Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3a6f01f1-bc5b-473d-a12f-7f0ffed5f4fb.roa
File:                     3a6f01f1-bc5b-473d-a12f-7f0ffed5f4fb.roa (raw, json)
Hash identifier:          +0rC6Ht273OIY2v0LgQZiJG/6KrjDw01KeqXkNEuuPc=
Subject key identifier:   44:A9:FD:AA:DC:D5:8A:19:BE:3A:42:74:28:FB:D3:08:18:19:67:1D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7F04405ABA7D76ECFBE7F1F6ABD39EDFA90C6543
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3a6f01f1-bc5b-473d-a12f-7f0ffed5f4fb.roa
Signing time:             Tue 29 Jul 2025 00:40:14 +0000
ROA not before:           Tue 29 Jul 2025 00:40:14 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:c880::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:04:40:5a:ba:7d:76:ec:fb:e7:f1:f6:ab:d3:9e:df:a9:0c:65:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 29 00:40:14 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=b2e1f483a5cb187b96e33dfb78de94b5ffc7c9f8c6f5e96bdc0a34fe87687e64, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9f:55:58:f5:46:aa:65:2e:8f:8d:fa:1e:81:
                    9e:4a:34:68:74:7d:d7:f1:1f:e5:99:c7:a8:64:4d:
                    5c:57:6a:df:84:13:2a:2b:7c:eb:ca:42:12:fc:72:
                    0a:d3:53:fa:e1:cc:cd:6d:35:f0:7e:d9:b4:b4:d3:
                    8a:dc:e2:c9:c7:0f:ad:6d:68:e6:f9:d2:29:f9:29:
                    01:77:fb:8c:cd:1b:8d:f8:db:49:6c:1e:9e:12:2f:
                    fa:1a:07:69:d3:12:02:b1:8d:8c:66:e5:48:8b:94:
                    02:2b:b2:8e:b7:a8:3b:f0:2b:33:22:17:90:8c:41:
                    40:bf:ce:d7:8b:ca:2f:4e:55:20:6c:b8:2f:46:11:
                    77:14:ad:53:ab:c8:f7:4a:5f:3c:06:75:a6:53:bd:
                    d2:af:52:88:70:59:eb:f6:5a:a4:12:3d:91:9a:8e:
                    cc:f5:31:20:eb:71:17:e6:c7:aa:ec:16:25:dc:f9:
                    f7:0d:06:b1:05:46:25:03:70:0e:17:a0:da:6f:ba:
                    0d:be:1f:1b:d5:2b:53:fa:96:77:a5:be:6f:18:3c:
                    63:c7:a3:1c:fe:59:33:ce:dc:2f:d6:ee:48:5f:8f:
                    2a:ac:39:71:06:b4:31:64:bc:55:f2:80:d9:5b:a1:
                    79:9e:42:2b:b6:14:75:ec:71:d7:9b:c2:7f:9f:47:
                    48:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A9:FD:AA:DC:D5:8A:19:BE:3A:42:74:28:FB:D3:08:18:19:67:1D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3a6f01f1-bc5b-473d-a12f-7f0ffed5f4fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:c880::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:a2:4f:9b:88:c6:17:11:8b:5d:e9:3f:61:19:b5:16:ed:75:
         67:a2:3c:65:8d:35:42:b3:13:1d:d2:46:14:06:47:86:2b:2d:
         69:48:e1:78:b8:14:89:99:81:b3:43:64:02:76:7d:3b:9f:ce:
         4d:d3:1d:7a:33:5b:cf:02:ca:0a:dd:ba:aa:48:af:4b:33:bc:
         fa:44:cf:3a:da:37:58:15:81:ba:88:7e:cf:a3:2c:c2:7d:17:
         c2:23:a8:58:31:06:59:a7:7b:f4:6d:83:bf:61:9b:d1:59:20:
         7c:e0:70:45:d7:81:bb:6b:ab:e1:07:52:32:2c:4d:92:54:bb:
         c8:8e:dd:e7:ad:b5:3f:14:5a:63:85:e9:6f:62:df:f6:e1:84:
         89:00:30:9a:e0:c0:96:8e:1f:7a:7c:4e:70:ae:4c:fb:c7:6c:
         a0:fc:cc:b6:fd:de:98:af:67:54:b9:e5:e5:4a:c8:b8:7f:93:
         f7:8c:dc:7b:f4:1d:17:68:e4:ab:dd:c6:bd:41:c8:55:78:7f:
         bf:83:9b:84:e4:a8:7e:bb:2d:84:47:22:ad:13:e1:4b:89:fc:
         04:5b:46:fd:08:e6:27:61:e0:50:49:6a:19:0d:3b:cd:da:84:
         aa:eb:a6:0e:da:7f:28:e9:2a:bc:e8:46:f0:23:36:73:c9:e2:
         87:c5:bb:21
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUfwRAWrp9duz75/H2q9Oe36kMZUMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyOTAwNDAxNFoX
DTI1MDkwMjIzNTk1OVowejFJMEcGA1UEBRNAYjJlMWY0ODNhNWNiMTg3Yjk2ZTMz
ZGZiNzhkZTk0YjVmZmM3YzlmOGM2ZjVlOTZiZGMwYTM0ZmU4NzY4N2U2NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp9VWPVGqmUuj436HoGeSjRodH3X
8R/lmceoZE1cV2rfhBMqK3zrykIS/HIK01P64czNbTXwftm0tNOK3OLJxw+tbWjm
+dIp+SkBd/uMzRuN+NtJbB6eEi/6Ggdp0xICsY2MZuVIi5QCK7KOt6g78CszIheQ
jEFAv87Xi8ovTlUgbLgvRhF3FK1Tq8j3Sl88BnWmU73Sr1KIcFnr9lqkEj2Rmo7M
9TEg63EX5seq7BYl3Pn3DQaxBUYlA3AOF6Dab7oNvh8b1StT+pZ3pb5vGDxjx6Mc
/lkzztwv1u5IX48qrDlxBrQxZLxV8oDZW6F5nkIrthR17HHXm8J/n0dI+wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFESp/arc1YoZvjpCdCj70wgYGWcdMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNhNmYwMWYxLWJjNWItNDczZC1hMTJmLTdmMGZmZWQ1ZjRmYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8siAMA0GCSqGSIb3DQEBCwUAA4IBAQBkok+biMYXEYtd6T9h
GbUW7XVnojxljTVCsxMd0kYUBkeGKy1pSOF4uBSJmYGzQ2QCdn07n85N0x16M1vP
AsoK3bqqSK9LM7z6RM862jdYFYG6iH7PoyzCfRfCI6hYMQZZp3v0bYO/YZvRWSB8
4HBF14G7a6vhB1IyLE2SVLvIjt3nrbU/FFpjhelvYt/24YSJADCa4MCWjh96fE5w
rkz7x2yg/My2/d6Yr2dUueXlSsi4f5P3jNx79B0XaOSr3ca9QchVeH+/g5uE5Kh+
uy2ERyKtE+FLifwEW0b9COYnYeBQSWoZDTvN2oSq66YO2n8o6Sq86EbwIzZzyeKH
xbsh
-----END CERTIFICATE-----
Generated at Thu Jul 31 00:57:22 2025 by rpki-client