Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa
File:                     2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa (raw, json)
Hash identifier:          MG9kewkpdSnNhIhBlptfiEIpXGKPELBh5UcDo7cbCxs=
Subject key identifier:   10:53:41:B0:DD:72:55:17:B2:30:F8:AC:E3:8F:9B:65:BD:AE:0F:91
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       4868373899B6B5C930F8D0D957BC0435BCFF6613
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa
Signing time:             Fri 17 Oct 2025 00:01:23 +0000
ROA not before:           Fri 17 Oct 2025 00:01:23 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:68:37:38:99:b6:b5:c9:30:f8:d0:d9:57:bc:04:35:bc:ff:66:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000, serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Oct 17 00:01:23 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=597dd161a5401956b96d37938ebe5935ac048d1eac2ddd7e1d06e84f0dc09fc5, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e3:bf:8d:82:13:f8:85:fd:ed:03:df:25:e2:
                    e2:70:08:1b:dd:94:06:cc:16:27:58:e4:b6:fc:ef:
                    24:ff:7d:2a:d5:58:a3:b0:e9:e2:9a:02:77:ec:1b:
                    b9:94:61:c9:57:d2:85:66:cb:ab:01:e1:19:5d:4b:
                    b9:69:8e:bf:9f:48:70:99:68:10:21:84:a1:2e:0a:
                    cc:53:24:3e:f5:80:4e:ac:ed:cc:f6:b2:a5:08:75:
                    c4:c5:f7:87:f8:c3:3f:8d:0d:b4:72:38:ee:d4:af:
                    8b:b0:3b:8a:97:63:1a:42:5f:1d:06:58:ea:ea:7f:
                    b5:2a:c0:78:9a:32:3b:0d:fb:16:68:51:eb:ac:4a:
                    11:ff:be:70:61:08:93:94:6e:43:52:24:dc:ef:2e:
                    65:e0:90:af:17:c9:25:19:61:20:2f:9a:2d:75:4c:
                    c6:a3:79:21:f8:76:48:7d:e5:8c:f1:32:65:be:b3:
                    99:4b:b0:92:28:f0:06:14:7e:e9:5c:de:30:d2:fa:
                    35:6b:8e:b8:cf:21:2b:f0:c4:b9:ba:e6:a4:5f:91:
                    8d:33:b9:be:58:3d:eb:37:66:00:0a:3c:e6:ad:70:
                    9e:b4:07:77:50:eb:0d:4d:e4:37:90:bc:68:da:4d:
                    a0:ad:d7:d2:c2:b1:9f:af:dd:33:41:5f:79:90:2a:
                    9e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:53:41:B0:DD:72:55:17:B2:30:F8:AC:E3:8F:9B:65:BD:AE:0F:91
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/2f47dcdd-c384-4eb2-aefd-f4ad64f26cce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b5:63:bf:4c:ec:fb:99:71:82:5d:bf:20:a0:9f:4b:93:20:
         50:fd:6f:d6:77:aa:36:ec:63:23:9d:70:8d:17:52:1f:3b:ae:
         de:0c:c8:c2:7b:51:f6:fd:d0:1c:97:a6:e9:48:d2:77:c7:a4:
         64:dd:79:d7:cb:14:f2:76:f9:3d:4c:27:10:a5:68:8c:ea:3d:
         89:99:fa:d1:1e:42:2d:29:2e:3e:e6:58:06:cd:b5:a3:22:eb:
         df:36:4e:48:b4:11:a7:78:b2:44:ee:21:87:b9:de:36:01:cf:
         1d:00:e2:6b:97:cf:d7:2b:32:fa:9d:20:f3:fd:25:47:d4:df:
         5e:64:55:d5:2f:4f:47:c4:1f:f2:ee:69:4c:d3:43:5b:63:21:
         31:b6:1c:86:4f:44:d6:36:9f:f0:9e:8d:b6:66:d1:67:99:7e:
         8e:a1:68:4e:16:b9:51:e5:95:7b:80:3d:d5:3e:bb:fb:07:c6:
         73:c6:8b:f0:bd:e7:1a:a4:45:3b:ec:a4:70:ed:ee:e0:4e:69:
         9a:2f:fe:20:7f:1d:aa:ff:00:5e:49:de:3d:31:9b:c3:c2:c8:
         f9:19:ee:e4:35:68:be:bf:19:84:d6:8c:7d:e8:2c:85:14:9c:
         bd:09:9d:ae:5e:7f:23:62:12:6a:d4:dd:dc:5c:51:57:3e:b7:
         17:06:9a:f3
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUSGg3OJm2tckw+NDZV7wENbz/ZhMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MTAxNzAwMDEyM1oX
DTI1MTEyMTIzNTk1OVowejFJMEcGA1UEBRNANTk3ZGQxNjFhNTQwMTk1NmI5NmQz
NzkzOGViZTU5MzVhYzA0OGQxZWFjMmRkZDdlMWQwNmU4NGYwZGMwOWZjNTEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOO/jYIT+IX97QPfJeLicAgb3ZQG
zBYnWOS2/O8k/30q1VijsOnimgJ37Bu5lGHJV9KFZsurAeEZXUu5aY6/n0hwmWgQ
IYShLgrMUyQ+9YBOrO3M9rKlCHXExfeH+MM/jQ20cjju1K+LsDuKl2MaQl8dBljq
6n+1KsB4mjI7DfsWaFHrrEoR/75wYQiTlG5DUiTc7y5l4JCvF8klGWEgL5otdUzG
o3kh+HZIfeWM8TJlvrOZS7CSKPAGFH7pXN4w0vo1a464zyEr8MS5uuakX5GNM7m+
WD3rN2YACjzmrXCetAd3UOsNTeQ3kLxo2k2grdfSwrGfr90zQV95kCqe2QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBBTQbDdclUXsjD4rOOPm2W9rg+RMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzJmNDdkY2RkLWMzODQtNGViMi1hZWZkLWY0YWQ2NGYyNmNjZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQArynBMA0GCSqGSIb3DQEBCwUAA4IBAQCGtWO/TOz7mXGCXb8goJ9L
kyBQ/W/Wd6o27GMjnXCNF1IfO67eDMjCe1H2/dAcl6bpSNJ3x6Rk3XnXyxTydvk9
TCcQpWiM6j2JmfrRHkItKS4+5lgGzbWjIuvfNk5ItBGneLJE7iGHud42Ac8dAOJr
l8/XKzL6nSDz/SVH1N9eZFXVL09HxB/y7mlM00NbYyExthyGT0TWNp/wno22ZtFn
mX6OoWhOFrlR5ZV7gD3VPrv7B8ZzxovwvecapEU77KRw7e7gTmmaL/4gfx2q/wBe
Sd49MZvDwsj5Ge7kNWi+vxmE1ox96CyFFJy9CZ2uXn8jYhJq1N3cXFFXPrcXBprz
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:25:25 2025 by rpki-client