Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/797893b8-c104-4c3c-a4c9-4fe82cad340d.roa
File:                     797893b8-c104-4c3c-a4c9-4fe82cad340d.roa (raw, json)
Hash identifier:          AD77Wvk2xHBB/qQ8QvcEY6HOOENdWMEuFE73esPlkXk=
Subject key identifier:   09:BF:A6:E3:FF:6C:E3:F7:BE:66:41:DC:1B:3A:A9:EE:1A:AD:5B:9E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4D3A07E082A4B084328940A597549A6F70416CE8
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/797893b8-c104-4c3c-a4c9-4fe82cad340d.roa
Signing time:             Mon 28 Jul 2025 15:20:41 +0000
ROA not before:           Mon 28 Jul 2025 15:20:41 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:8840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:3a:07:e0:82:a4:b0:84:32:89:40:a5:97:54:9a:6f:70:41:6c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 28 15:20:41 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=23d80211d847822f2b6467c4eb897ccb00028ed1dfee5f602dff2ebb104c511b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d4:28:c7:20:df:14:f1:51:c3:dd:d9:7b:4e:
                    5a:2d:7b:32:d1:9b:1b:16:e5:77:b8:6f:7b:2d:42:
                    88:c8:20:af:a4:7f:64:7a:5f:16:78:c0:9c:35:cb:
                    06:40:c4:b0:c4:52:fd:f3:f3:d3:14:95:8f:49:70:
                    7a:37:1d:e8:ea:94:db:c8:04:46:ee:9f:e2:16:89:
                    8a:00:1d:2f:43:3d:0e:eb:f9:ec:0c:81:f5:87:38:
                    a9:62:6e:83:47:0b:e5:f4:43:de:45:e9:d8:35:14:
                    b2:d4:e8:64:b4:61:4b:d4:f5:d5:60:d4:04:e1:ff:
                    89:bf:57:f3:33:4c:dd:62:2c:ad:ef:3a:6f:2e:84:
                    98:ba:7f:29:e5:f4:98:e4:01:20:5f:f2:cc:72:ad:
                    2f:2b:77:6a:1e:df:1f:f4:a6:11:47:82:ba:87:c8:
                    08:91:6e:9f:82:65:b5:9f:5c:ae:af:59:4b:10:49:
                    01:f5:4d:af:fc:07:ab:48:de:b1:42:3b:da:8e:e1:
                    98:9c:14:b2:9c:8f:c4:44:09:5e:37:16:5e:25:4c:
                    c8:bc:b8:c6:a5:de:6f:5d:7e:69:97:72:4f:94:25:
                    61:bc:08:54:78:2e:b2:c3:59:5a:54:c2:45:2f:83:
                    0c:87:42:06:eb:1a:19:d8:97:7d:d4:42:dc:70:c2:
                    d4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:BF:A6:E3:FF:6C:E3:F7:BE:66:41:DC:1B:3A:A9:EE:1A:AD:5B:9E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/797893b8-c104-4c3c-a4c9-4fe82cad340d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:8840::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:a9:e8:1c:7d:75:0f:11:a1:10:15:dc:7b:37:37:3b:58:86:
         f4:fb:04:ec:f4:32:41:57:43:dd:0a:0b:4c:ae:3f:6a:e3:e2:
         9f:b4:86:43:71:d3:15:70:a7:59:e0:39:bd:58:41:c4:c1:86:
         3d:05:8a:a8:4d:3a:c6:c7:86:16:c3:e9:8d:d8:e3:31:91:20:
         d9:9d:06:97:ce:55:29:0c:a4:e6:2d:d8:2b:d5:1b:70:a1:3a:
         c7:1a:e4:4c:e8:3a:d2:25:df:7a:c3:b7:03:ef:67:6b:0d:3d:
         fb:7e:23:f4:65:a7:08:36:77:53:9e:42:b7:84:e7:29:15:7f:
         9a:2e:f2:7e:2e:9b:2f:12:64:54:48:dd:81:98:4b:79:45:7e:
         7a:cd:b5:a4:0a:3f:2f:0c:e2:9b:5d:f0:d9:e5:ef:56:d5:5a:
         00:be:7d:ae:1c:8f:0f:6f:19:bf:d3:ab:d4:73:fa:41:d6:cb:
         93:cd:e3:08:d5:bf:3f:87:9e:8e:70:3a:bf:d3:c9:21:fd:e9:
         b0:ff:1d:78:31:77:24:f8:75:de:f9:d9:87:70:03:46:2d:13:
         60:91:42:ea:68:bf:b7:b5:0c:db:e7:d3:e5:04:3d:8f:19:6f:
         0d:ba:49:c7:93:51:5e:f6:a7:ce:87:05:70:0c:c4:5f:39:ef:
         00:03:e1:4d
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUTToH4IKksIQyiUCll1Sab3BBbOgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyODE1MjA0MVoX
DTI1MDkwMTIzNTk1OVowejFJMEcGA1UEBRNAMjNkODAyMTFkODQ3ODIyZjJiNjQ2
N2M0ZWI4OTdjY2IwMDAyOGVkMWRmZWU1ZjYwMmRmZjJlYmIxMDRjNTExYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdQoxyDfFPFRw93Ze05aLXsy0Zsb
FuV3uG97LUKIyCCvpH9kel8WeMCcNcsGQMSwxFL98/PTFJWPSXB6Nx3o6pTbyARG
7p/iFomKAB0vQz0O6/nsDIH1hzipYm6DRwvl9EPeRenYNRSy1OhktGFL1PXVYNQE
4f+Jv1fzM0zdYiyt7zpvLoSYun8p5fSY5AEgX/LMcq0vK3dqHt8f9KYRR4K6h8gI
kW6fgmW1n1yur1lLEEkB9U2v/AerSN6xQjvajuGYnBSynI/ERAleNxZeJUzIvLjG
pd5vXX5pl3JPlCVhvAhUeC6yw1laVMJFL4MMh0IG6xoZ2Jd91ELccMLUWQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAm/puP/bOP3vmZB3Bs6qe4arVueMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzc5Nzg5M2I4LWMxMDQtNGMzYy1hNGM5LTRmZTgyY2FkMzQwZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYYhAMA0GCSqGSIb3DQEBCwUAA4IBAQBTqegcfXUPEaEQFdx7
Nzc7WIb0+wTs9DJBV0PdCgtMrj9q4+KftIZDcdMVcKdZ4Dm9WEHEwYY9BYqoTTrG
x4YWw+mN2OMxkSDZnQaXzlUpDKTmLdgr1RtwoTrHGuRM6DrSJd96w7cD72drDT37
fiP0ZacINndTnkK3hOcpFX+aLvJ+LpsvEmRUSN2BmEt5RX56zbWkCj8vDOKbXfDZ
5e9W1VoAvn2uHI8Pbxm/06vUc/pB1suTzeMI1b8/h56OcDq/08kh/emw/x14MXck
+HXe+dmHcANGLRNgkULqaL+3tQzb59PlBD2PGW8NuknHk1Fe9qfOhwVwDMRfOe8A
A+FN
-----END CERTIFICATE-----
Generated at Thu Jul 31 00:57:24 2025 by rpki-client