Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a7b6771f-2f85-4683-b0d9-3a749bbe218a.roa
File:                     a7b6771f-2f85-4683-b0d9-3a749bbe218a.roa (raw, json)
Hash identifier:          89QfgQbtBsYmKPE8jbGWQK7aXX610NaUBOmawdZCejQ=
Subject key identifier:   8C:C8:D2:3B:A4:15:11:3E:6D:46:1F:7C:A8:CF:99:55:1B:58:F5:2F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0F69869F0AD686A2F36987ACE0022D7DDD848E26
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a7b6771f-2f85-4683-b0d9-3a749bbe218a.roa
Signing time:             Sat 31 May 2025 00:00:15 +0000
ROA not before:           Sat 31 May 2025 00:00:15 +0000
ROA not after:            Sat 05 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab8:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 07 Jun 2025 20:08:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:69:86:9f:0a:d6:86:a2:f3:69:87:ac:e0:02:2d:7d:dd:84:8e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 31 00:00:15 2025 GMT
            Not After : Jul  5 23:59:59 2025 GMT
        Subject: serialNumber=4efe411100eb2442c435bd1a151021426583adc50cc9840dff31952e6baeeeb2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f1:51:e9:6b:83:21:92:25:48:11:00:db:36:
                    56:16:52:88:63:0b:9e:90:7b:00:6a:33:4f:01:e6:
                    bd:a0:ea:e9:48:b9:dd:a0:6c:27:6f:43:53:b6:61:
                    a8:6c:9a:2e:d9:e5:70:2f:1a:21:76:bf:e4:e8:98:
                    5e:ac:a0:10:f3:17:49:b5:e9:e7:c0:8c:ad:62:d6:
                    72:ce:c1:ff:bd:76:6a:9c:d6:f2:65:ff:6d:b4:09:
                    a1:35:e6:b1:1d:c4:6a:93:3d:ba:4b:7b:3c:c4:8d:
                    ac:8a:09:de:ba:cc:df:23:5c:f5:4b:a2:15:3d:ef:
                    ce:c0:1c:3a:ae:b8:c2:a9:0b:c5:72:1f:51:6d:f6:
                    72:49:76:2f:6c:82:34:29:9b:f7:d5:ec:30:0c:fd:
                    c4:86:1a:10:a7:d8:0e:8b:37:01:cd:50:8e:21:f7:
                    a3:37:20:f4:f9:99:31:e6:61:16:2c:f3:c9:46:3c:
                    ad:39:26:fa:22:fa:2c:76:ab:80:02:35:18:98:92:
                    f9:09:9f:d4:9a:38:66:04:73:80:67:cd:14:ff:e8:
                    7e:b8:ce:2f:06:72:8d:0c:3d:84:91:d4:04:18:5d:
                    1e:a4:92:c4:84:0a:54:6d:90:e8:aa:15:c4:b5:b7:
                    07:d5:73:a3:ea:69:39:80:19:fa:25:a1:34:85:57:
                    4e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:C8:D2:3B:A4:15:11:3E:6D:46:1F:7C:A8:CF:99:55:1B:58:F5:2F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a7b6771f-2f85-4683-b0d9-3a749bbe218a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab8:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:d1:61:a9:d4:97:bc:19:31:88:ea:5b:de:ea:28:7b:8f:35:
         1a:97:dc:de:82:22:4d:33:e3:09:58:d0:00:40:0d:78:15:e9:
         e9:01:c9:b9:23:e9:58:12:74:92:cf:78:c8:6e:89:c5:e9:fb:
         16:6e:4f:17:71:b4:fe:87:63:09:e3:7b:29:72:60:c9:38:9b:
         4c:fd:7c:b4:8f:8b:33:7d:9a:c7:97:9b:a2:88:1a:7c:5f:81:
         ae:bf:58:11:3f:70:ec:fd:bc:67:79:c0:a6:c4:e7:03:5c:10:
         bf:60:ca:3f:62:22:3b:6c:9c:99:a0:c9:65:8f:81:fb:8d:d1:
         5b:2e:82:b7:99:bb:d9:32:23:0b:bf:b4:7c:26:e7:e2:ee:73:
         84:1d:52:12:72:62:d6:db:9e:69:2c:66:3a:80:b7:20:00:a9:
         31:ca:bd:37:a5:f2:60:6c:54:f4:d8:76:ea:03:6a:99:29:de:
         21:f9:16:48:8c:c9:36:d9:91:77:e4:4e:1d:fd:aa:bf:7f:50:
         0e:6d:4a:c9:88:06:45:b9:c9:be:83:80:3c:24:b7:04:53:7a:
         f7:2a:4e:73:cb:7b:02:41:95:5f:45:d8:2a:d9:d7:af:b7:36:
         07:15:82:41:51:e3:f5:23:ae:33:16:f8:22:ea:c7:23:23:0c:
         af:72:05:2f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUD2mGnwrWhqLzaYes4AItfd2EjiYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUzMTAwMDAxNVoX
DTI1MDcwNTIzNTk1OVowejFJMEcGA1UEBRNANGVmZTQxMTEwMGViMjQ0MmM0MzVi
ZDFhMTUxMDIxNDI2NTgzYWRjNTBjYzk4NDBkZmYzMTk1MmU2YmFlZWViMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvFR6WuDIZIlSBEA2zZWFlKIYwue
kHsAajNPAea9oOrpSLndoGwnb0NTtmGobJou2eVwLxohdr/k6JherKAQ8xdJtenn
wIytYtZyzsH/vXZqnNbyZf9ttAmhNeaxHcRqkz26S3s8xI2signeuszfI1z1S6IV
Pe/OwBw6rrjCqQvFch9RbfZySXYvbII0KZv31ewwDP3EhhoQp9gOizcBzVCOIfej
NyD0+Zkx5mEWLPPJRjytOSb6IvosdquAAjUYmJL5CZ/UmjhmBHOAZ80U/+h+uM4v
BnKNDD2EkdQEGF0epJLEhApUbZDoqhXEtbcH1XOj6mk5gBn6JaE0hVdO6wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIzI0jukFRE+bUYffKjPmVUbWPUvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2E3YjY3NzFmLTJmODUtNDY4My1iMGQ5LTNhNzQ5YmJlMjE4YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauGAwDQYJKoZIhvcNAQELBQADggEBAK/RYanUl7wZMYjqW97q
KHuPNRqX3N6CIk0z4wlY0ABADXgV6ekBybkj6VgSdJLPeMhuicXp+xZuTxdxtP6H
YwnjeylyYMk4m0z9fLSPizN9mseXm6KIGnxfga6/WBE/cOz9vGd5wKbE5wNcEL9g
yj9iIjtsnJmgyWWPgfuN0VsugreZu9kyIwu/tHwm5+Luc4QdUhJyYtbbnmksZjqA
tyAAqTHKvTel8mBsVPTYduoDapkp3iH5FkiMyTbZkXfkTh39qr9/UA5tSsmIBkW5
yb6DgDwktwRTevcqTnPLewJBlV9F2CrZ16+3NgcVgkFR4/UjrjMW+CLqxyMjDK9y
BS8=
-----END CERTIFICATE-----
Generated at Tue Jun 3 23:14:22 2025 by rpki-client