Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/30151f9e-f6c9-40d6-bebe-daced959a278.roa
File:                     30151f9e-f6c9-40d6-bebe-daced959a278.roa (raw, json)
Hash identifier:          410NwdERoSVLB1vpcB/F8nQD8setyvdDszhuQsbw6o8=
Subject key identifier:   F3:C6:9D:04:D7:63:01:D6:82:E4:E4:D6:96:08:D9:19:33:48:A8:D7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5167C0E9E195CFB383604CF1E1A6F7F8B2267166
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/30151f9e-f6c9-40d6-bebe-daced959a278.roa
Signing time:             Mon 28 Jul 2025 15:20:51 +0000
ROA not before:           Mon 28 Jul 2025 15:20:51 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:2880::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:67:c0:e9:e1:95:cf:b3:83:60:4c:f1:e1:a6:f7:f8:b2:26:71:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 28 15:20:51 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=b5bd387536854974b27b924d249caad3890fd25a768469df561eef01541f6f24, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:34:5d:48:2d:ea:40:a1:0c:b2:6a:f1:17:65:
                    ac:5f:ec:08:8f:85:08:0c:25:c8:d2:50:fb:63:32:
                    92:43:31:fe:4b:b3:3d:cc:49:17:98:d3:e0:a8:29:
                    c4:05:a1:ce:47:a1:2b:75:dc:ca:55:94:c1:3b:ae:
                    68:72:40:b6:01:4f:02:6b:5e:19:1b:d7:e9:3b:5f:
                    49:1d:4c:2b:fa:1f:87:1c:ff:b4:42:86:04:6e:96:
                    35:76:42:49:1d:96:7c:df:08:09:c8:3f:54:ff:7f:
                    4f:80:5f:70:02:eb:d9:f0:74:fa:a5:96:50:33:2d:
                    5f:41:1d:6f:a1:e7:17:d3:21:c5:38:2d:47:8e:de:
                    63:0d:b0:32:32:79:01:fa:7c:4b:37:af:3b:f0:ac:
                    dd:3c:3b:49:2f:00:4f:ab:19:37:80:9b:5a:f5:f7:
                    c5:fb:60:94:b9:16:44:e8:53:bf:60:9b:73:08:dc:
                    8f:24:b9:c4:20:85:51:c5:38:34:eb:2b:93:78:4e:
                    11:24:b5:09:35:a2:68:41:28:d5:e0:b6:35:6b:bd:
                    85:78:f8:b9:9b:f2:e7:4e:28:3f:06:78:87:d6:fd:
                    2d:0f:2a:2f:02:a8:e0:ef:15:77:b1:99:04:d9:d8:
                    1c:21:11:66:88:80:c8:d7:a5:36:2e:08:ec:d7:2e:
                    b9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C6:9D:04:D7:63:01:D6:82:E4:E4:D6:96:08:D9:19:33:48:A8:D7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/30151f9e-f6c9-40d6-bebe-daced959a278.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:2880::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:80:b4:db:9b:b8:cd:31:dc:d0:b0:8c:32:7e:ee:22:48:f9:
         bf:50:05:e6:4b:63:5b:44:a9:45:63:3c:16:ac:1d:0b:35:8e:
         c1:b7:44:ac:1a:5c:35:55:c6:22:06:85:33:c4:7f:cb:15:03:
         34:30:8d:db:2a:b6:6d:19:e9:30:cd:30:b2:dc:e5:8c:24:50:
         5e:17:ee:8f:70:bc:3d:4a:d9:c0:f4:7f:2d:e2:48:a8:14:63:
         58:58:c4:f3:8a:e1:83:8d:38:8a:1e:1c:98:6a:72:78:e6:49:
         b6:c1:5a:da:2c:78:56:90:be:65:e3:51:7d:2f:e3:53:c1:5f:
         32:dd:54:12:53:74:90:dc:37:07:81:85:cd:66:79:c5:86:eb:
         c9:4e:b9:1c:cc:8c:a5:52:85:1d:3e:2c:15:b2:e5:41:21:73:
         0c:43:e7:d0:db:90:6c:34:b2:ff:58:d7:c2:0e:11:84:42:24:
         96:52:b9:fd:f8:93:01:d8:f7:1f:c7:2f:4e:22:01:b9:90:46:
         36:13:0b:23:26:3b:73:45:74:d7:ab:a1:a9:a7:c2:a3:e6:c2:
         95:17:ff:c6:c2:b2:ed:31:0b:fd:13:f4:55:99:c6:c6:0d:c6:
         ec:ac:75:98:82:d6:56:46:a2:fe:66:e2:24:7c:1f:83:9f:f0:
         76:26:8e:ae
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUUWfA6eGVz7ODYEzx4ab3+LImcWYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyODE1MjA1MVoX
DTI1MDkwMTIzNTk1OVowejFJMEcGA1UEBRNAYjViZDM4NzUzNjg1NDk3NGIyN2I5
MjRkMjQ5Y2FhZDM4OTBmZDI1YTc2ODQ2OWRmNTYxZWVmMDE1NDFmNmYyNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DRdSC3qQKEMsmrxF2WsX+wIj4UI
DCXI0lD7YzKSQzH+S7M9zEkXmNPgqCnEBaHOR6ErddzKVZTBO65ockC2AU8Ca14Z
G9fpO19JHUwr+h+HHP+0QoYEbpY1dkJJHZZ83wgJyD9U/39PgF9wAuvZ8HT6pZZQ
My1fQR1voecX0yHFOC1Hjt5jDbAyMnkB+nxLN6878KzdPDtJLwBPqxk3gJta9ffF
+2CUuRZE6FO/YJtzCNyPJLnEIIVRxTg06yuTeE4RJLUJNaJoQSjV4LY1a72FePi5
m/LnTig/BniH1v0tDyovAqjg7xV3sZkE2dgcIRFmiIDI16U2Lgjs1y65vQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPPGnQTXYwHWguTk1pYI2RkzSKjXMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMwMTUxZjllLWY2YzktNDBkNi1iZWJlLWRhY2VkOTU5YTI3OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8iiAMA0GCSqGSIb3DQEBCwUAA4IBAQCYgLTbm7jNMdzQsIwy
fu4iSPm/UAXmS2NbRKlFYzwWrB0LNY7Bt0SsGlw1VcYiBoUzxH/LFQM0MI3bKrZt
GekwzTCy3OWMJFBeF+6PcLw9StnA9H8t4kioFGNYWMTziuGDjTiKHhyYanJ45km2
wVraLHhWkL5l41F9L+NTwV8y3VQSU3SQ3DcHgYXNZnnFhuvJTrkczIylUoUdPiwV
suVBIXMMQ+fQ25BsNLL/WNfCDhGEQiSWUrn9+JMB2Pcfxy9OIgG5kEY2EwsjJjtz
RXTXq6Gpp8Kj5sKVF//GwrLtMQv9E/RVmcbGDcbsrHWYgtZWRqL+ZuIkfB+Dn/B2
Jo6u
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:03:57 2025 by rpki-client