Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/56aba584-e6fd-42ac-9d3c-f747713e6c50.roa
File:                     56aba584-e6fd-42ac-9d3c-f747713e6c50.roa (raw, json)
Hash identifier:          PwsTzraGCjokZzkBf1gdQcGwuAnNVTTQX524NI5E/zk=
Subject key identifier:   4E:9F:76:31:81:BC:B5:75:18:6F:08:6A:9E:AB:07:9A:43:56:D4:A5
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1F6073C36BAE6709F847790E288D878DE5C7E122
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/56aba584-e6fd-42ac-9d3c-f747713e6c50.roa
Signing time:             Mon 28 Jul 2025 15:00:50 +0000
ROA not before:           Mon 28 Jul 2025 15:00:50 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:c840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:60:73:c3:6b:ae:67:09:f8:47:79:0e:28:8d:87:8d:e5:c7:e1:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 28 15:00:50 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=d922337a22544b13f4543bf98fc88cbf57cf019847ab06713f90630a168dc932, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c3:3f:9d:1e:90:e3:3e:2d:01:f6:b5:e9:ef:
                    5e:92:ce:ac:06:30:33:ca:37:86:6e:eb:e5:48:f9:
                    61:29:47:f8:d7:3b:51:fc:bb:b5:b0:96:21:95:f7:
                    10:fe:09:38:db:13:b5:d0:22:98:c3:c5:bb:9d:9c:
                    15:3e:73:20:35:6f:26:6c:aa:d7:10:43:3b:c8:12:
                    d9:bb:f7:e0:8c:f9:64:a3:b8:d5:ce:d2:68:6d:63:
                    5d:ba:8a:5a:53:73:e8:27:91:ba:28:67:45:d0:a1:
                    19:01:9c:e7:ab:11:6a:f0:5b:08:4d:03:5a:b7:3c:
                    8b:c7:80:83:c4:b5:20:7b:d3:6c:2a:cd:e3:4d:ef:
                    47:36:37:62:1b:e0:10:9b:2a:a6:75:d2:b3:8f:31:
                    1e:4e:43:a9:69:ca:30:0a:97:0e:27:60:04:51:cd:
                    8a:5d:a8:ec:3f:ba:19:d8:5f:f7:c9:27:c8:49:ea:
                    07:2b:27:fa:fb:8b:a1:08:31:77:83:76:25:07:4a:
                    53:34:4e:1a:16:af:d0:09:ce:7b:d3:79:23:2a:75:
                    70:db:a2:ae:76:61:ce:13:a1:36:70:2e:69:b5:ce:
                    da:e3:dc:53:bb:e6:ce:a7:4a:3a:30:3a:b6:b4:73:
                    cd:71:71:3c:bd:c5:e3:84:8e:59:0f:8d:03:a3:d7:
                    86:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:9F:76:31:81:BC:B5:75:18:6F:08:6A:9E:AB:07:9A:43:56:D4:A5
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/56aba584-e6fd-42ac-9d3c-f747713e6c50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:c840::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:cf:1c:bf:e4:cc:95:70:d6:e5:46:d9:e8:39:d1:c4:54:71:
         3c:8a:93:5b:ea:46:f1:b5:11:62:9a:26:5e:11:74:c3:cc:54:
         8d:f1:aa:a0:30:14:2c:0f:26:91:43:b1:4f:81:5d:48:88:df:
         93:a4:b3:79:20:3e:89:ca:a5:33:c6:f6:e5:aa:dc:14:70:04:
         5f:55:c1:c6:65:0b:db:f6:67:0a:a4:4f:87:87:9e:b4:33:23:
         52:ba:17:ba:12:78:e9:76:26:32:40:b4:d2:95:71:44:b0:3c:
         c2:d6:56:13:21:d4:c0:90:41:a9:4b:43:51:24:9e:3d:2c:c4:
         9f:a6:fc:4e:cf:55:44:2b:79:a3:95:08:2b:5f:8d:8f:cd:89:
         d3:c2:66:56:4f:70:7b:77:cf:c6:30:67:60:ce:8b:c3:15:06:
         4f:05:ea:2b:86:c9:ca:34:3d:ac:bb:4c:fc:ac:10:86:0f:38:
         3f:b2:6e:a7:0a:ad:43:aa:24:bd:57:93:ec:02:19:bf:12:66:
         c4:c8:39:af:4d:9c:86:4d:0d:83:55:3d:ee:66:b3:de:66:78:
         ab:3b:fb:32:2f:5e:0c:16:87:90:f5:d6:ff:b2:6f:6e:bb:8c:
         cc:ee:26:39:33:2f:c4:70:77:b6:84:68:bb:1e:9c:5d:7f:7d:
         f2:74:ce:90
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUH2Bzw2uuZwn4R3kOKI2HjeXH4SIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyODE1MDA1MFoX
DTI1MDkwMTIzNTk1OVowejFJMEcGA1UEBRNAZDkyMjMzN2EyMjU0NGIxM2Y0NTQz
YmY5OGZjODhjYmY1N2NmMDE5ODQ3YWIwNjcxM2Y5MDYzMGExNjhkYzkzMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsM/nR6Q4z4tAfa16e9eks6sBjAz
yjeGbuvlSPlhKUf41ztR/Lu1sJYhlfcQ/gk42xO10CKYw8W7nZwVPnMgNW8mbKrX
EEM7yBLZu/fgjPlko7jVztJobWNduopaU3PoJ5G6KGdF0KEZAZznqxFq8FsITQNa
tzyLx4CDxLUge9NsKs3jTe9HNjdiG+AQmyqmddKzjzEeTkOpacowCpcOJ2AEUc2K
XajsP7oZ2F/3ySfISeoHKyf6+4uhCDF3g3YlB0pTNE4aFq/QCc5703kjKnVw26Ku
dmHOE6E2cC5ptc7a49xTu+bOp0o6MDq2tHPNcXE8vcXjhI5ZD40Do9eG+wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFE6fdjGBvLV1GG8Iap6rB5pDVtSlMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzU2YWJhNTg0LWU2ZmQtNDJhYy05ZDNjLWY3NDc3MTNlNmM1MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaAMhAMA0GCSqGSIb3DQEBCwUAA4IBAQBwzxy/5MyVcNblRtno
OdHEVHE8ipNb6kbxtRFimiZeEXTDzFSN8aqgMBQsDyaRQ7FPgV1IiN+TpLN5ID6J
yqUzxvblqtwUcARfVcHGZQvb9mcKpE+Hh560MyNSuhe6EnjpdiYyQLTSlXFEsDzC
1lYTIdTAkEGpS0NRJJ49LMSfpvxOz1VEK3mjlQgrX42PzYnTwmZWT3B7d8/GMGdg
zovDFQZPBeorhsnKND2su0z8rBCGDzg/sm6nCq1DqiS9V5PsAhm/EmbEyDmvTZyG
TQ2DVT3uZrPeZnirO/syL14MFoeQ9db/sm9uu4zM7iY5My/EcHe2hGi7Hpxdf33y
dM6Q
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:03:50 2025 by rpki-client