Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c18b0845-fc95-41d6-b476-af4e1e466849.roa
File:                     c18b0845-fc95-41d6-b476-af4e1e466849.roa (raw, json)
Hash identifier:          y6300OW8yTSeKdHqQ/PnRnkGKDNilhwbmi9rIkZhvqc=
Subject key identifier:   17:48:C5:11:76:E1:70:A6:40:89:26:FE:4C:B7:78:A8:50:77:6E:A9
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       578217F323B4A092FF2E298B4933CD0AA1AA06A3
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c18b0845-fc95-41d6-b476-af4e1e466849.roa
Signing time:             Fri 15 Aug 2025 00:01:35 +0000
ROA not before:           Fri 15 Aug 2025 00:01:35 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Aug 2025 00:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:82:17:f3:23:b4:a0:92:ff:2e:29:8b:49:33:cd:0a:a1:aa:06:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Aug 15 00:01:35 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=30eceebb695e137c40ead4ee44d49e418a11b7e0c430b23842331ad6a0ace5a2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a7:d7:3b:bf:cc:ec:5d:37:90:94:5e:8d:d9:
                    89:89:ad:27:6c:4f:33:1d:dd:94:9f:5c:ad:6a:5e:
                    d7:a0:e5:1a:64:1d:4a:9f:3e:1e:81:c4:65:fa:8a:
                    fd:ef:83:c7:68:77:ae:fa:2a:0b:49:86:52:3c:a0:
                    df:38:f6:21:9a:c3:bf:75:90:b6:4b:81:d8:20:bd:
                    1f:32:1b:33:22:29:7a:b4:2f:24:75:9e:b0:2d:d2:
                    b6:2f:a2:45:24:c4:e7:aa:ff:af:29:d1:89:17:92:
                    44:16:8b:ee:f7:8d:97:fb:d7:89:62:6e:d5:8d:ae:
                    20:01:4c:a6:fd:05:6f:00:1e:fb:39:c8:91:7a:ef:
                    29:08:ae:fc:38:c9:9b:09:d2:5a:b3:16:04:71:e2:
                    95:0c:c9:1e:b5:12:67:ae:0a:c9:c7:66:f7:57:4c:
                    1a:89:52:f1:ca:99:d5:2b:20:f6:c7:d1:59:0e:e6:
                    42:4f:e7:2b:bb:80:58:06:28:0a:5d:b4:93:e0:ce:
                    75:a8:8d:60:1a:64:e1:55:fc:8c:3c:55:a1:b4:bd:
                    bb:b4:50:53:1f:57:c2:1a:fc:29:b2:55:a1:45:ff:
                    af:09:9b:06:5e:8e:5d:db:2b:70:65:b9:83:12:7c:
                    90:89:81:c0:67:f1:91:c8:2b:3b:7a:a2:5f:07:04:
                    9e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:48:C5:11:76:E1:70:A6:40:89:26:FE:4C:B7:78:A8:50:77:6E:A9
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c18b0845-fc95-41d6-b476-af4e1e466849.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:78:32:46:ee:59:72:c7:d8:d6:86:f3:4e:dc:de:61:fa:29:
         e3:2c:40:dd:56:d3:c0:34:0b:5c:e5:5a:61:f4:79:82:e5:a7:
         26:55:fa:3a:a7:2e:bb:4b:63:99:4c:4d:8d:7f:49:f5:cc:95:
         5d:35:a3:15:04:8d:89:da:8e:64:27:3b:70:72:c0:90:83:ad:
         f3:d2:16:ff:65:db:0f:f5:c6:16:70:54:e5:5b:08:66:f7:48:
         dd:fa:eb:e2:fc:60:96:32:b3:03:a6:f9:8d:73:01:d4:de:c8:
         aa:84:32:d9:6d:e6:74:89:54:c0:80:19:4b:be:7d:2e:1c:3f:
         ec:4e:f3:8d:19:43:fd:59:1d:c8:e6:a8:c5:02:07:67:00:72:
         e5:68:90:bd:11:f1:5a:0d:2c:51:cd:2f:4e:57:00:d7:3b:d5:
         62:ad:c2:81:bc:bd:e4:b7:f5:55:94:8f:04:84:45:84:0e:92:
         7c:c6:ba:8b:eb:ea:02:f3:fe:fd:fb:e2:2c:83:91:12:e8:1f:
         d2:31:fd:26:bf:5b:e6:99:8a:5c:e2:da:c0:39:cb:db:cf:1d:
         4e:37:96:bd:21:07:9c:72:72:ce:99:77:70:6f:ce:b5:93:69:
         d5:04:76:85:34:aa:47:0f:5c:f6:fd:8f:cb:c9:a2:20:4c:7e:
         f1:7c:6f:e7
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUV4IX8yO0oJL/LimLSTPNCqGqBqMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDgxNTAwMDEzNVoX
DTI1MDkxOTIzNTk1OVowejFJMEcGA1UEBRNAMzBlY2VlYmI2OTVlMTM3YzQwZWFk
NGVlNDRkNDllNDE4YTExYjdlMGM0MzBiMjM4NDIzMzFhZDZhMGFjZTVhMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqfXO7/M7F03kJRejdmJia0nbE8z
Hd2Un1ytal7XoOUaZB1Knz4egcRl+or974PHaHeu+ioLSYZSPKDfOPYhmsO/dZC2
S4HYIL0fMhszIil6tC8kdZ6wLdK2L6JFJMTnqv+vKdGJF5JEFovu942X+9eJYm7V
ja4gAUym/QVvAB77OciReu8pCK78OMmbCdJasxYEceKVDMketRJnrgrJx2b3V0wa
iVLxypnVKyD2x9FZDuZCT+cru4BYBigKXbST4M51qI1gGmThVfyMPFWhtL27tFBT
H1fCGvwpslWhRf+vCZsGXo5d2ytwZbmDEnyQiYHAZ/GRyCs7eqJfBwSePQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBdIxRF24XCmQIkm/ky3eKhQd26pMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MxOGIwODQ1LWZjOTUtNDFkNi1iNDc2LWFmNGUxZTQ2Njg0OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAn/iFMA0GCSqGSIb3DQEBCwUAA4IBAQB/eDJG7llyx9jWhvNO3N5h
+injLEDdVtPANAtc5Vph9HmC5acmVfo6py67S2OZTE2Nf0n1zJVdNaMVBI2J2o5k
JztwcsCQg63z0hb/ZdsP9cYWcFTlWwhm90jd+uvi/GCWMrMDpvmNcwHU3siqhDLZ
beZ0iVTAgBlLvn0uHD/sTvONGUP9WR3I5qjFAgdnAHLlaJC9EfFaDSxRzS9OVwDX
O9VircKBvL3kt/VVlI8EhEWEDpJ8xrqL6+oC8/79++Isg5ES6B/SMf0mv1vmmYpc
4trAOcvbzx1ON5a9IQeccnLOmXdwb861k2nVBHaFNKpHD1z2/Y/LyaIgTH7xfG/n
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:15:41 2025 by rpki-client