4f:58:e3:23:f6:1f:67:6d:f8:d8:
                    09:4e:b5:a1:cc:ab:16:3a:e9:c6:3d:3e:c8:c0:33:
                    d0:0f:b7:93:2c:a9:d5:3f:3b:3f:2e:ec:31:96:82:
                    21:a5:71:8a:2e:66:44:60:b6:99:6d:e1:a3:75:4c:
                    b9:70:08:7a:23:bd:72:41:06:98:43:c3:25:50:de:
                    20:6d:31:e7:d6:26:f0:9e:3c:ad:a8:ce:14:1f:ee:
                    f3:52:36:c4:27:6a:81:ac:14:f9:16:39:11:55:97:
                    18:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:88:5C:CB:C5:1D:D5:B1:D7:B2:99:83:F6:1E:4F:AC:C3:58:25:36
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3d1fb1c7-6140-4c57-928f-1a59586f9e2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.235.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:49:5b:38:e9:58:ef:39:32:3e:b4:d7:d0:62:da:14:5a:76:
         89:d6:43:9f:37:4e:7f:56:4e:a0:7e:cd:9c:93:ad:89:da:86:
         59:de:5a:6a:d0:a2:a0:30:6f:ab:fe:dd:18:cc:3c:75:6a:80:
         1e:44:48:76:41:d0:27:a0:be:ce:8e:cd:d1:88:1b:37:5d:51:
         0b:56:0c:c7:aa:20:fd:77:84:62:e3:db:0a:d6:71:e5:31:f6:
         f2:ae:71:f9:e8:0e:62:93:f6:cc:df:21:94:63:04:a6:85:29:
         ac:29:42:b0:46:8f:07:6d:2f:02:88:3b:15:1d:1d:4c:43:b2:
         c4:ea:dd:45:f1:75:2e:a8:0d:d0:fc:97:e2:c5:a3:60:c4:a2:
         4c:ae:56:c7:72:51:1a:90:d8:b1:83:40:e7:8a:0b:de:c1:af:
         c1:5d:7d:d2:36:8a:d4:f3:59:58:b4:d8:fd:97:d2:40:cc:ac:
         8b:62:b8:cc:74:fa:1a:b4:6f:85:8f:69:bd:b7:72:b4:14:f5:
         fc:5a:ec:b7:41:82:c3:81:a9:71:0c:81:a3:46:83:b3:b3:85:
         9f:45:53:03:80:67:2f:b4:7f:ef:98:41:42:db:f9:d8:d8:02:
         51:4c:b2:47:4b:db:3c:34:60:76:c6:bf:9a:8f:21:26:c8:ca:
         d0:1c:02:dc
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUCwYF3rv4tkk+c+fIEQc7QtASuXAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MTAxOTAwMDAwNVoX
DTI1MTEyMzIzNTk1OVowejFJMEcGA1UEBRNANjYzOTdhOWQyYTUyM2Q2NGZhMzNl
OWIxODU2ZDNlNzI0N2FlZDA5MTdiNjg3ZmNmMWUyZDQyYWFkZGZiNmM4MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRzpn4HVJAA8DJjx8RZmk47i11c0
eGUMBS1gb60EVqiVt57BeupoAGIkhTY7t1rO//A7CAKZ00+/B2+xgJty7L8euQRg
+ZwXmaHFxen6HSzh/sJ10MO15tGIA2j0W/qDeh48eUzzi639Tvm3GEESg8+zV0Oy
1cvVHlUMAkIU7YGybRh7rtqPVMOmVFu6Xi5cfgfVGVME5dsqmU9Y4yP2H2dt+NgJ
TrWhzKsWOunGPT7IwDPQD7eTLKnVPzs/LuwxloIhpXGKLmZEYLaZbeGjdUy5cAh6
I71yQQaYQ8MlUN4gbTHn1ibwnjytqM4UH+7zUjbEJ2qBrBT5FjkRVZcYlwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGKIXMvFHdWx17KZg/YeT6zDWCU2MB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNkMWZiMWM3LTYxNDAtNGM1Ny05MjhmLTFhNTk1ODZmOWUyYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMAoOswDQYJKoZIhvcNAQELBQADggEBAH1JWzjpWO85Mj6019Bi2hRa
donWQ583Tn9WTqB+zZyTrYnahlneWmrQoqAwb6v+3RjMPHVqgB5ESHZB0Cegvs6O
zdGIGzddUQtWDMeqIP13hGLj2wrWceUx9vKucfnoDmKT9szfIZRjBKaFKawpQrBG
jwdtLwKIOxUdHUxDssTq3UXxdS6oDdD8l+LFo2DEokyuVsdyURqQ2LGDQOeKC97B
r8FdfdI2itTzWVi02P2X0kDMrItiuMx0+hq0b4WPab23crQU9fxa7LdBgsOBqXEM
gaNGg7OzhZ9FUwOAZy+0f++YQULb+djYAlFMskdL2zw0YHbGv5qPISbIytAcAtw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:32:26 2025 by rpki-client