Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/005a9212-fea0-4bc0-be12-084b81124b8f.roa
File:                     005a9212-fea0-4bc0-be12-084b81124b8f.roa (raw, json)
Hash identifier:          Z2S5iaRbZkdtbCzW3pZFV5udxS5U+fsSTWRqbba2ct0=
Subject key identifier:   DE:E0:70:B8:5F:AB:68:B2:61:99:B6:73:56:DC:CE:FE:05:5E:D0:6E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       46F17AEAEAFF9B97ABA7A143CBED04039F30D6AE
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/005a9212-fea0-4bc0-be12-084b81124b8f.roa
Signing time:             Mon 28 Jul 2025 15:01:28 +0000
ROA not before:           Mon 28 Jul 2025 15:01:28 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:7040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:f1:7a:ea:ea:ff:9b:97:ab:a7:a1:43:cb:ed:04:03:9f:30:d6:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 28 15:01:28 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=963bc1bec2ed3e9bb05a894fdf5af96d96a69dbff4101e12e95eb76a35f66af5, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ff:8b:9d:fd:3b:40:8c:53:7e:9a:43:9a:41:
                    17:d3:38:71:64:5c:50:c0:f8:d8:50:31:19:49:13:
                    f2:2c:06:aa:a8:e7:6e:03:b2:25:1f:3a:7a:b0:26:
                    c9:92:18:70:f4:89:32:88:cc:c2:ec:8b:d3:e9:a1:
                    05:e1:4e:8a:c2:bf:9f:f5:81:a9:f1:e0:14:6e:30:
                    76:54:e1:9d:31:86:77:4b:50:df:e2:4f:4b:71:92:
                    5c:19:9d:4c:a0:24:34:79:e2:1a:39:8d:6f:97:1b:
                    bb:0c:45:2a:a3:1f:ec:60:89:0f:9e:75:0f:7e:f0:
                    97:51:d8:8b:02:0d:b5:1c:e6:c3:cc:c9:8c:e3:be:
                    3a:2e:5c:00:74:55:70:a0:78:73:b3:6e:ce:bd:65:
                    bb:53:7d:f9:fc:b9:e7:32:ad:8f:9b:a3:c6:ea:80:
                    5d:55:6d:0b:88:f6:e7:09:25:87:fa:8d:10:dd:c4:
                    e4:7a:05:22:67:0e:87:74:27:4f:eb:6d:7b:79:ff:
                    48:66:ac:81:4d:8e:e5:8d:2a:46:df:2a:30:07:0f:
                    1d:4e:9f:85:34:8c:4a:4b:aa:87:1f:89:6c:db:6a:
                    c1:cc:7b:9d:fd:05:6b:62:59:a4:70:26:72:d0:51:
                    9a:16:92:ac:ea:ae:43:7c:8a:c7:ed:70:cb:f5:1b:
                    eb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E0:70:B8:5F:AB:68:B2:61:99:B6:73:56:DC:CE:FE:05:5E:D0:6E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/005a9212-fea0-4bc0-be12-084b81124b8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:7040::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:37:1f:5c:6e:a2:8d:15:17:c3:dd:ff:b9:d6:8d:d8:de:f4:
         48:5a:f4:64:f7:00:51:99:8b:86:9f:82:0a:cc:fa:5a:bb:cf:
         0c:d8:f3:89:f1:1c:20:39:fb:3f:43:05:6f:8b:d0:bf:14:bb:
         c6:cd:39:fd:3d:62:77:cd:d3:20:5b:c9:29:ae:2f:e4:80:28:
         e4:26:a5:89:bb:42:6c:77:a3:83:a2:62:fd:03:03:08:f3:fc:
         64:56:94:01:0a:d0:b6:30:55:58:08:70:a2:a6:41:ac:ce:a4:
         48:d5:6f:0c:05:e5:86:83:e7:a6:fd:ba:49:d3:28:4a:9c:22:
         45:e5:67:35:4a:2a:a2:f0:44:10:5d:9f:68:f5:d4:c9:5e:bd:
         d5:b3:77:41:5f:d4:79:95:8b:ef:32:cf:c9:3a:62:87:f6:93:
         99:3b:59:b3:0e:93:56:c9:3b:0a:79:d4:71:20:77:6d:c4:20:
         5c:a8:15:06:12:85:a6:1e:66:c0:c0:27:e6:c9:7e:1a:21:7e:
         58:77:8e:3a:35:cd:18:2a:0a:b1:94:2c:2c:f6:dd:db:93:f6:
         65:b3:f1:3c:2a:24:05:c8:6a:24:87:72:e5:41:85:0b:78:53:
         e1:b7:44:d4:6e:5b:0d:04:d7:52:87:f7:37:c1:5d:ed:16:49:
         5b:b6:80:c9
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIURvF66ur/m5erp6FDy+0EA58w1q4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyODE1MDEyOFoX
DTI1MDkwMTIzNTk1OVowejFJMEcGA1UEBRNAOTYzYmMxYmVjMmVkM2U5YmIwNWE4
OTRmZGY1YWY5NmQ5NmE2OWRiZmY0MTAxZTEyZTk1ZWI3NmEzNWY2NmFmNTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlP+Lnf07QIxTfppDmkEX0zhxZFxQ
wPjYUDEZSRPyLAaqqOduA7IlHzp6sCbJkhhw9IkyiMzC7IvT6aEF4U6Kwr+f9YGp
8eAUbjB2VOGdMYZ3S1Df4k9LcZJcGZ1MoCQ0eeIaOY1vlxu7DEUqox/sYIkPnnUP
fvCXUdiLAg21HObDzMmM4746LlwAdFVwoHhzs27OvWW7U335/LnnMq2Pm6PG6oBd
VW0LiPbnCSWH+o0Q3cTkegUiZw6HdCdP6217ef9IZqyBTY7ljSpG3yowBw8dTp+F
NIxKS6qHH4ls22rBzHud/QVrYlmkcCZy0FGaFpKs6q5DfIrH7XDL9Rvr+QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFN7gcLhfq2iyYZm2c1bczv4FXtBuMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAwNWE5MjEyLWZlYTAtNGJjMC1iZTEyLTA4NGI4MTEyNGI4Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaAHBAMA0GCSqGSIb3DQEBCwUAA4IBAQCiNx9cbqKNFRfD3f+5
1o3Y3vRIWvRk9wBRmYuGn4IKzPpau88M2POJ8RwgOfs/QwVvi9C/FLvGzTn9PWJ3
zdMgW8kpri/kgCjkJqWJu0Jsd6ODomL9AwMI8/xkVpQBCtC2MFVYCHCipkGszqRI
1W8MBeWGg+em/bpJ0yhKnCJF5Wc1Siqi8EQQXZ9o9dTJXr3Vs3dBX9R5lYvvMs/J
OmKH9pOZO1mzDpNWyTsKedRxIHdtxCBcqBUGEoWmHmbAwCfmyX4aIX5Yd446Nc0Y
KgqxlCws9t3bk/Zls/E8KiQFyGokh3LlQYULeFPht0TUblsNBNdSh/c3wV3tFklb
toDJ
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:03:58 2025 by rpki-client