Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa
File:                     49a679dd-b6ba-4b54-beeb-b3e83302b998.roa (raw, json)
Hash identifier:          sQNcFe6g20JX9C6A+G5O9BalccvWrWeckTW8sAC3CAg=
Subject key identifier:   FC:F8:5B:DD:5E:00:1B:DB:3F:E5:C2:3E:5C:E0:8F:FC:13:AE:73:72
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       79DA9372525E7AD0209A5827DF5DDFFAB4B6E01B
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa
Signing time:             Tue 08 Jul 2025 00:00:09 +0000
ROA not before:           Tue 08 Jul 2025 00:00:09 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 20 Jul 2025 00:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:da:93:72:52:5e:7a:d0:20:9a:58:27:df:5d:df:fa:b4:b6:e0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul  8 00:00:09 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=87da7257319739653117d750d5bcb8fcb2aa5d0f71061c40c5bbc27cac4901ca, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1a:df:80:33:2c:a2:06:bf:50:6d:13:fa:42:
                    8e:93:f2:fa:a6:71:39:3e:dc:98:5d:a8:41:bb:a8:
                    b0:b9:7e:84:d9:18:55:8a:22:62:cf:c0:3e:e4:11:
                    8c:61:25:10:1b:d3:41:ba:9d:43:e7:69:2d:3a:d1:
                    a5:3e:7c:af:a2:ac:f0:5a:05:ea:58:7f:ef:65:72:
                    23:92:62:fa:20:b7:2d:e1:33:19:8c:a3:e6:03:09:
                    49:bf:73:7a:d1:5d:7e:1d:21:4e:5a:09:7e:20:57:
                    5a:ce:e5:a3:fa:42:3c:f0:92:b4:64:6f:b7:4c:a9:
                    1c:34:38:a8:c7:52:99:4b:46:77:33:71:16:e6:88:
                    0b:e4:15:69:88:2e:8c:5b:d5:60:cd:59:ef:14:56:
                    e5:e8:87:87:68:0b:85:b6:72:a1:6c:85:76:df:2e:
                    cc:7f:42:b2:d9:0b:c2:25:d7:4e:77:b1:a4:37:fd:
                    67:b7:9d:f6:d4:53:e4:a0:de:2c:47:bd:de:8f:5d:
                    1f:56:11:77:a5:5e:a3:c7:c2:a9:cd:9a:9a:2b:0d:
                    97:18:fc:f6:56:1a:77:d0:da:40:cb:c5:e3:15:43:
                    de:0b:7f:ca:70:98:c9:69:d3:fc:71:b6:fc:5d:c0:
                    42:c7:f8:5e:92:ed:ee:01:18:00:00:c7:2a:63:49:
                    99:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F8:5B:DD:5E:00:1B:DB:3F:E5:C2:3E:5C:E0:8F:FC:13:AE:73:72
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         82:4f:47:ec:29:a6:25:de:b5:40:b6:d3:64:09:37:6e:26:bf:
         4d:37:87:bd:09:00:ee:9e:f1:f4:b0:90:0e:d2:4a:dc:de:c4:
         4e:1e:76:19:e7:de:c4:1d:2f:66:75:df:60:b4:a2:a7:e8:72:
         0f:a5:49:9e:73:47:5a:a2:4c:c2:03:b8:41:a8:71:44:6a:e5:
         50:f0:8d:42:b4:f5:6d:a2:19:97:71:5f:21:4c:0a:f8:83:21:
         82:9c:bf:68:58:42:d6:17:99:ad:a9:85:71:2d:e3:4d:3b:28:
         61:c9:8d:ab:3e:45:41:e4:45:19:86:00:eb:b7:da:4d:8c:1b:
         ae:c2:20:22:41:66:80:56:d5:4b:10:73:a3:16:26:8b:5c:73:
         a9:7d:2f:a4:8f:4f:68:1e:98:3d:a4:b7:c0:3a:2a:b5:96:36:
         be:62:62:34:da:c2:9a:24:4a:56:1c:3e:f8:d8:da:88:fd:ab:
         be:ce:92:47:e2:37:39:56:d3:cb:81:05:32:d7:aa:cb:47:ec:
         29:2e:e0:e5:63:16:92:f5:1e:2b:78:2a:7d:ee:2f:8b:de:a3:
         d7:00:4b:5b:f7:67:33:be:08:d1:5a:1c:aa:97:16:e7:72:37:
         17:a7:f6:b4:de:e6:e9:a9:6b:32:82:87:5b:e6:d5:04:51:f4:
         e9:1e:7b:5b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUedqTclJeetAgmlgn313f+rS24BswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcwODAwMDAwOVoX
DTI1MDgxMjIzNTk1OVowejFJMEcGA1UEBRNAODdkYTcyNTczMTk3Mzk2NTMxMTdk
NzUwZDViY2I4ZmNiMmFhNWQwZjcxMDYxYzQwYzViYmMyN2NhYzQ5MDFjYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhrfgDMsoga/UG0T+kKOk/L6pnE5
PtyYXahBu6iwuX6E2RhViiJiz8A+5BGMYSUQG9NBup1D52ktOtGlPnyvoqzwWgXq
WH/vZXIjkmL6ILct4TMZjKPmAwlJv3N60V1+HSFOWgl+IFdazuWj+kI88JK0ZG+3
TKkcNDiox1KZS0Z3M3EW5ogL5BVpiC6MW9VgzVnvFFbl6IeHaAuFtnKhbIV23y7M
f0Ky2QvCJddOd7GkN/1nt5321FPkoN4sR73ej10fVhF3pV6jx8KpzZqaKw2XGPz2
Vhp30NpAy8XjFUPeC3/KcJjJadP8cbb8XcBCx/heku3uARgAAMcqY0mZCwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPz4W91eABvbP+XCPlzgj/wTrnNyMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQ5YTY3OWRkLWI2YmEtNGI1NC1iZWViLWIzZTgzMzAyYjk5OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8QgwDQYJKoZIhvcNAQELBQADggEBAIJPR+wppiXetUC202QJ
N24mv003h70JAO6e8fSwkA7SStzexE4edhnn3sQdL2Z132C0oqfocg+lSZ5zR1qi
TMIDuEGocURq5VDwjUK09W2iGZdxXyFMCviDIYKcv2hYQtYXma2phXEt4007KGHJ
jas+RUHkRRmGAOu32k2MG67CICJBZoBW1UsQc6MWJotcc6l9L6SPT2gemD2kt8A6
KrWWNr5iYjTawpokSlYcPvjY2oj9q77OkkfiNzlW08uBBTLXqstH7Cku4OVjFpL1
Hit4Kn3uL4veo9cAS1v3ZzO+CNFaHKqXFudyNxen9rTe5umpazKCh1vm1QRR9Oke
e1s=
-----END CERTIFICATE-----
Generated at Wed Jul 16 12:06:56 2025 by rpki-client