Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa
File:                     82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa (raw, json)
Hash identifier:          NGORYJxJDltdkPEKBqejniUJY2TikteZ0OUxWGR4rZY=
Subject key identifier:   77:BD:86:C9:E1:60:78:12:F5:89:C1:BB:58:8A:7A:1C:40:EF:58:57
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       2051B68A2994A0840A13D992A547A9871DCB6EC8
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa
Signing time:             Fri 17 Oct 2025 00:01:26 +0000
ROA not before:           Fri 17 Oct 2025 00:01:26 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:51:b6:8a:29:94:a0:84:0a:13:d9:92:a5:47:a9:87:1d:cb:6e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000, serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Oct 17 00:01:26 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=085702e4514e14a8951230184bf41a447e10ab16fb08978743010e82eb7c112f, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4d:db:95:ec:39:d0:f7:90:88:5a:79:24:17:
                    e7:77:4f:ab:1b:79:0c:47:35:09:6f:fa:f5:f7:05:
                    2e:66:b6:dc:a3:5c:d4:87:67:19:f1:fd:c8:ca:c2:
                    f6:8e:68:64:a7:96:cc:01:d9:9a:45:ef:ed:e5:5a:
                    82:c5:96:5b:56:2e:b8:fb:70:62:51:bb:49:30:08:
                    9b:9a:50:c1:62:e0:4c:db:3a:10:e3:b5:b0:00:fa:
                    bf:ee:8e:cc:30:3d:12:86:91:a9:c2:0b:ea:0e:85:
                    68:4a:6f:22:a8:0a:7c:88:65:26:11:0f:0b:56:24:
                    fa:64:35:95:7d:bc:f5:67:5d:35:f0:9a:2f:4e:12:
                    18:86:22:fa:a2:13:ce:5c:52:b9:33:de:02:0b:29:
                    45:a2:fa:3e:57:2b:2c:01:41:65:d5:6e:12:5d:dd:
                    aa:94:a1:d8:9a:ff:1f:dd:6c:28:3a:50:08:32:e9:
                    e8:25:4b:74:88:1e:59:cf:ca:c6:42:a7:e9:6b:fe:
                    68:71:d4:ea:17:6d:48:64:b3:d9:bb:8e:95:39:f3:
                    06:50:44:37:c5:5b:55:f1:7e:ec:96:03:01:0c:51:
                    8f:5f:24:0d:ba:91:dc:28:62:25:58:dc:4b:80:f3:
                    f4:0a:12:b3:da:68:86:10:c8:53:3d:3c:ce:d1:1a:
                    0b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:BD:86:C9:E1:60:78:12:F5:89:C1:BB:58:8A:7A:1C:40:EF:58:57
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/82456ff2-f8c4-4c5a-9458-82d909f83f7d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:53:79:86:a8:13:95:a2:10:c5:8b:47:22:18:07:6b:d8:0a:
         5f:72:7a:41:01:74:a1:15:e0:9a:0e:4d:ef:3a:9c:ad:3b:72:
         36:12:7a:c8:7c:85:ed:69:62:a5:0d:da:0c:af:3c:1d:c5:b8:
         44:68:2c:f4:f7:cb:66:d3:6b:2d:38:03:78:03:01:4b:b2:9d:
         ec:9e:86:88:02:83:df:95:89:9a:c9:5e:32:36:23:bd:9c:43:
         65:11:45:59:47:ca:be:9a:d2:ab:cf:88:27:e7:f8:56:a9:45:
         8f:52:6e:34:9e:4c:ad:ad:d1:d9:4c:54:ef:a5:08:9d:8e:b3:
         da:66:b7:ee:2c:1b:ef:b4:ac:31:a9:81:90:9d:d7:84:ca:55:
         87:f8:38:fb:69:5e:1a:4f:02:b9:72:27:d3:66:d0:88:6b:d3:
         13:a0:bc:15:5c:00:f8:93:0f:a4:21:4e:a4:db:4a:9b:00:4a:
         bc:81:34:9c:51:3c:99:c5:1a:6c:33:13:bc:1a:0e:dd:fe:7a:
         ee:81:a0:61:ea:81:b6:a4:bf:54:e0:83:0d:a6:d2:f7:c2:db:
         33:e5:d3:23:a9:c2:91:ee:a5:f4:a2:3b:a2:71:1c:6d:4c:6a:
         22:a8:6b:be:ba:ce:b8:9c:14:f9:fd:93:26:89:88:93:9c:47:
         a7:3e:ad:2e
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUIFG2iimUoIQKE9mSpUephx3LbsgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MTAxNzAwMDEyNloX
DTI1MTEyMTIzNTk1OVowejFJMEcGA1UEBRNAMDg1NzAyZTQ1MTRlMTRhODk1MTIz
MDE4NGJmNDFhNDQ3ZTEwYWIxNmZiMDg5Nzg3NDMwMTBlODJlYjdjMTEyZjEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3E3blew50PeQiFp5JBfnd0+rG3kM
RzUJb/r19wUuZrbco1zUh2cZ8f3IysL2jmhkp5bMAdmaRe/t5VqCxZZbVi64+3Bi
UbtJMAibmlDBYuBM2zoQ47WwAPq/7o7MMD0ShpGpwgvqDoVoSm8iqAp8iGUmEQ8L
ViT6ZDWVfbz1Z1018JovThIYhiL6ohPOXFK5M94CCylFovo+VyssAUFl1W4SXd2q
lKHYmv8f3WwoOlAIMunoJUt0iB5Zz8rGQqfpa/5ocdTqF21IZLPZu46VOfMGUEQ3
xVtV8X7slgMBDFGPXyQNupHcKGIlWNxLgPP0ChKz2miGEMhTPTzO0RoLFwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFHe9hsnhYHgS9YnBu1iKehxA71hXMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzgyNDU2ZmYyLWY4YzQtNGM1YS05NDU4LTgyZDkwOWY4M2Y3ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCrynEMA0GCSqGSIb3DQEBCwUAA4IBAQBOU3mGqBOVohDFi0ciGAdr
2ApfcnpBAXShFeCaDk3vOpytO3I2EnrIfIXtaWKlDdoMrzwdxbhEaCz098tm02st
OAN4AwFLsp3snoaIAoPflYmayV4yNiO9nENlEUVZR8q+mtKrz4gn5/hWqUWPUm40
nkytrdHZTFTvpQidjrPaZrfuLBvvtKwxqYGQndeEylWH+Dj7aV4aTwK5cifTZtCI
a9MToLwVXAD4kw+kIU6k20qbAEq8gTScUTyZxRpsMxO8Gg7d/nrugaBh6oG2pL9U
4IMNptL3wtsz5dMjqcKR7qX0ojuicRxtTGoiqGu+us64nBT5/ZMmiYiTnEenPq0u
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:15:52 2025 by rpki-client