Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/793c08d0-65bf-4078-a267-d0adfdb54fc8.roa
File:                     793c08d0-65bf-4078-a267-d0adfdb54fc8.roa (raw, json)
Hash identifier:          9JsMuKoVAfS5oBXYKYrm+ZRPjr7YCbJiLF9NuIBCIhA=
Subject key identifier:   71:94:25:85:24:FE:0C:E9:1A:28:B9:8E:F4:BA:88:57:F0:C4:44:C0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       371AB4711427527DF4C5AD60D1E2D7A5C52BC34C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/793c08d0-65bf-4078-a267-d0adfdb54fc8.roa
Signing time:             Tue 29 Jul 2025 00:41:47 +0000
ROA not before:           Tue 29 Jul 2025 00:41:47 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:4080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:1a:b4:71:14:27:52:7d:f4:c5:ad:60:d1:e2:d7:a5:c5:2b:c3:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 29 00:41:47 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=b17f02a657e5ab532078c61e55ecac093a1e98f231d4fd57a250700c6e90b875, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:86:45:67:52:cd:2a:44:29:65:d3:e9:5c:02:
                    e3:8f:ea:bc:0f:e6:ea:2c:a6:63:ba:0b:03:0a:97:
                    a0:21:ae:a3:5b:68:63:fa:58:14:48:80:d3:6b:a1:
                    09:e5:d5:14:27:6c:6d:01:a7:22:db:09:c4:9c:ff:
                    7e:c9:8a:a6:76:51:e4:c3:0b:03:53:b1:17:62:ad:
                    8d:8b:6a:32:e3:89:6a:c9:0e:5f:36:a6:3d:ae:9b:
                    0b:5b:a0:90:88:56:e8:1c:27:30:28:1a:d4:93:26:
                    51:64:eb:a6:54:85:e4:53:07:58:7b:f6:41:d9:bb:
                    a8:7e:9d:41:26:28:43:77:b6:9f:86:90:98:32:48:
                    12:f5:f8:da:79:b9:29:b6:d5:ed:9d:af:8b:93:3a:
                    9a:90:85:77:b4:f7:18:4e:3b:08:31:d8:ee:34:65:
                    c8:db:93:0d:04:ff:00:4b:44:ba:34:0a:ae:38:42:
                    71:79:c9:a8:52:40:31:96:a9:fb:2d:0e:43:c7:d6:
                    c2:c2:cd:89:ec:c1:b5:8c:98:4c:a4:3a:a3:b3:8f:
                    cd:dc:4d:88:10:d6:2a:88:3c:8c:b9:8d:56:72:4e:
                    00:d6:cc:b5:11:63:08:e8:b8:5b:dd:23:87:9b:f4:
                    6a:4a:66:28:96:dd:77:0f:37:5f:f9:06:ae:69:72:
                    c0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:94:25:85:24:FE:0C:E9:1A:28:B9:8E:F4:BA:88:57:F0:C4:44:C0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/793c08d0-65bf-4078-a267-d0adfdb54fc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:7a:33:74:18:18:16:25:11:44:72:f6:49:b4:5f:3f:3b:5c:
         5c:05:75:f1:0e:75:4e:54:cb:b9:de:5a:9e:4e:be:49:4f:4b:
         22:84:d6:4d:2d:e7:9b:1e:fd:af:10:9a:13:11:22:43:3e:02:
         06:19:16:0d:48:25:8f:65:e0:22:6f:95:f7:07:2a:5a:ef:01:
         eb:03:f7:ad:e9:ad:c0:98:8d:d6:89:bf:c5:7e:e7:d4:03:b8:
         06:50:ca:16:bd:1d:6d:48:b0:bf:05:ef:b4:76:e8:61:69:e8:
         02:19:10:71:71:30:79:38:8e:46:92:af:14:e0:84:cc:b7:b3:
         e4:d8:a2:57:c9:c0:c9:68:e7:c7:f9:4a:3a:5a:7e:e8:40:0e:
         5a:55:e4:26:a0:be:a8:98:84:be:46:a0:ce:8d:d9:c1:2d:7d:
         7e:10:d4:a2:99:3c:3b:33:3b:35:e5:f1:a2:1f:0e:76:98:79:
         a8:79:1b:cb:07:a6:e3:16:50:14:7a:c9:6f:bc:8e:c9:47:fb:
         01:88:78:d4:46:f5:43:5f:a6:de:e7:60:20:cf:c4:33:48:38:
         45:b1:a1:94:3d:5d:e0:0d:ce:79:5e:57:d7:85:79:3c:a7:c0:
         04:4c:d6:57:07:9d:9d:d5:03:06:04:a4:5a:a4:46:b6:e0:db:
         f2:93:e7:5e
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUNxq0cRQnUn30xa1g0eLXpcUrw0wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyOTAwNDE0N1oX
DTI1MDkwMjIzNTk1OVowejFJMEcGA1UEBRNAYjE3ZjAyYTY1N2U1YWI1MzIwNzhj
NjFlNTVlY2FjMDkzYTFlOThmMjMxZDRmZDU3YTI1MDcwMGM2ZTkwYjg3NTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoZFZ1LNKkQpZdPpXALjj+q8D+bq
LKZjugsDCpegIa6jW2hj+lgUSIDTa6EJ5dUUJ2xtAaci2wnEnP9+yYqmdlHkwwsD
U7EXYq2Ni2oy44lqyQ5fNqY9rpsLW6CQiFboHCcwKBrUkyZRZOumVIXkUwdYe/ZB
2buofp1BJihDd7afhpCYMkgS9fjaebkpttXtna+LkzqakIV3tPcYTjsIMdjuNGXI
25MNBP8AS0S6NAquOEJxecmoUkAxlqn7LQ5Dx9bCws2J7MG1jJhMpDqjs4/N3E2I
ENYqiDyMuY1Wck4A1sy1EWMI6Lhb3SOHm/RqSmYolt13Dzdf+QauaXLAGwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHGUJYUk/gzpGii5jvS6iFfwxETAMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzc5M2MwOGQwLTY1YmYtNDA3OC1hMjY3LWQwYWRmZGI1NGZjOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/0CAMA0GCSqGSIb3DQEBCwUAA4IBAQApejN0GBgWJRFEcvZJ
tF8/O1xcBXXxDnVOVMu53lqeTr5JT0sihNZNLeebHv2vEJoTESJDPgIGGRYNSCWP
ZeAib5X3Bypa7wHrA/et6a3AmI3Wib/FfufUA7gGUMoWvR1tSLC/Be+0duhhaegC
GRBxcTB5OI5Gkq8U4ITMt7Pk2KJXycDJaOfH+Uo6Wn7oQA5aVeQmoL6omIS+RqDO
jdnBLX1+ENSimTw7Mzs15fGiHw52mHmoeRvLB6bjFlAUeslvvI7JR/sBiHjURvVD
X6be52Agz8QzSDhFsaGUPV3gDc55XlfXhXk8p8AETNZXB52d1QMGBKRapEa24Nvy
k+de
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:03:50 2025 by rpki-client