Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/519f0e88-fa90-4b61-957d-57fe1cc2f6c1.roa
File:                     519f0e88-fa90-4b61-957d-57fe1cc2f6c1.roa (raw, json)
Hash identifier:          0vZw4yEArEaGPylWpRKz+L3N42FBFFiEDSsFDEwwA08=
Subject key identifier:   56:C9:71:E4:5B:E0:BD:CA:CC:C3:24:73:18:11:DB:72:1D:F5:0F:65
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       60F30A6DFFCEA30CF956E1C35E69CFC889E465F3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/519f0e88-fa90-4b61-957d-57fe1cc2f6c1.roa
Signing time:             Wed 15 Oct 2025 00:00:10 +0000
ROA not before:           Wed 15 Oct 2025 00:00:10 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daa0:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 00:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:f3:0a:6d:ff:ce:a3:0c:f9:56:e1:c3:5e:69:cf:c8:89:e4:65:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 15 00:00:10 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=67f44821c385d48fd00040f72e0d66a6218cb3e4386bfa05ac703e70708765a9, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cc:8c:bf:71:2e:a1:de:64:b8:a5:de:72:e7:
                    7b:f1:b5:3d:e4:20:2e:83:53:4a:9d:34:e3:65:e1:
                    5e:35:11:31:2e:68:b7:e6:9a:44:07:cc:7a:8b:b9:
                    ef:c8:97:e3:77:5b:54:d5:b0:b4:e3:fe:1d:72:ee:
                    b9:5d:3f:61:67:2e:39:84:ae:7e:4e:2e:7e:14:84:
                    9f:6b:93:f3:f9:ba:87:df:0e:4c:e4:74:3b:64:dc:
                    1a:c1:35:56:f9:f6:22:22:ad:9f:16:10:51:73:0d:
                    58:d6:e8:a7:16:63:a7:37:4f:c7:6e:68:7c:be:0a:
                    f2:e5:0b:b2:0b:58:cf:8a:f3:14:5a:c2:3f:46:40:
                    d8:59:df:6b:66:d7:34:bc:2c:bc:88:72:3d:fa:d6:
                    35:6c:6c:7d:96:fd:3a:b6:76:86:39:fe:32:ae:e1:
                    22:ab:68:de:27:05:9d:ee:51:32:43:a3:9c:c3:4c:
                    ed:ac:be:ed:8f:c0:55:63:d3:0c:59:8b:76:3c:43:
                    6e:21:b8:36:16:31:69:25:08:46:11:48:33:4d:0d:
                    09:f3:3c:b5:8a:f9:1f:ce:43:da:37:06:20:2b:ea:
                    1f:49:8e:2f:b7:e0:7b:3e:87:39:3b:d3:4f:06:73:
                    83:e5:5d:ee:26:83:17:80:24:44:a4:bc:9a:fd:35:
                    83:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:C9:71:E4:5B:E0:BD:CA:CC:C3:24:73:18:11:DB:72:1D:F5:0F:65
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/519f0e88-fa90-4b61-957d-57fe1cc2f6c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daa0:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         26:83:6e:38:13:43:bd:16:8c:ba:11:18:83:3e:e6:21:9a:d5:
         01:b4:07:9d:c1:91:35:81:87:2f:7d:32:d9:85:47:ba:86:94:
         2c:36:2b:42:58:bb:0b:7b:2b:bf:f9:8a:01:a6:b0:27:3d:3f:
         39:93:2b:e1:be:c4:03:c4:14:24:68:d2:27:89:dc:15:2c:e5:
         64:c4:53:b4:02:09:3e:b3:2a:e8:64:38:f6:54:66:c1:c7:22:
         b1:39:60:c2:0a:e4:a6:53:2c:a7:a5:93:59:9b:e2:85:0a:33:
         4a:c5:bc:3e:a8:6e:ba:f2:3b:37:15:cd:6e:97:5f:37:87:95:
         8d:33:82:94:e5:e2:b9:45:d1:28:8e:82:93:44:0b:c7:1f:c2:
         15:30:96:ce:8b:d8:fb:b1:6e:76:af:19:4e:90:7f:83:c9:5e:
         bc:24:21:11:d9:a0:a5:a2:68:86:36:6c:af:07:7d:55:a3:d4:
         67:b9:59:c6:80:6d:75:d8:3f:78:ad:a3:82:8f:5b:76:27:bf:
         dd:4a:28:fb:13:7d:96:f0:62:c7:b7:f6:25:c3:26:f8:74:7a:
         c2:ca:43:1f:a5:33:dc:32:f1:3f:16:d9:e8:d1:bc:c5:60:23:
         a2:87:52:7c:aa:04:13:d3:68:ec:49:73:a3:8e:0d:61:4f:e1:
         e3:41:7f:25
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUYPMKbf/Oowz5VuHDXmnPyInkZfMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNTAwMDAxMFoX
DTI1MTExOTIzNTk1OVowejFJMEcGA1UEBRNANjdmNDQ4MjFjMzg1ZDQ4ZmQwMDA0
MGY3MmUwZDY2YTYyMThjYjNlNDM4NmJmYTA1YWM3MDNlNzA3MDg3NjVhOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcyMv3Euod5kuKXecud78bU95CAu
g1NKnTTjZeFeNRExLmi35ppEB8x6i7nvyJfjd1tU1bC04/4dcu65XT9hZy45hK5+
Ti5+FISfa5Pz+bqH3w5M5HQ7ZNwawTVW+fYiIq2fFhBRcw1Y1uinFmOnN0/Hbmh8
vgry5QuyC1jPivMUWsI/RkDYWd9rZtc0vCy8iHI9+tY1bGx9lv06tnaGOf4yruEi
q2jeJwWd7lEyQ6Ocw0ztrL7tj8BVY9MMWYt2PENuIbg2FjFpJQhGEUgzTQ0J8zy1
ivkfzkPaNwYgK+ofSY4vt+B7Poc5O9NPBnOD5V3uJoMXgCREpLya/TWDwQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFbJceRb4L3KzMMkcxgR23Id9Q9lMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzUxOWYwZTg4LWZhOTAtNGI2MS05NTdkLTU3ZmUxY2MyZjZjMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaoOAwDQYJKoZIhvcNAQELBQADggEBACaDbjgTQ70WjLoRGIM+
5iGa1QG0B53BkTWBhy99MtmFR7qGlCw2K0JYuwt7K7/5igGmsCc9PzmTK+G+xAPE
FCRo0ieJ3BUs5WTEU7QCCT6zKuhkOPZUZsHHIrE5YMIK5KZTLKelk1mb4oUKM0rF
vD6obrryOzcVzW6XXzeHlY0zgpTl4rlF0SiOgpNEC8cfwhUwls6L2PuxbnavGU6Q
f4PJXrwkIRHZoKWiaIY2bK8HfVWj1Ge5WcaAbXXYP3ito4KPW3Ynv91KKPsTfZbw
Yse39iXDJvh0esLKQx+lM9wy8T8W2ejRvMVgI6KHUnyqBBPTaOxJc6OODWFP4eNB
fyU=
-----END CERTIFICATE-----
Generated at Fri Oct 17 17:28:55 2025 by rpki-client