Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
File:                     86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa (raw, json)
Hash identifier:          0vdx9Jcj+qPjRh0rzmw/hgXP64S4amDdmP3UPb4uscI=
Subject key identifier:   93:BC:6D:66:EE:05:E2:3F:39:B1:A8:BC:CA:C7:6A:08:5D:E5:70:7F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7097920780D4D25DBF3727D3ACA73E57F549F6EC
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
Signing time:             Tue 10 Jun 2025 15:30:30 +0000
ROA not before:           Tue 10 Jun 2025 15:30:30 +0000
ROA not after:            Tue 15 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:f000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 06 Jul 2025 00:20:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:97:92:07:80:d4:d2:5d:bf:37:27:d3:ac:a7:3e:57:f5:49:f6:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 10 15:30:30 2025 GMT
            Not After : Jul 15 23:59:59 2025 GMT
        Subject: serialNumber=3b8de3dd9411f5bf1d0cb581df49539d048a8213604e0326f1a4e19e079f912c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d5:a6:a2:fc:d5:28:55:5e:11:09:d1:70:28:
                    fd:ca:36:bd:43:5c:7a:39:e6:52:45:8a:18:83:ba:
                    3d:0b:13:c8:8a:6b:47:5c:2c:15:2f:d4:59:e1:f2:
                    bd:8a:07:68:0a:0e:ed:21:52:cd:8b:57:80:a9:31:
                    a4:77:64:9c:28:0c:b9:1b:d9:35:7d:4f:8e:0c:cb:
                    e8:d7:0d:aa:b4:5d:a4:d3:df:d0:85:d7:22:a4:4b:
                    c0:9a:90:43:3b:de:1e:a8:d0:3b:c8:4a:88:93:23:
                    68:d4:2c:d0:46:b5:d8:73:3b:5a:75:18:ee:fb:49:
                    9d:24:39:a6:e4:06:b6:c6:3a:c7:92:70:65:32:38:
                    a3:c8:b4:98:c2:cb:0c:e0:06:6d:f9:ba:ea:c5:01:
                    da:b0:60:0f:9a:79:6d:45:a9:32:4e:b4:30:91:d8:
                    da:7b:78:09:3f:63:7e:c6:97:23:b7:7e:a7:c8:6d:
                    b1:25:f1:1a:64:17:0c:48:40:6b:98:f7:cc:1d:67:
                    3e:56:22:5f:90:1a:c0:a0:d7:1d:4c:8e:85:01:99:
                    56:c3:93:2c:1a:30:0f:b0:88:80:31:6e:56:55:f2:
                    db:22:c1:46:f5:e3:bd:12:69:c4:56:34:4f:75:38:
                    ce:01:70:89:0d:7c:27:d6:a2:d3:c0:c8:b1:7b:75:
                    33:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:BC:6D:66:EE:05:E2:3F:39:B1:A8:BC:CA:C7:6A:08:5D:E5:70:7F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:c8:b9:ee:a1:f5:74:39:d7:3c:1c:37:66:d3:20:e7:28:c1:
         ab:90:ee:5a:27:b7:52:95:0c:9b:10:e1:40:77:ca:05:df:eb:
         e7:dd:7e:4c:ec:80:af:d6:24:8e:fc:83:f2:2d:9b:58:de:9a:
         63:a9:b1:d0:d0:66:b5:50:b2:99:9d:11:0b:a4:2c:a2:38:69:
         45:2e:c1:36:59:e7:1a:5c:7b:a0:b7:7a:0a:81:61:6d:ce:a6:
         2b:54:be:d9:6b:69:96:8d:7c:c6:fc:f1:56:ef:4e:8f:44:aa:
         55:b8:ba:d2:bd:d6:5f:db:5b:b3:d1:ae:fc:42:e6:fa:73:2f:
         62:7f:a2:ad:6d:a4:3a:f3:b1:1e:6a:3e:60:0d:fb:fe:8f:ab:
         d5:35:5c:18:5b:b7:ac:c7:b4:bc:fb:03:08:26:18:8a:45:78:
         58:b4:b8:3f:bd:32:ad:cd:81:58:9f:24:ac:42:f9:be:09:96:
         45:ad:a9:10:82:a3:c1:e0:c1:33:2a:a7:6d:13:03:d4:4e:24:
         1a:12:75:d9:2d:4a:e9:5a:91:db:70:de:74:24:ad:2b:e9:fe:
         d7:57:01:41:1c:8f:d4:17:23:3d:16:2d:d9:6b:08:75:53:a3:
         51:81:22:e9:67:99:e9:06:0c:b8:08:1e:fa:32:01:84:88:bc:
         fa:d2:b4:f4
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcJeSB4DU0l2/NyfTrKc+V/VJ9uwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDYxMDE1MzAzMFoX
DTI1MDcxNTIzNTk1OVowejFJMEcGA1UEBRNAM2I4ZGUzZGQ5NDExZjViZjFkMGNi
NTgxZGY0OTUzOWQwNDhhODIxMzYwNGUwMzI2ZjFhNGUxOWUwNzlmOTEyYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNWmovzVKFVeEQnRcCj9yja9Q1x6
OeZSRYoYg7o9CxPIimtHXCwVL9RZ4fK9igdoCg7tIVLNi1eAqTGkd2ScKAy5G9k1
fU+ODMvo1w2qtF2k09/QhdcipEvAmpBDO94eqNA7yEqIkyNo1CzQRrXYcztadRju
+0mdJDmm5Aa2xjrHknBlMjijyLSYwssM4AZt+brqxQHasGAPmnltRakyTrQwkdja
e3gJP2N+xpcjt36nyG2xJfEaZBcMSEBrmPfMHWc+ViJfkBrAoNcdTI6FAZlWw5Ms
GjAPsIiAMW5WVfLbIsFG9eO9EmnEVjRPdTjOAXCJDXwn1qLTwMixe3UztQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJO8bWbuBeI/ObGovMrHaghd5XB/MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2YzA4YjM5LTVhNDktNGVlOS1iYWFkLWE5M2U4NmQ2MmIwYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8fAwDQYJKoZIhvcNAQELBQADggEBAHXIue6h9XQ51zwcN2bT
IOcowauQ7lont1KVDJsQ4UB3ygXf6+fdfkzsgK/WJI78g/Itm1jemmOpsdDQZrVQ
spmdEQukLKI4aUUuwTZZ5xpce6C3egqBYW3OpitUvtlraZaNfMb88VbvTo9EqlW4
utK91l/bW7PRrvxC5vpzL2J/oq1tpDrzsR5qPmAN+/6Pq9U1XBhbt6zHtLz7Awgm
GIpFeFi0uD+9Mq3NgVifJKxC+b4JlkWtqRCCo8HgwTMqp20TA9ROJBoSddktSula
kdtw3nQkrSvp/tdXAUEcj9QXIz0WLdlrCHVTo1GBIulnmekGDLgIHvoyAYSIvPrS
tPQ=
-----END CERTIFICATE-----
Generated at Wed Jul 2 02:51:16 2025 by rpki-client