Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa
File:                     7cf17e61-b049-438c-8aaf-2d4714b51857.roa (raw, json)
Hash identifier:          7AbH4gQTGeuLBSDyLCLy3gz6CdxbsOUNjBEAqGGjMUE=
Subject key identifier:   8E:BE:7B:C5:EB:96:BB:A5:B5:6D:13:E9:DB:13:64:31:88:06:6B:17
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       0A044037378F33E2E5FEE6D02DE79AD7DAB4DA64
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa
Signing time:             Fri 17 Oct 2025 00:10:05 +0000
ROA not before:           Fri 17 Oct 2025 00:10:05 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fa:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:04:40:37:37:8f:33:e2:e5:fe:e6:d0:2d:e7:9a:d7:da:b4:da:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Oct 17 00:10:05 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=2f879547c1c2bd725ba9f450a45f2b2fae8baca9b00aa6a31ab787f158e3787f, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f0:0b:26:b3:66:ff:c6:f4:8f:dd:f1:ac:ce:
                    c1:10:54:94:d5:b4:1f:54:2b:60:b4:03:b8:31:25:
                    7e:2a:2b:1a:0c:0d:a1:7d:07:4d:af:06:df:77:e8:
                    b4:ee:b6:b3:95:68:03:7b:19:96:91:2a:14:a2:0b:
                    26:99:f8:85:a3:0e:26:47:e6:62:3c:f1:1d:af:ac:
                    4c:c6:80:99:66:98:ef:ee:1e:14:df:cd:c6:d4:cc:
                    c3:a5:ed:2f:ef:06:2b:bc:37:f0:6a:fc:04:3c:ae:
                    3f:cb:97:d0:62:dd:52:aa:04:58:55:4a:26:d4:cf:
                    0b:69:78:eb:1e:d3:2d:2e:2c:aa:b1:22:34:06:7c:
                    dd:86:53:2c:ed:23:24:c5:8e:87:43:25:f6:c5:9d:
                    70:cb:6b:19:bd:a2:1f:3b:e9:b4:92:06:81:60:b2:
                    c8:1f:55:db:18:b8:bd:de:ca:c3:6a:11:0a:f4:18:
                    cf:5d:fb:09:4e:58:51:46:09:81:31:ea:78:c1:d8:
                    86:03:79:7d:55:19:ec:7d:f7:a1:72:c8:83:2d:41:
                    50:2f:8d:77:5c:3b:bc:d0:60:8d:36:c7:3f:97:15:
                    4e:75:09:e3:65:82:21:e2:72:f4:a6:d3:88:e9:69:
                    e4:ac:a7:1a:b2:b8:ec:98:e9:45:1d:fc:af:a5:ea:
                    d3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BE:7B:C5:EB:96:BB:A5:B5:6D:13:E9:DB:13:64:31:88:06:6B:17
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fa:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:a7:5f:9a:a4:7a:cd:1a:44:61:76:cc:89:9a:8c:d7:68:05:
         b8:c6:c5:5c:3c:6c:ed:4f:81:03:62:c2:75:b4:24:8c:98:59:
         af:c3:a8:c2:e9:92:57:a1:c6:26:e3:23:d4:f5:d6:de:e4:b5:
         93:fe:ea:70:f4:df:01:17:34:61:d4:b9:c5:e4:ce:1a:80:77:
         79:b0:46:ae:72:1f:ac:fc:27:59:e0:f8:1d:85:77:a1:26:7f:
         de:b9:c9:53:8c:e0:2e:91:50:8a:b1:6d:26:5e:27:49:75:72:
         ea:26:ed:f5:5b:c2:0b:74:d3:d6:23:a4:d5:52:3f:46:6b:fa:
         c8:ee:80:4b:e1:1e:81:fe:0f:49:84:01:87:d7:b3:16:d4:cb:
         9e:84:35:4d:35:f8:b0:f2:c1:6f:59:15:a1:44:81:57:47:ca:
         e8:c1:bb:b8:d3:f9:4e:be:c2:ae:85:c5:a4:26:bf:6e:a3:d0:
         23:fd:65:81:4d:12:61:01:95:a0:43:fa:7e:4d:72:b5:22:58:
         8a:98:f1:26:6c:2c:10:9a:92:01:36:84:2b:ab:b8:4a:f0:0a:
         63:8a:67:ed:1a:71:11:67:ad:ad:7a:3b:62:3b:64:69:b7:44:
         f6:b0:3a:6d:2c:5c:92:26:74:16:1e:05:7f:1c:f7:70:b1:c1:
         f6:f3:95:66
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUCgRANzePM+Ll/ubQLeea19q02mQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MTAxNzAwMTAwNVoX
DTI1MTEyMTIzNTk1OVowejFJMEcGA1UEBRNAMmY4Nzk1NDdjMWMyYmQ3MjViYTlm
NDUwYTQ1ZjJiMmZhZThiYWNhOWIwMGFhNmEzMWFiNzg3ZjE1OGUzNzg3ZjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/ALJrNm/8b0j93xrM7BEFSU1bQf
VCtgtAO4MSV+KisaDA2hfQdNrwbfd+i07razlWgDexmWkSoUogsmmfiFow4mR+Zi
PPEdr6xMxoCZZpjv7h4U383G1MzDpe0v7wYrvDfwavwEPK4/y5fQYt1SqgRYVUom
1M8LaXjrHtMtLiyqsSI0BnzdhlMs7SMkxY6HQyX2xZ1wy2sZvaIfO+m0kgaBYLLI
H1XbGLi93srDahEK9BjPXfsJTlhRRgmBMep4wdiGA3l9VRnsffehcsiDLUFQL413
XDu80GCNNsc/lxVOdQnjZYIh4nL0ptOI6WnkrKcasrjsmOlFHfyvperTdwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFI6+e8XrlrultW0T6dsTZDGIBmsXMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzdjZjE3ZTYxLWIwNDktNDM4Yy04YWFmLTJkNDcxNGI1MTg1Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+kAwDQYJKoZIhvcNAQELBQADggEBAJ2nX5qkes0aRGF2zIma
jNdoBbjGxVw8bO1PgQNiwnW0JIyYWa/DqMLpklehxibjI9T11t7ktZP+6nD03wEX
NGHUucXkzhqAd3mwRq5yH6z8J1ng+B2Fd6Emf965yVOM4C6RUIqxbSZeJ0l1cuom
7fVbwgt009YjpNVSP0Zr+sjugEvhHoH+D0mEAYfXsxbUy56ENU01+LDywW9ZFaFE
gVdHyujBu7jT+U6+wq6FxaQmv26j0CP9ZYFNEmEBlaBD+n5NcrUiWIqY8SZsLBCa
kgE2hCuruErwCmOKZ+0acRFnra16O2I7ZGm3RPawOm0sXJImdBYeBX8c93Cxwfbz
lWY=
-----END CERTIFICATE-----
Generated at Tue Oct 21 00:12:49 2025 by rpki-client