Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa
File:                     c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa (raw, json)
Hash identifier:          2oHdBVpsech1wFc2/jFAYr4SGhXbQZObSGMgDpX+p0M=
Subject key identifier:   6C:9E:6B:C1:8F:CF:8D:B4:30:2B:0C:EB:72:C0:E2:4E:70:02:A5:38
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6381050F256BF1E2DEA10C4A4079BDAD169E349D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa
Signing time:             Fri 17 Oct 2025 00:02:21 +0000
ROA not before:           Fri 17 Oct 2025 00:02:21 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.218.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:81:05:0f:25:6b:f1:e2:de:a1:0c:4a:40:79:bd:ad:16:9e:34:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 17 00:02:21 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=1f3a64ed886c3912a13a045c24b88b163f0f4604dbf48c66c762498d99214ab4, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:28:24:05:c3:16:62:11:63:76:4b:2f:28:80:
                    9c:a0:44:39:ff:f2:e7:d7:0d:99:45:a1:4c:99:f5:
                    6a:82:e5:af:b8:48:dc:a4:50:28:6f:46:dd:46:ea:
                    84:79:b4:cb:c7:08:d6:c8:a7:73:07:7d:a4:fd:c6:
                    e8:e0:89:fe:74:d4:6f:e0:1b:34:c2:bc:48:55:de:
                    b8:48:7a:a2:c2:ad:84:7a:65:29:4a:c2:30:ba:0f:
                    a4:57:17:82:93:07:2b:ec:6c:8d:20:f2:44:47:f6:
                    52:1a:95:0e:34:e7:00:c0:52:a6:30:bb:aa:0b:01:
                    10:01:6b:af:72:6b:c6:7c:f5:4f:ee:78:93:e5:f2:
                    2b:ea:de:57:f4:c8:4f:cd:9d:e7:1b:4e:80:80:63:
                    b5:32:1c:dc:7f:a2:b3:6a:aa:52:aa:70:d9:ee:ec:
                    0e:e9:0a:6a:09:62:63:ae:ef:5c:c9:79:e7:0a:99:
                    40:fd:52:6c:45:de:22:9d:74:41:2f:dd:82:d3:b4:
                    be:41:d6:47:72:67:f9:6c:2e:44:80:96:25:c7:4c:
                    53:ab:19:14:16:41:fb:28:65:f3:db:38:35:2f:16:
                    93:bc:0c:0d:d8:d7:6a:9c:72:73:70:32:38:38:2e:
                    ae:38:45:35:a6:36:96:fb:b0:d6:6f:5a:23:73:cb:
                    40:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:9E:6B:C1:8F:CF:8D:B4:30:2B:0C:EB:72:C0:E2:4E:70:02:A5:38
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c0e0735d-a91e-478d-82d2-a3f04ee435d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.218.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:b3:12:0f:ce:2a:e1:87:a7:e3:4c:2c:98:00:24:a4:39:e9:
         90:87:0a:e0:63:d4:9e:0e:66:6a:3b:6e:75:e3:d5:9c:11:47:
         fa:75:92:9c:31:c2:56:c7:76:12:c4:14:b8:6e:13:62:80:4b:
         04:a5:5f:e6:8a:57:be:df:ee:28:f5:e9:61:1c:91:a9:a6:a5:
         a7:a8:e3:3e:8a:65:22:a8:b2:8f:d6:fe:a0:77:82:87:30:65:
         79:a2:2b:b8:50:0e:58:b0:c2:2d:9d:c2:16:62:51:2d:7a:65:
         33:04:e6:ff:68:69:65:25:d7:c6:4c:d5:d6:ae:57:75:e4:d2:
         c6:1b:dd:3b:9c:12:a2:dd:a5:02:c7:7a:3d:9a:5a:d0:fe:d8:
         f9:99:f9:81:97:35:e3:bb:23:1e:cc:1b:c3:8e:73:aa:e6:66:
         45:ae:8b:35:b6:07:b7:35:86:5c:d4:7f:07:56:df:55:fa:bc:
         0a:70:66:18:ed:0f:ad:9d:d4:72:d5:51:48:7d:58:52:dc:8d:
         df:bc:b5:87:47:8e:e3:56:37:89:bf:e5:ce:9b:7b:e9:1a:50:
         c9:28:db:ee:cd:4d:db:8d:cc:04:af:08:39:62:51:8d:e8:c1:
         a4:19:de:73:d1:f5:1b:d5:95:c7:bd:94:2f:89:6c:b8:f5:c7:
         92:35:37:16
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUY4EFDyVr8eLeoQxKQHm9rRaeNJ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNzAwMDIyMVoX
DTI1MTEyMTIzNTk1OVowejFJMEcGA1UEBRNAMWYzYTY0ZWQ4ODZjMzkxMmExM2Ew
NDVjMjRiODhiMTYzZjBmNDYwNGRiZjQ4YzY2Yzc2MjQ5OGQ5OTIxNGFiNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCgkBcMWYhFjdksvKICcoEQ5//Ln
1w2ZRaFMmfVqguWvuEjcpFAob0bdRuqEebTLxwjWyKdzB32k/cbo4In+dNRv4Bs0
wrxIVd64SHqiwq2EemUpSsIwug+kVxeCkwcr7GyNIPJER/ZSGpUONOcAwFKmMLuq
CwEQAWuvcmvGfPVP7niT5fIr6t5X9MhPzZ3nG06AgGO1Mhzcf6KzaqpSqnDZ7uwO
6QpqCWJjru9cyXnnCplA/VJsRd4inXRBL92C07S+QdZHcmf5bC5EgJYlx0xTqxkU
FkH7KGXz2zg1LxaTvAwN2NdqnHJzcDI4OC6uOEU1pjaW+7DWb1ojc8tALQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGyea8GPz420MCsM63LA4k5wAqU4MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MwZTA3MzVkLWE5MWUtNDc4ZC04MmQyLWEzZjA0ZWU0MzVkMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBK9qeMA0GCSqGSIb3DQEBCwUAA4IBAQB4sxIPzirhh6fjTCyYACSk
OemQhwrgY9SeDmZqO25149WcEUf6dZKcMcJWx3YSxBS4bhNigEsEpV/mile+3+4o
9elhHJGppqWnqOM+imUiqLKP1v6gd4KHMGV5oiu4UA5YsMItncIWYlEtemUzBOb/
aGllJdfGTNXWrld15NLGG907nBKi3aUCx3o9mlrQ/tj5mfmBlzXjuyMezBvDjnOq
5mZFros1tge3NYZc1H8HVt9V+rwKcGYY7Q+tndRy1VFIfVhS3I3fvLWHR47jVjeJ
v+XOm3vpGlDJKNvuzU3bjcwErwg5YlGN6MGkGd5z0fUb1ZXHvZQviWy49ceSNTcW
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:51:28 2025 by rpki-client