Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa
File:                     8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa (raw, json)
Hash identifier:          nSsfI9JF8k/O8f80J/JOOElbA0c8hVxpUizY13bnBuI=
Subject key identifier:   68:D0:D5:FC:E8:77:C4:B0:14:E6:4F:0A:6C:79:18:84:4D:0A:49:22
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       09556958DB72B33299B3EBCEF95A82634CE16E0A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa
Signing time:             Tue 29 Jul 2025 00:50:36 +0000
ROA not before:           Tue 29 Jul 2025 00:50:36 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:2040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:55:69:58:db:72:b3:32:99:b3:eb:ce:f9:5a:82:63:4c:e1:6e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 29 00:50:36 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=0e3d3f29976ffc10b5a79e2065e96b1d0c7c0f0ee7e9fc8aa66087c64da53221, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fd:ce:1d:5a:6a:63:78:a9:b6:54:2f:62:dc:
                    e0:85:f8:5d:00:23:d5:d8:1d:7a:96:46:b4:f8:ab:
                    09:98:7a:b4:c0:05:82:f7:b3:9f:e9:7d:54:d6:b4:
                    53:74:f8:02:5d:7e:89:61:f9:3d:d4:9a:38:3e:8f:
                    a3:dd:7d:81:6d:50:04:ac:31:ee:99:fa:88:d6:66:
                    bb:0b:fc:e9:6c:c2:45:59:13:f5:fe:76:2d:29:d4:
                    70:a6:a2:92:c5:48:75:9f:57:be:50:d8:fe:1c:d5:
                    b9:45:1c:e4:41:29:72:43:83:87:5f:ac:db:60:6d:
                    ce:64:70:33:71:51:b7:90:cf:20:47:49:66:fb:1c:
                    51:d3:96:04:a5:5d:0d:5b:64:7d:2b:2d:e1:b0:02:
                    cf:2b:17:c7:e7:d6:9f:e4:56:40:37:22:c5:1b:44:
                    9c:4f:43:a0:db:24:6a:28:eb:7b:27:7c:00:9b:d8:
                    b8:c6:6d:db:ce:0c:9d:59:9f:56:53:37:5e:5a:bd:
                    70:88:9b:e4:48:c1:a8:33:c9:a1:65:e9:6d:0e:ab:
                    97:86:0c:50:32:84:99:b1:a8:d0:42:8c:6e:6a:9b:
                    0f:ce:f3:83:05:d6:87:94:53:56:12:26:23:e7:1c:
                    a0:6d:58:df:dc:63:62:db:ed:54:6b:4c:c6:92:e5:
                    c8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D0:D5:FC:E8:77:C4:B0:14:E6:4F:0A:6C:79:18:84:4D:0A:49:22
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8c6b3e2f-c441-4d2e-a3fb-511aebd72aa2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:0a:e2:96:53:dc:1a:fb:5f:10:27:b4:78:58:19:b2:80:f7:
         33:27:ad:74:9f:35:54:37:38:dc:1f:da:f0:31:3b:30:fb:d5:
         14:8f:d1:dd:34:5f:e7:e6:2c:93:81:89:9a:0b:39:1d:bf:99:
         c3:8e:79:c0:1d:78:ba:7e:fe:57:63:40:26:21:09:0e:3d:4c:
         1c:55:7b:34:41:d0:d3:a9:f7:58:f0:74:82:d8:8b:48:2a:7c:
         c2:6e:98:ca:81:46:7f:16:e9:3b:fe:c0:71:c8:00:cc:21:4e:
         a5:51:6e:48:28:3a:80:d9:b9:a2:15:38:17:bd:c0:ea:2f:ea:
         1d:cc:77:4d:45:02:b7:4f:07:83:32:56:0b:e3:7c:02:d3:4c:
         2f:91:9e:f5:5e:ac:62:51:91:80:73:9b:ac:bb:c6:83:b6:77:
         b6:e7:f4:a6:83:3a:95:81:c3:09:2a:11:9d:a0:3d:77:73:23:
         9a:c8:d3:6c:40:d0:03:67:94:6c:e6:4d:c5:ec:15:a6:1a:e2:
         26:59:b2:fe:eb:d0:f9:a9:a1:2d:f0:b6:6d:12:11:57:e4:16:
         01:a0:df:1e:b0:37:57:1f:88:f5:14:da:8c:9a:92:14:04:06:
         79:21:c4:83:e6:9a:6a:0d:bc:cc:09:4e:76:00:8b:cb:ae:72:
         6e:7e:b5:35
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUCVVpWNtyszKZs+vO+VqCY0zhbgowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyOTAwNTAzNloX
DTI1MDkwMjIzNTk1OVowejFJMEcGA1UEBRNAMGUzZDNmMjk5NzZmZmMxMGI1YTc5
ZTIwNjVlOTZiMWQwYzdjMGYwZWU3ZTlmYzhhYTY2MDg3YzY0ZGE1MzIyMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov3OHVpqY3iptlQvYtzghfhdACPV
2B16lka0+KsJmHq0wAWC97Of6X1U1rRTdPgCXX6JYfk91Jo4Po+j3X2BbVAErDHu
mfqI1ma7C/zpbMJFWRP1/nYtKdRwpqKSxUh1n1e+UNj+HNW5RRzkQSlyQ4OHX6zb
YG3OZHAzcVG3kM8gR0lm+xxR05YEpV0NW2R9Ky3hsALPKxfH59af5FZANyLFG0Sc
T0Og2yRqKOt7J3wAm9i4xm3bzgydWZ9WUzdeWr1wiJvkSMGoM8mhZeltDquXhgxQ
MoSZsajQQoxuapsPzvODBdaHlFNWEiYj5xygbVjf3GNi2+1Ua0zGkuXI5wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFGjQ1fzod8SwFOZPCmx5GIRNCkkiMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhjNmIzZTJmLWM0NDEtNGQyZS1hM2ZiLTUxMWFlYmQ3MmFhMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/yBAMA0GCSqGSIb3DQEBCwUAA4IBAQA1CuKWU9wa+18QJ7R4
WBmygPczJ610nzVUNzjcH9rwMTsw+9UUj9HdNF/n5iyTgYmaCzkdv5nDjnnAHXi6
fv5XY0AmIQkOPUwcVXs0QdDTqfdY8HSC2ItIKnzCbpjKgUZ/Fuk7/sBxyADMIU6l
UW5IKDqA2bmiFTgXvcDqL+odzHdNRQK3TweDMlYL43wC00wvkZ71XqxiUZGAc5us
u8aDtne25/SmgzqVgcMJKhGdoD13cyOayNNsQNADZ5Rs5k3F7BWmGuImWbL+69D5
qaEt8LZtEhFX5BYBoN8esDdXH4j1FNqMmpIUBAZ5IcSD5ppqDbzMCU52AIvLrnJu
frU1
-----END CERTIFICATE-----
Generated at Thu Jul 31 00:57:24 2025 by rpki-client