Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/94aecf12-a0a8-43cd-b24c-37950ef5429d.roa
File:                     94aecf12-a0a8-43cd-b24c-37950ef5429d.roa (raw, json)
Hash identifier:          6yo+FQV9bQdpreLTCx/ARt3RbjSw1hcJSuDLDy1K5OQ=
Subject key identifier:   FB:DA:06:22:7E:29:63:32:A6:07:E0:13:B7:DC:58:0B:91:CA:16:9C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6418D0AEE35664DBA7760910409FD70D36DC417C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/94aecf12-a0a8-43cd-b24c-37950ef5429d.roa
Signing time:             Tue 22 Jul 2025 00:00:38 +0000
ROA not before:           Tue 22 Jul 2025 00:00:38 +0000
ROA not after:            Tue 26 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da27::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:18:d0:ae:e3:56:64:db:a7:76:09:10:40:9f:d7:0d:36:dc:41:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 22 00:00:38 2025 GMT
            Not After : Aug 26 23:59:59 2025 GMT
        Subject: serialNumber=6498cfccf55662835e56b9124829a3d604be9047ba5892e48857358300c1d864, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:51:6f:22:e7:d5:ab:8b:4f:09:d2:d6:74:
                    ee:9d:3e:52:1d:fd:ed:bc:31:77:b4:52:25:09:4b:
                    4f:11:66:46:f9:eb:75:b0:1d:46:63:05:97:76:9f:
                    ad:c3:2a:f9:c1:30:f4:a0:08:42:09:a2:71:5b:58:
                    f0:a7:86:fb:5f:1f:7f:3d:a2:ce:1b:70:69:99:ab:
                    75:c3:fa:9b:0a:66:26:92:d8:cb:ca:79:ea:27:45:
                    cf:61:f0:90:44:7d:0a:e6:58:f3:0c:2e:12:fb:8b:
                    6f:81:ae:0d:0c:f0:64:d2:65:29:58:44:87:b2:a0:
                    c9:d0:77:81:d6:ff:c2:6a:01:1f:de:85:36:66:0d:
                    f2:35:ab:30:3a:b4:83:d1:2e:22:7e:71:39:a6:d6:
                    57:e7:5a:a0:35:24:42:75:86:c1:19:8b:8e:93:9d:
                    f5:9d:61:ad:f1:c8:09:ae:73:cd:a7:5b:0d:48:13:
                    47:14:09:44:ba:8a:51:d2:dd:6a:04:1c:70:1e:3a:
                    61:ce:21:f3:37:39:97:ff:63:b2:dd:e9:0a:36:6e:
                    cb:b0:55:95:07:8c:f4:c4:4f:11:e7:52:c8:0b:53:
                    4e:76:c1:f8:af:23:27:3c:6a:99:62:76:37:22:58:
                    b8:fb:99:d3:5e:c3:66:39:6d:a9:3b:9a:da:8b:d6:
                    1d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:DA:06:22:7E:29:63:32:A6:07:E0:13:B7:DC:58:0B:91:CA:16:9C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/94aecf12-a0a8-43cd-b24c-37950ef5429d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da27::/36

    Signature Algorithm: sha256WithRSAEncryption
         9f:c0:76:ef:94:a5:85:88:8a:fa:11:e8:66:77:b1:10:9c:99:
         63:31:62:7a:83:4a:63:9e:6c:41:60:55:f5:2b:b9:0b:c4:49:
         57:f9:01:a6:01:c7:cf:26:23:0f:7d:3d:1f:5f:3a:5b:05:ad:
         eb:54:e8:db:9a:47:a0:fd:1f:4e:e5:51:0c:24:44:ff:5d:30:
         7a:3c:c8:06:fc:39:02:d6:f9:ba:23:e5:bf:f9:ec:7a:90:24:
         d9:6f:2f:9f:7c:e5:c2:d9:6b:c1:4c:78:17:9b:4f:de:1b:89:
         de:6b:ed:44:82:33:4d:a0:42:7c:f3:54:86:17:39:d3:f2:3a:
         96:db:cd:6e:2f:11:51:bd:b2:8a:62:8f:6a:ac:07:33:67:e9:
         2f:72:45:a5:50:54:2d:18:70:e0:ce:db:2a:45:fb:2e:6b:96:
         48:ea:af:be:be:8a:84:bd:fe:fe:3f:b8:4e:62:47:64:c4:72:
         57:22:77:f7:89:e0:1f:8b:9e:05:60:37:39:72:eb:a6:72:04:
         f8:ba:86:ac:cd:2d:a1:29:5d:24:09:75:36:e9:bf:6c:5f:dd:
         eb:b3:f5:2b:b7:20:14:8f:39:40:9f:74:d0:b5:03:a4:43:69:
         4e:8f:e7:bd:3a:2a:a4:4f:e3:cb:13:c4:02:5e:83:48:19:96:
         2e:25:6a:09
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZBjQruNWZNundgkQQJ/XDTbcQXwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyMjAwMDAzOFoX
DTI1MDgyNjIzNTk1OVowejFJMEcGA1UEBRNANjQ5OGNmY2NmNTU2NjI4MzVlNTZi
OTEyNDgyOWEzZDYwNGJlOTA0N2JhNTg5MmU0ODg1NzM1ODMwMGMxZDg2NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2dRbyLn1auLTwnS1nTunT5SHf3t
vDF3tFIlCUtPEWZG+et1sB1GYwWXdp+twyr5wTD0oAhCCaJxW1jwp4b7Xx9/PaLO
G3Bpmat1w/qbCmYmktjLynnqJ0XPYfCQRH0K5ljzDC4S+4tvga4NDPBk0mUpWESH
sqDJ0HeB1v/CagEf3oU2Zg3yNaswOrSD0S4ifnE5ptZX51qgNSRCdYbBGYuOk531
nWGt8cgJrnPNp1sNSBNHFAlEuopR0t1qBBxwHjphziHzNzmX/2Oy3ekKNm7LsFWV
B4z0xE8R51LIC1NOdsH4ryMnPGqZYnY3Ili4+5nTXsNmOW2pO5rai9YdLwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPvaBiJ+KWMypgfgE7fcWAuRyhacMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk0YWVjZjEyLWEwYTgtNDNjZC1iMjRjLTM3OTUwZWY1NDI5ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaJwAwDQYJKoZIhvcNAQELBQADggEBAJ/Adu+UpYWIivoR6GZ3
sRCcmWMxYnqDSmOebEFgVfUruQvESVf5AaYBx88mIw99PR9fOlsFretU6NuaR6D9
H07lUQwkRP9dMHo8yAb8OQLW+boj5b/57HqQJNlvL5985cLZa8FMeBebT94bid5r
7USCM02gQnzzVIYXOdPyOpbbzW4vEVG9sopij2qsBzNn6S9yRaVQVC0YcODO2ypF
+y5rlkjqr76+ioS9/v4/uE5iR2TEclcid/eJ4B+LngVgNzly66ZyBPi6hqzNLaEp
XSQJdTbpv2xf3euz9Su3IBSPOUCfdNC1A6RDaU6P5706KqRP48sTxAJeg0gZli4l
agk=
-----END CERTIFICATE-----
Generated at Thu Jul 31 00:58:24 2025 by rpki-client