Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a1a3eb-46fb-4349-beb4-dbadef907e2b.roa
File:                     c7a1a3eb-46fb-4349-beb4-dbadef907e2b.roa (raw, json)
Hash identifier:          O9CVSr+KtJeiv9cLjvlAznsW4yHT+WEeW6Ni9mUZPwA=
Subject key identifier:   1B:12:AD:AB:22:57:D3:DD:BA:E3:A3:87:C4:38:BC:90:03:A0:3E:79
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       37196BE50AF02C32369CBE5C082139D1393B3D8D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a1a3eb-46fb-4349-beb4-dbadef907e2b.roa
Signing time:             Mon 28 Jul 2025 15:10:59 +0000
ROA not before:           Mon 28 Jul 2025 15:10:59 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:a040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:19:6b:e5:0a:f0:2c:32:36:9c:be:5c:08:21:39:d1:39:3b:3d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 28 15:10:59 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=370191db0f80e855b73a2e177fd145e6e37356e1e208897794b94676107b34ac, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:cd:b8:2e:7b:aa:5e:0a:f8:28:5c:97:46:c2:
                    ca:09:46:fa:d1:eb:cd:a1:2f:8a:0c:ee:50:49:73:
                    63:a4:90:e7:e8:5e:e1:29:8c:9f:b2:ca:27:0b:4f:
                    56:70:c1:ba:7b:2f:cd:81:94:3c:0d:d9:68:79:c5:
                    9d:2d:07:64:67:f7:1f:f0:aa:db:14:e7:4f:bb:18:
                    e1:3f:5b:62:f3:8e:6a:61:f4:90:88:1d:57:16:6f:
                    d9:af:49:8e:ea:a1:85:27:6e:7e:10:b3:b1:2c:44:
                    49:9c:12:76:35:c8:6b:c3:06:a7:ac:cd:2e:f0:3b:
                    a6:9d:13:d4:51:82:b5:a7:43:78:4e:52:e6:28:68:
                    05:93:47:3a:ab:0f:f4:76:f1:36:62:6a:5f:ce:77:
                    c0:31:f6:3c:7f:e9:39:98:50:6e:34:43:ba:06:56:
                    9d:bb:47:e8:8b:4a:59:40:60:a5:36:38:34:8e:60:
                    48:69:9e:8b:b0:f8:3f:b2:14:36:7f:0b:c9:8f:6c:
                    a0:0e:bd:14:30:41:e6:07:f7:01:74:9a:57:4c:2f:
                    77:7c:47:e7:41:83:0c:13:70:3f:ff:ae:6b:13:9e:
                    68:c7:47:0b:bd:38:15:55:b5:91:c9:31:82:ba:9c:
                    e1:80:39:05:8a:63:92:cf:b5:cb:34:d4:77:9d:62:
                    82:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:12:AD:AB:22:57:D3:DD:BA:E3:A3:87:C4:38:BC:90:03:A0:3E:79
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a1a3eb-46fb-4349-beb4-dbadef907e2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:a040::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:1d:51:0b:32:7f:8e:d4:f3:e9:67:be:fc:af:06:e6:02:35:
         7c:db:35:54:c8:aa:09:1c:a0:90:e5:72:ae:26:1a:4e:c1:e3:
         cc:e2:3b:17:2d:e7:ac:26:70:29:aa:fb:0d:b4:91:26:70:61:
         ca:8b:d2:1d:82:38:7d:a3:64:97:f0:ce:1b:54:00:f2:9d:56:
         a5:9f:92:ab:19:e0:32:96:b8:9e:ac:5e:8e:ef:d1:9b:60:dc:
         79:6b:e2:d5:08:b5:59:ec:a6:4d:f6:8b:e3:eb:34:fa:0e:10:
         ad:0b:65:cf:16:dd:53:45:63:91:6f:36:c9:1b:c6:1a:d8:1b:
         d6:7b:7b:2c:2d:b0:5a:5a:7c:5b:f9:ec:01:0c:0f:0d:e4:7b:
         fa:00:89:8b:71:45:f5:33:5f:70:39:03:32:dc:3b:08:4c:7e:
         2b:fb:8a:f2:38:68:6a:2c:f7:2b:d5:e9:e5:62:03:fd:a8:65:
         a0:90:bb:a1:61:fd:a4:95:61:1a:69:46:73:d5:e7:1a:88:02:
         62:c0:10:e6:4a:0a:10:04:14:a7:90:11:31:94:d7:71:a9:74:
         fb:d4:cc:50:27:e8:e4:a3:2b:d5:c5:18:1d:fe:c4:4f:7e:3c:
         a8:e0:e5:e6:13:dd:ee:43:1e:41:de:54:02:b0:0b:e9:1c:cc:
         25:2e:4d:34
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUNxlr5QrwLDI2nL5cCCE50Tk7PY0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyODE1MTA1OVoX
DTI1MDkwMTIzNTk1OVowejFJMEcGA1UEBRNAMzcwMTkxZGIwZjgwZTg1NWI3M2Ey
ZTE3N2ZkMTQ1ZTZlMzczNTZlMWUyMDg4OTc3OTRiOTQ2NzYxMDdiMzRhYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8M24LnuqXgr4KFyXRsLKCUb60evN
oS+KDO5QSXNjpJDn6F7hKYyfssonC09WcMG6ey/NgZQ8DdloecWdLQdkZ/cf8Krb
FOdPuxjhP1ti845qYfSQiB1XFm/Zr0mO6qGFJ25+ELOxLERJnBJ2NchrwwanrM0u
8DumnRPUUYK1p0N4TlLmKGgFk0c6qw/0dvE2YmpfznfAMfY8f+k5mFBuNEO6Blad
u0foi0pZQGClNjg0jmBIaZ6LsPg/shQ2fwvJj2ygDr0UMEHmB/cBdJpXTC93fEfn
QYMME3A//65rE55ox0cLvTgVVbWRyTGCupzhgDkFimOSz7XLNNR3nWKCrQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBsSrasiV9PduuOjh8Q4vJADoD55MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2M3YTFhM2ViLTQ2ZmItNDM0OS1iZWI0LWRiYWRlZjkwN2UyYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaAKBAMA0GCSqGSIb3DQEBCwUAA4IBAQCaHVELMn+O1PPpZ778
rwbmAjV82zVUyKoJHKCQ5XKuJhpOwePM4jsXLeesJnApqvsNtJEmcGHKi9Idgjh9
o2SX8M4bVADynValn5KrGeAylrierF6O79GbYNx5a+LVCLVZ7KZN9ovj6zT6DhCt
C2XPFt1TRWORbzbJG8Ya2BvWe3ssLbBaWnxb+ewBDA8N5Hv6AImLcUX1M19wOQMy
3DsITH4r+4ryOGhqLPcr1enlYgP9qGWgkLuhYf2klWEaaUZz1ecaiAJiwBDmSgoQ
BBSnkBExlNdxqXT71MxQJ+jkoyvVxRgd/sRPfjyo4OXmE93uQx5B3lQCsAvpHMwl
Lk00
-----END CERTIFICATE-----
Generated at Thu Jul 31 00:57:27 2025 by rpki-client