Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa
File:                     a8746c50-b2c6-438f-ad79-3b608da68b61.roa (raw, json)
Hash identifier:          gCJ04GZPyNt45Wa8fZsns53fr8WFtGqTqQGr4m4bXcQ=
Subject key identifier:   9A:FF:7F:9C:72:C6:72:39:8E:75:C7:F0:B1:B0:98:3B:2B:A6:DB:36
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4090436798D36B4870E7685E942D9A443DB0B467
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa
Signing time:             Mon 07 Jul 2025 15:11:16 +0000
ROA not before:           Mon 07 Jul 2025 15:11:16 +0000
ROA not after:            Mon 11 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 12 Jul 2025 00:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:90:43:67:98:d3:6b:48:70:e7:68:5e:94:2d:9a:44:3d:b0:b4:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul  7 15:11:16 2025 GMT
            Not After : Aug 11 23:59:59 2025 GMT
        Subject: serialNumber=e352c10182918069bac9a9a76e803497d45c9427f7b76315c9d6801e7b225962, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:97:db:ea:2f:94:73:11:d9:fe:a0:54:24:f1:
                    68:50:d9:9c:69:4b:cf:23:b1:76:3d:c7:a1:42:f2:
                    a7:6d:1f:60:b1:9c:17:39:67:e9:80:14:f8:3b:53:
                    31:5a:8d:9c:5e:4c:99:97:93:bd:ca:5d:22:7b:29:
                    84:a9:0d:97:b9:2a:dd:36:18:3b:52:0b:05:3a:1d:
                    3d:80:8f:c1:70:51:dd:dd:59:61:72:68:8b:37:d4:
                    be:ae:4b:e5:b1:03:fe:8d:ab:52:f5:fd:e8:4b:2b:
                    39:8a:10:95:9a:0a:b1:cb:f2:58:da:1e:f2:46:e1:
                    23:07:2e:c6:a8:bd:c8:78:6a:4d:1b:9d:5f:dd:3e:
                    8c:d0:86:e9:34:af:1d:8f:8d:7f:bd:8d:5a:3c:e7:
                    ce:cf:d3:6b:8b:1d:ab:d1:b8:d9:70:df:28:c6:a0:
                    9b:a2:72:dc:27:c2:46:8b:13:c7:91:1d:48:8e:f0:
                    c6:7b:6f:0d:29:fc:a7:5b:12:f5:cb:8f:c6:11:f3:
                    56:62:3a:65:c6:58:65:06:8a:cf:e0:2a:30:ba:ff:
                    98:c5:6d:81:d6:8c:82:80:1b:e1:a8:ce:11:c9:64:
                    c8:90:e4:d8:02:ea:a4:c4:29:9f:e0:70:10:5a:ff:
                    75:1f:3f:dc:ee:85:df:bd:da:ea:e4:f7:2a:c5:13:
                    08:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:FF:7F:9C:72:C6:72:39:8E:75:C7:F0:B1:B0:98:3B:2B:A6:DB:36
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2b:fe:25:12:f9:9f:42:07:ac:2b:19:70:86:da:46:44:0c:bc:
         7c:42:a8:60:a9:81:87:5b:75:36:dd:47:b9:6d:c1:f2:f5:d9:
         b9:a1:df:9e:a1:15:8d:c5:d6:f0:44:79:0c:28:04:b4:61:2a:
         e8:95:3d:ca:29:8b:99:f3:cb:02:71:16:d5:be:a9:c8:c7:58:
         87:39:9f:ce:17:54:f9:30:51:b5:cf:ed:6f:00:78:92:03:34:
         e6:6e:05:89:2a:43:6d:ce:49:c1:ec:62:3d:f4:b7:0e:4b:2d:
         27:bd:be:56:37:21:2c:75:a9:9b:df:36:d2:fd:d0:3d:d0:4d:
         61:6d:27:b8:2a:e3:79:45:ab:6e:a1:42:26:0f:75:99:42:f4:
         ce:a0:00:dd:38:ba:e8:35:10:ea:a7:2d:37:29:4e:13:1c:c0:
         70:5d:ee:97:c0:86:c6:80:f7:e5:1b:ee:02:b2:02:05:a0:4f:
         74:fe:49:05:b7:68:5a:c1:35:9f:7a:5f:ba:b2:73:39:f0:c4:
         24:5d:fd:7b:ac:4e:64:a9:b6:e8:28:5d:23:a5:32:f9:5c:bf:
         eb:e3:e6:66:e0:15:35:a9:ee:91:b1:78:30:9a:66:ff:d9:03:
         a6:75:18:3b:b3:ae:46:fe:ac:5d:c2:eb:fd:d9:ad:76:94:69:
         67:0b:84:5b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQJBDZ5jTa0hw52helC2aRD2wtGcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcwNzE1MTExNloX
DTI1MDgxMTIzNTk1OVowejFJMEcGA1UEBRNAZTM1MmMxMDE4MjkxODA2OWJhYzlh
OWE3NmU4MDM0OTdkNDVjOTQyN2Y3Yjc2MzE1YzlkNjgwMWU3YjIyNTk2MjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpfb6i+UcxHZ/qBUJPFoUNmcaUvP
I7F2PcehQvKnbR9gsZwXOWfpgBT4O1MxWo2cXkyZl5O9yl0ieymEqQ2XuSrdNhg7
UgsFOh09gI/BcFHd3VlhcmiLN9S+rkvlsQP+jatS9f3oSys5ihCVmgqxy/JY2h7y
RuEjBy7GqL3IeGpNG51f3T6M0IbpNK8dj41/vY1aPOfOz9Nrix2r0bjZcN8oxqCb
onLcJ8JGixPHkR1IjvDGe28NKfynWxL1y4/GEfNWYjplxlhlBorP4Cowuv+YxW2B
1oyCgBvhqM4RyWTIkOTYAuqkxCmf4HAQWv91Hz/c7oXfvdrq5PcqxRMIewIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJr/f5xyxnI5jnXH8LGwmDsrpts2MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2E4NzQ2YzUwLWIyYzYtNDM4Zi1hZDc5LTNiNjA4ZGE2OGI2MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaGAwDQYJKoZIhvcNAQELBQADggEBACv+JRL5n0IHrCsZcIba
RkQMvHxCqGCpgYdbdTbdR7ltwfL12bmh356hFY3F1vBEeQwoBLRhKuiVPcopi5nz
ywJxFtW+qcjHWIc5n84XVPkwUbXP7W8AeJIDNOZuBYkqQ23OScHsYj30tw5LLSe9
vlY3ISx1qZvfNtL90D3QTWFtJ7gq43lFq26hQiYPdZlC9M6gAN04uug1EOqnLTcp
ThMcwHBd7pfAhsaA9+Ub7gKyAgWgT3T+SQW3aFrBNZ96X7qycznwxCRd/XusTmSp
tugoXSOlMvlcv+vj5mbgFTWp7pGxeDCaZv/ZA6Z1GDuzrkb+rF3C6/3ZrXaUaWcL
hFs=
-----END CERTIFICATE-----
Generated at Tue Jul 8 21:31:46 2025 by rpki-client