Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c18b0845-fc95-41d6-b476-af4e1e466849.roa
File:                     c18b0845-fc95-41d6-b476-af4e1e466849.roa (raw, json)
Hash identifier:          1qCT2IAmbrL6ggBAizoqvmMijAOFpynSDLesioUlgsA=
Subject key identifier:   9A:D0:12:40:92:97:CE:37:58:89:01:AF:7C:40:AC:D2:46:34:FC:A4
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       2245C1DA94BAF645286ED3082FFB616F303F594E
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c18b0845-fc95-41d6-b476-af4e1e466849.roa
Signing time:             Sat 04 Oct 2025 00:00:05 +0000
ROA not before:           Sat 04 Oct 2025 00:00:05 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:45:c1:da:94:ba:f6:45:28:6e:d3:08:2f:fb:61:6f:30:3f:59:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Oct  4 00:00:05 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=c81593e3b34ab728009e526a3f8db40409c448191bbbe2402d1ab65529dd37d5, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7d:23:a5:cf:c6:07:71:17:00:96:b7:23:f4:
                    a8:0a:40:73:cf:7b:64:8f:9c:87:68:3f:85:9e:2d:
                    54:d0:9e:e1:09:c4:14:de:34:d5:a0:d4:b6:a2:b9:
                    92:50:85:07:2c:a9:f2:57:a3:db:14:6a:9d:05:52:
                    c7:2b:b5:68:2c:d6:96:70:9f:38:88:cf:11:38:f8:
                    ff:a5:ab:20:98:26:6e:90:92:07:17:d0:bd:96:3d:
                    d2:f9:6f:96:f4:22:5e:a2:e2:dd:99:57:3d:98:83:
                    49:8b:1f:c1:5c:ae:db:1b:16:62:11:3d:ec:53:be:
                    b0:e6:c9:df:af:b1:1f:48:39:33:8e:4c:10:99:aa:
                    dc:49:c3:85:2d:ec:36:62:f4:fb:84:83:98:dc:b0:
                    db:ce:31:3f:d9:09:3d:7d:37:c1:73:58:bb:cb:e6:
                    e6:09:04:2f:80:57:fe:15:12:17:13:30:20:8f:a9:
                    f6:bf:83:86:ca:46:73:be:67:7d:08:d5:dc:de:9c:
                    d4:67:dd:18:cc:df:1a:eb:89:f7:24:b2:86:33:b5:
                    54:95:3f:3a:5d:1d:ed:eb:85:bc:82:34:0b:12:ab:
                    91:84:60:1b:9c:31:55:08:bc:ad:bd:1c:cb:55:6a:
                    6b:9b:0b:fe:f0:7a:d0:8f:87:d0:99:35:58:92:b8:
                    5c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D0:12:40:92:97:CE:37:58:89:01:AF:7C:40:AC:D2:46:34:FC:A4
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c18b0845-fc95-41d6-b476-af4e1e466849.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:42:da:0b:2d:fa:33:f2:52:65:8f:1c:4d:76:e0:34:08:21:
         5b:e9:7a:5f:48:3b:9f:f8:0b:36:05:4b:93:42:e5:d8:76:84:
         4f:9b:fc:45:00:07:37:22:48:b3:0e:76:63:2f:9e:45:0d:37:
         e9:23:42:50:e0:34:3f:f0:8b:6a:58:81:f0:60:f9:a0:f5:67:
         aa:74:d3:6c:c2:5f:a3:ac:73:17:d0:4d:76:00:d7:f5:b1:b1:
         dc:1a:84:0e:db:31:f8:b8:57:d5:cb:50:24:bb:83:85:b1:a1:
         9f:4c:cf:12:62:0f:9a:a2:6b:dd:7f:64:5c:ed:fd:77:de:f5:
         5a:04:b1:04:e5:e9:41:88:48:99:ff:11:47:8a:a8:ef:8c:dc:
         ff:1f:a0:fb:5f:5c:54:d6:f9:cf:5b:bd:21:1c:0d:ff:ce:3e:
         be:64:c9:27:b2:92:3a:c4:0b:22:00:d7:5f:71:85:d2:79:68:
         8b:20:ef:4e:cd:51:64:31:69:0a:3d:ef:be:12:48:e2:7f:c2:
         34:cc:54:4c:b6:8c:7b:fa:42:4c:90:34:f5:e0:3d:51:d0:cf:
         e2:c0:0b:5b:92:a0:39:58:29:86:1c:45:83:35:3f:f9:88:24:
         1c:13:11:84:ac:be:6b:21:81:58:9e:9d:cd:18:b3:bf:66:aa:
         a0:6d:34:72
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUIkXB2pS69kUobtMIL/thbzA/WU4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MTAwNDAwMDAwNVoX
DTI1MTEwODIzNTk1OVowejFJMEcGA1UEBRNAYzgxNTkzZTNiMzRhYjcyODAwOWU1
MjZhM2Y4ZGI0MDQwOWM0NDgxOTFiYmJlMjQwMmQxYWI2NTUyOWRkMzdkNTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu30jpc/GB3EXAJa3I/SoCkBzz3tk
j5yHaD+Fni1U0J7hCcQU3jTVoNS2ormSUIUHLKnyV6PbFGqdBVLHK7VoLNaWcJ84
iM8ROPj/pasgmCZukJIHF9C9lj3S+W+W9CJeouLdmVc9mINJix/BXK7bGxZiET3s
U76w5snfr7EfSDkzjkwQmarcScOFLew2YvT7hIOY3LDbzjE/2Qk9fTfBc1i7y+bm
CQQvgFf+FRIXEzAgj6n2v4OGykZzvmd9CNXc3pzUZ90YzN8a64n3JLKGM7VUlT86
XR3t64W8gjQLEquRhGAbnDFVCLytvRzLVWprmwv+8HrQj4fQmTVYkrhcBQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFJrQEkCSl843WIkBr3xArNJGNPykMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MxOGIwODQ1LWZjOTUtNDFkNi1iNDc2LWFmNGUxZTQ2Njg0OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAn/iFMA0GCSqGSIb3DQEBCwUAA4IBAQCXQtoLLfoz8lJljxxNduA0
CCFb6XpfSDuf+As2BUuTQuXYdoRPm/xFAAc3IkizDnZjL55FDTfpI0JQ4DQ/8Itq
WIHwYPmg9WeqdNNswl+jrHMX0E12ANf1sbHcGoQO2zH4uFfVy1Aku4OFsaGfTM8S
Yg+aomvdf2Rc7f133vVaBLEE5elBiEiZ/xFHiqjvjNz/H6D7X1xU1vnPW70hHA3/
zj6+ZMknspI6xAsiANdfcYXSeWiLIO9OzVFkMWkKPe++Ekjif8I0zFRMtox7+kJM
kDT14D1R0M/iwAtbkqA5WCmGHEWDNT/5iCQcExGErL5rIYFYnp3NGLO/ZqqgbTRy
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:22:32 2025 by rpki-client