Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8ca371d9-2153-4053-99ac-1bdc0c4294ab.roa
File:                     8ca371d9-2153-4053-99ac-1bdc0c4294ab.roa (raw, json)
Hash identifier:          zBNrgiqxHJaKc58azCxnFVZcAesPUvWqGk+Ye2kLiUo=
Subject key identifier:   82:FA:7F:87:60:70:8C:6B:46:48:4B:38:10:5D:D3:B0:4E:9B:FC:DA
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       376EE94D9582AAB145359583B6DDF1204A04842D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8ca371d9-2153-4053-99ac-1bdc0c4294ab.roa
Signing time:             Tue 29 Jul 2025 00:40:23 +0000
ROA not before:           Tue 29 Jul 2025 00:40:23 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:8020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:6e:e9:4d:95:82:aa:b1:45:35:95:83:b6:dd:f1:20:4a:04:84:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 29 00:40:23 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=377311a368eaa02c10658e9fdc0ac4b927fa62579952d6e49133c9774011c5fd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:70:91:81:6c:f1:e3:3f:b1:5f:de:23:ed:
                    ad:d4:78:17:71:8c:60:6d:d6:9c:b4:f0:93:de:7d:
                    9f:cb:65:8d:f1:b7:0b:c5:63:55:a3:32:fb:33:b8:
                    96:c6:ee:ce:c9:df:e3:9c:34:c8:26:11:ec:89:8c:
                    24:2f:25:b6:8a:a9:d1:c1:9f:9d:ce:36:50:b4:f1:
                    a6:f6:83:63:27:a4:f5:25:49:71:21:46:b2:4c:49:
                    6b:a2:81:b9:39:16:4b:18:d6:d4:84:fc:26:91:65:
                    c3:5f:24:04:9c:7e:c3:d1:be:bd:77:a5:7c:12:ea:
                    b4:71:00:46:e1:df:67:f7:e5:c1:a9:1d:53:1e:5e:
                    ea:4b:72:9b:a5:8c:65:db:20:67:fd:42:d7:a2:82:
                    da:60:8e:f0:3f:83:6c:ac:79:89:1b:76:33:16:2c:
                    53:b9:12:01:b8:86:86:e6:09:f0:61:10:7e:b2:4f:
                    03:86:9a:a4:c4:f2:e9:75:81:2c:e4:55:e1:52:9b:
                    66:79:ea:55:01:8f:06:c6:08:b4:8c:d1:41:f3:53:
                    3e:16:ea:a0:9a:66:75:1f:14:6d:95:fb:a9:6b:db:
                    a7:1c:9a:4c:de:17:a9:0a:aa:e0:a4:e4:1b:9b:99:
                    9e:0c:25:ce:e4:8e:fe:92:86:7e:9f:e0:83:88:aa:
                    f5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:FA:7F:87:60:70:8C:6B:46:48:4B:38:10:5D:D3:B0:4E:9B:FC:DA
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8ca371d9-2153-4053-99ac-1bdc0c4294ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:29:21:35:35:aa:e2:33:63:4a:03:1d:c8:2f:85:f1:03:bf:
         20:9c:24:8f:99:82:59:90:bf:a8:36:05:d0:34:cf:d8:ba:d1:
         76:12:fd:65:0c:07:08:d4:40:f9:79:d0:cb:42:c1:03:9a:8b:
         07:fa:14:7a:5c:9e:7e:b3:d7:12:02:0d:88:83:b2:f7:58:f7:
         07:c1:ca:71:3a:be:08:d4:ce:bf:70:de:65:4d:19:e2:e3:9f:
         73:22:23:be:e9:2c:18:66:6e:66:45:49:29:af:55:ac:1f:57:
         ea:af:f0:66:0a:b5:ef:96:db:81:c7:56:3d:11:cd:70:9b:cb:
         4c:bb:66:af:c5:92:57:48:54:28:e8:f8:56:51:b2:92:ae:3e:
         29:ee:7c:1d:98:f2:e7:a3:84:60:2b:f9:dc:9c:a0:13:21:51:
         cf:81:8c:09:94:dc:14:00:90:ea:b7:58:5c:1e:a0:0a:ee:f5:
         20:ba:da:c9:87:0b:03:a7:22:4f:cd:c2:a3:4e:fc:84:03:14:
         8e:fd:05:bb:90:fb:ba:31:d2:f2:9e:db:c1:17:94:5c:e9:7d:
         aa:06:15:ed:76:1b:e0:fb:02:21:42:65:7b:05:27:0f:4d:0e:
         16:e1:2f:a9:86:9c:13:40:44:e6:69:1a:fd:71:d3:b2:3c:c4:
         ab:f2:50:a3
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUN27pTZWCqrFFNZWDtt3xIEoEhC0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyOTAwNDAyM1oX
DTI1MDkwMjIzNTk1OVowejFJMEcGA1UEBRNAMzc3MzExYTM2OGVhYTAyYzEwNjU4
ZTlmZGMwYWM0YjkyN2ZhNjI1Nzk5NTJkNmU0OTEzM2M5Nzc0MDExYzVmZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIFwkYFs8eM/sV/eI+2t1HgXcYxg
bdactPCT3n2fy2WN8bcLxWNVozL7M7iWxu7Oyd/jnDTIJhHsiYwkLyW2iqnRwZ+d
zjZQtPGm9oNjJ6T1JUlxIUayTElrooG5ORZLGNbUhPwmkWXDXyQEnH7D0b69d6V8
Euq0cQBG4d9n9+XBqR1THl7qS3KbpYxl2yBn/ULXooLaYI7wP4NsrHmJG3YzFixT
uRIBuIaG5gnwYRB+sk8DhpqkxPLpdYEs5FXhUptmeepVAY8Gxgi0jNFB81M+Fuqg
mmZ1HxRtlfupa9unHJpM3hepCqrgpOQbm5meDCXO5I7+koZ+n+CDiKr15wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFIL6f4dgcIxrRkhLOBBd07BOm/zaMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhjYTM3MWQ5LTIxNTMtNDA1My05OWFjLTFiZGMwYzQyOTRhYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaAIAgMA0GCSqGSIb3DQEBCwUAA4IBAQBhKSE1NariM2NKAx3I
L4XxA78gnCSPmYJZkL+oNgXQNM/YutF2Ev1lDAcI1ED5edDLQsEDmosH+hR6XJ5+
s9cSAg2Ig7L3WPcHwcpxOr4I1M6/cN5lTRni459zIiO+6SwYZm5mRUkpr1WsH1fq
r/BmCrXvltuBx1Y9Ec1wm8tMu2avxZJXSFQo6PhWUbKSrj4p7nwdmPLno4RgK/nc
nKATIVHPgYwJlNwUAJDqt1hcHqAK7vUgutrJhwsDpyJPzcKjTvyEAxSO/QW7kPu6
MdLyntvBF5Rc6X2qBhXtdhvg+wIhQmV7BScPTQ4W4S+phpwTQETmaRr9cdOyPMSr
8lCj
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:03:50 2025 by rpki-client