Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/b3ba338e-4843-454b-abe5-65f09756225a.roa
File:                     b3ba338e-4843-454b-abe5-65f09756225a.roa (raw, json)
Hash identifier:          wpY4uD+9FOqqjUhYtknswcsvsVNhyrIpyUW61BPDV10=
Subject key identifier:   2C:45:0C:CA:20:EB:74:39:33:64:ED:A5:54:8B:25:CC:51:FD:1E:11
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       54CC255360A10BACA3E5008612D7E49A7C6C5779
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/b3ba338e-4843-454b-abe5-65f09756225a.roa
Signing time:             Fri 17 Oct 2025 00:01:24 +0000
ROA not before:           Fri 17 Oct 2025 00:01:24 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:cc:25:53:60:a1:0b:ac:a3:e5:00:86:12:d7:e4:9a:7c:6c:57:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000, serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Oct 17 00:01:24 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=1f3db897d67ae68334113705b6de3034bc84f81ee6bc9607f3ab70f410d2a471, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f4:78:77:0b:a5:2f:45:2c:c9:68:f6:03:72:
                    6d:3f:11:45:d0:20:6d:1c:e5:cd:15:22:01:30:24:
                    88:b0:11:a1:85:e3:85:13:49:5a:3f:cb:a8:1b:c5:
                    85:24:93:f8:b9:a7:26:7f:07:f2:41:2f:68:08:c8:
                    da:3a:f0:9f:10:ca:6c:15:a2:0a:d6:01:a3:b9:80:
                    d4:64:f1:6b:f5:f0:43:a6:e7:98:78:28:db:9c:36:
                    43:34:69:99:05:08:9f:3c:34:40:b7:a8:86:cc:72:
                    a0:1a:c2:07:8f:02:31:57:87:ce:6a:08:3e:04:6e:
                    71:1c:eb:06:c8:f3:15:03:28:30:fd:52:1e:aa:6c:
                    98:86:3d:2b:16:69:4a:66:4e:fa:33:66:6c:2b:d4:
                    6e:aa:bd:e2:4d:ce:01:64:11:6b:80:b6:1e:2d:a6:
                    83:d1:12:94:35:81:97:41:f2:d0:0f:58:73:7c:57:
                    88:0f:5e:35:9d:ce:96:33:bd:1e:ee:60:e1:2b:ab:
                    50:6c:c0:0f:a0:2a:3a:9c:83:a8:aa:c8:f1:7c:45:
                    f1:fe:76:4c:04:e6:be:dc:01:45:32:ce:a0:b0:56:
                    0c:70:dc:14:70:7b:51:ab:95:91:54:39:b1:54:48:
                    22:3b:52:ca:1f:67:ec:43:a9:24:b8:f5:60:2c:ef:
                    4f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:45:0C:CA:20:EB:74:39:33:64:ED:A5:54:8B:25:CC:51:FD:1E:11
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/b3ba338e-4843-454b-abe5-65f09756225a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:51:c9:59:1e:b6:fb:32:2f:de:18:89:84:53:83:b4:b6:90:
         eb:b1:df:ed:48:1f:06:d0:c1:28:34:cc:02:bf:77:f0:c2:d9:
         a5:6f:ae:8f:92:8c:e1:22:ef:47:08:73:e5:cf:4e:8e:98:90:
         75:e1:dd:0b:3d:66:73:d1:3a:66:f8:c9:84:d5:6d:cb:2c:81:
         cd:6c:25:36:06:21:ca:3f:00:b3:24:7c:ac:84:c8:76:17:de:
         06:6c:4d:31:68:c4:5f:55:63:2a:3a:f7:7d:80:c3:7e:7a:11:
         0e:25:59:76:a0:af:da:d3:dc:6b:89:fa:6f:e9:ef:8d:09:0f:
         d4:b1:8a:c1:0f:aa:29:0e:64:fc:f3:01:d6:f5:e4:03:da:b6:
         49:d6:6e:e0:9f:eb:d8:ab:d8:d8:eb:fc:6e:81:15:50:d7:79:
         3a:0c:5c:bf:ff:74:cd:9a:5f:43:1b:df:59:c9:44:f8:bb:99:
         4b:fd:6f:f1:fa:ea:27:a8:14:7d:c1:48:8b:11:20:c0:31:af:
         67:72:a4:cb:a6:b5:71:31:e9:bc:5d:05:55:25:4b:f6:f2:fc:
         b1:3e:49:18:df:1d:db:c2:2f:96:00:84:24:35:59:65:87:34:
         1e:f0:fd:85:fb:27:d5:82:13:fe:e6:ff:7c:17:3b:e0:ad:35:
         6e:8f:5d:9b
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUVMwlU2ChC6yj5QCGEtfkmnxsV3kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI1MTAxNzAwMDEyNFoX
DTI1MTEyMTIzNTk1OVowejFJMEcGA1UEBRNAMWYzZGI4OTdkNjdhZTY4MzM0MTEz
NzA1YjZkZTMwMzRiYzg0ZjgxZWU2YmM5NjA3ZjNhYjcwZjQxMGQyYTQ3MTEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/R4dwulL0UsyWj2A3JtPxFF0CBt
HOXNFSIBMCSIsBGhheOFE0laP8uoG8WFJJP4uacmfwfyQS9oCMjaOvCfEMpsFaIK
1gGjuYDUZPFr9fBDpueYeCjbnDZDNGmZBQifPDRAt6iGzHKgGsIHjwIxV4fOagg+
BG5xHOsGyPMVAygw/VIeqmyYhj0rFmlKZk76M2ZsK9Ruqr3iTc4BZBFrgLYeLaaD
0RKUNYGXQfLQD1hzfFeID141nc6WM70e7mDhK6tQbMAPoCo6nIOoqsjxfEXx/nZM
BOa+3AFFMs6gsFYMcNwUcHtRq5WRVDmxVEgiO1LKH2fsQ6kkuPVgLO9PNQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCxFDMog63Q5M2TtpVSLJcxR/R4RMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
L2IzYmEzMzhlLTQ4NDMtNDU0Yi1hYmU1LTY1ZjA5NzU2MjI1YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQArynAMA0GCSqGSIb3DQEBCwUAA4IBAQB7UclZHrb7Mi/eGImEU4O0
tpDrsd/tSB8G0MEoNMwCv3fwwtmlb66PkozhIu9HCHPlz06OmJB14d0LPWZz0Tpm
+MmE1W3LLIHNbCU2BiHKPwCzJHyshMh2F94GbE0xaMRfVWMqOvd9gMN+ehEOJVl2
oK/a09xrifpv6e+NCQ/UsYrBD6opDmT88wHW9eQD2rZJ1m7gn+vYq9jY6/xugRVQ
13k6DFy//3TNml9DG99ZyUT4u5lL/W/x+uonqBR9wUiLESDAMa9ncqTLprVxMem8
XQVVJUv28vyxPkkY3x3bwi+WAIQkNVllhzQe8P2F+yfVghP+5v98FzvgrTVuj12b
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:36:40 2025 by rpki-client