Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/aba2318c-e96a-4058-8e0c-5aca2b56aad9.roa
File:                     aba2318c-e96a-4058-8e0c-5aca2b56aad9.roa (raw, json)
Hash identifier:          ZD8ds6BtDeIBXn3zo9S+XUvzmTKg73ENPLvj6/x6DFc=
Subject key identifier:   7E:C3:DE:8E:65:71:7B:75:D3:C1:2C:32:D2:17:BA:9C:DE:36:A7:1C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1BB91E4C83A364C674BFDA5F912D1F8AF7B0ABD2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/aba2318c-e96a-4058-8e0c-5aca2b56aad9.roa
Signing time:             Sat 19 Jul 2025 00:00:11 +0000
ROA not before:           Sat 19 Jul 2025 00:00:11 +0000
ROA not after:            Sat 23 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da32:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:b9:1e:4c:83:a3:64:c6:74:bf:da:5f:91:2d:1f:8a:f7:b0:ab:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 19 00:00:11 2025 GMT
            Not After : Aug 23 23:59:59 2025 GMT
        Subject: serialNumber=a6a53262248dac34865285804f1b604a3b866bcdca5475f7b7c2c2a8dc6f6c89, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b6:98:fd:a8:dc:f1:14:f9:29:17:8b:d9:eb:
                    9d:45:5d:4f:60:86:bc:36:03:ab:fd:3b:db:bd:38:
                    3f:59:25:fa:c7:7b:66:c1:80:2b:88:51:80:36:79:
                    f6:0d:3e:12:6d:44:e6:e6:37:75:68:15:23:02:0b:
                    e1:93:41:8e:56:f5:5c:f7:28:bd:86:b3:6d:22:bb:
                    7d:b0:2c:a7:96:ec:0f:c0:d0:ff:18:a2:53:ee:c9:
                    65:9e:d1:5b:2b:ea:9c:76:a4:af:4e:3a:67:21:d5:
                    de:13:80:9a:b3:49:64:8e:46:06:30:1b:6b:16:1e:
                    56:d4:7a:f8:22:0c:a8:ea:36:98:22:24:55:f6:c4:
                    12:ba:df:ae:c0:ab:a9:e7:7f:98:30:43:3d:b9:37:
                    1c:5c:f3:1b:a2:e3:3e:6d:db:59:51:b8:98:e5:a8:
                    31:5f:78:c1:8d:20:27:f5:08:9c:b2:3e:f2:44:3d:
                    14:52:9f:e4:3a:74:c6:26:89:11:f6:22:b3:4d:63:
                    05:fb:fd:96:f3:bc:41:67:86:44:a8:a5:46:e5:64:
                    a8:05:36:2a:2a:68:d7:bb:f2:58:55:8e:3b:f8:35:
                    04:c3:61:dd:8c:f0:41:2c:fd:44:41:9f:9e:b9:23:
                    f9:f0:98:a9:5d:b2:c3:e1:1b:92:2f:42:33:65:62:
                    5a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C3:DE:8E:65:71:7B:75:D3:C1:2C:32:D2:17:BA:9C:DE:36:A7:1C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/aba2318c-e96a-4058-8e0c-5aca2b56aad9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da32:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5a:15:de:4e:04:fe:d9:e4:97:15:5c:f0:15:ca:b2:ad:a4:f4:
         3a:8d:bc:2e:09:33:7a:24:8c:f4:2a:db:d1:24:b7:3a:7a:b2:
         e2:fe:31:72:6f:e0:26:cc:b3:ca:9d:a7:2f:54:9c:af:6b:0e:
         80:62:56:26:7a:70:18:f5:b6:bb:58:d2:0e:1e:47:21:dd:ad:
         e1:4c:83:54:0c:81:6e:81:1c:9f:9f:e9:48:58:5a:68:25:51:
         a9:78:8d:a7:d1:96:1b:f8:26:84:06:00:73:9c:a5:f9:69:0d:
         4d:49:dd:3d:12:6c:3b:72:73:59:81:ea:ed:d4:77:d3:e2:7a:
         24:13:ec:07:5a:61:bd:85:d7:73:7a:ca:7c:6e:cc:08:e6:a8:
         06:8f:a8:6e:a3:64:a0:53:6c:98:82:2a:a7:b2:9e:12:42:fe:
         a2:89:5d:63:97:d6:d2:ab:91:e5:09:eb:81:a7:3a:b8:62:1f:
         a1:4b:5c:98:6a:8e:47:4a:fb:49:de:60:55:7f:61:05:60:ef:
         32:ae:68:a8:1e:62:47:f7:f4:43:92:1d:c2:c4:11:c5:e5:eb:
         9a:55:be:32:ae:86:5b:2d:d5:e7:82:af:f2:d6:93:f9:72:44:
         d0:8a:59:fa:b9:73:fb:22:fb:66:d1:cf:ee:cf:91:e5:79:35:
         df:3d:60:9a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUG7keTIOjZMZ0v9pfkS0fivewq9IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcxOTAwMDAxMVoX
DTI1MDgyMzIzNTk1OVowejFJMEcGA1UEBRNAYTZhNTMyNjIyNDhkYWMzNDg2NTI4
NTgwNGYxYjYwNGEzYjg2NmJjZGNhNTQ3NWY3YjdjMmMyYThkYzZmNmM4OTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LaY/ajc8RT5KReL2eudRV1PYIa8
NgOr/TvbvTg/WSX6x3tmwYAriFGANnn2DT4SbUTm5jd1aBUjAgvhk0GOVvVc9yi9
hrNtIrt9sCynluwPwND/GKJT7sllntFbK+qcdqSvTjpnIdXeE4Cas0lkjkYGMBtr
Fh5W1Hr4Igyo6jaYIiRV9sQSut+uwKup53+YMEM9uTccXPMbouM+bdtZUbiY5agx
X3jBjSAn9Qicsj7yRD0UUp/kOnTGJokR9iKzTWMF+/2W87xBZ4ZEqKVG5WSoBTYq
KmjXu/JYVY47+DUEw2HdjPBBLP1EQZ+euSP58JipXbLD4RuSL0IzZWJaewIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFH7D3o5lcXt108EsMtIXupzeNqccMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FiYTIzMThjLWU5NmEtNDA1OC04ZTBjLTVhY2EyYjU2YWFkOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaMqAwDQYJKoZIhvcNAQELBQADggEBAFoV3k4E/tnklxVc8BXK
sq2k9DqNvC4JM3okjPQq29Ektzp6suL+MXJv4CbMs8qdpy9UnK9rDoBiViZ6cBj1
trtY0g4eRyHdreFMg1QMgW6BHJ+f6UhYWmglUal4jafRlhv4JoQGAHOcpflpDU1J
3T0SbDtyc1mB6u3Ud9PieiQT7AdaYb2F13N6ynxuzAjmqAaPqG6jZKBTbJiCKqey
nhJC/qKJXWOX1tKrkeUJ64GnOrhiH6FLXJhqjkdK+0neYFV/YQVg7zKuaKgeYkf3
9EOSHcLEEcXl65pVvjKuhlst1eeCr/LWk/lyRNCKWfq5c/si+2bRz+7PkeV5Nd89
YJo=
-----END CERTIFICATE-----
Generated at Thu Jul 31 00:57:21 2025 by rpki-client