Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa
File:                     cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa (raw, json)
Hash identifier:          m8j6FzlSTBI2SDZDtebwvewlxregOLAUDoKiB1A/qsk=
Subject key identifier:   FD:9B:DB:A8:20:BA:FA:CE:CF:90:33:09:FF:FD:61:A0:9A:F0:66:68
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       157F45CF1D45CCFBA2EDEA47C94F203C022B08EF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa
Signing time:             Mon 07 Jul 2025 15:20:09 +0000
ROA not before:           Mon 07 Jul 2025 15:20:09 +0000
ROA not after:            Mon 11 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:7f:45:cf:1d:45:cc:fb:a2:ed:ea:47:c9:4f:20:3c:02:2b:08:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul  7 15:20:09 2025 GMT
            Not After : Aug 11 23:59:59 2025 GMT
        Subject: serialNumber=184fdc23514af85ee7679bf42fa795f81703ec0e53a04d9971d1ecb0eb314628, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:29:10:3d:ab:1c:6f:0d:36:04:08:4b:7e:07:
                    4c:46:a3:ab:d2:1d:bc:ca:20:8a:11:79:d1:8c:2d:
                    6b:59:4c:d6:2a:1e:c2:fd:e0:0a:1c:ec:1d:33:fe:
                    3e:65:92:6a:cf:f1:a3:b5:58:e5:cc:0d:67:f6:a5:
                    0d:8a:72:e8:3c:a0:fc:b9:11:65:fe:2c:4e:22:ea:
                    58:5c:b4:d9:b5:a0:53:71:6f:dc:83:66:0f:ed:8c:
                    53:e7:9f:fb:df:fc:e9:f2:d9:7d:52:cb:1a:86:81:
                    01:c6:07:59:f0:1c:1d:f1:3f:af:cc:2d:2c:f6:49:
                    f7:20:31:58:5b:58:e7:cd:08:05:59:2c:4f:51:13:
                    e9:ae:27:4d:26:47:05:51:f2:19:3e:73:8a:51:7d:
                    10:4e:4b:cb:16:38:7f:ae:26:79:58:59:8f:e0:d0:
                    33:70:06:83:ae:fc:03:47:99:c8:a4:50:3a:3c:01:
                    7e:5b:22:e4:99:a0:aa:1e:fa:e4:58:ec:51:21:d9:
                    01:6e:3a:1f:fd:60:9e:da:15:84:ef:91:11:4c:ce:
                    05:ec:f3:7c:bb:7d:2a:f5:01:87:d1:c8:03:06:3a:
                    61:44:47:d6:fe:6e:6d:14:24:60:aa:9d:96:31:2b:
                    a9:0a:ab:e5:12:37:8d:35:87:d0:a0:c3:40:d4:a3:
                    c4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9B:DB:A8:20:BA:FA:CE:CF:90:33:09:FF:FD:61:A0:9A:F0:66:68
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6e:0c:f7:43:01:2c:91:f3:15:10:ff:4d:0d:88:ad:11:0e:91:
         cc:eb:69:11:35:47:c4:13:58:24:d9:31:49:17:0f:7f:3f:12:
         12:b8:d8:ba:33:4d:4a:91:b8:c9:c1:6f:5c:8f:2e:d5:5b:b6:
         42:d9:6f:ad:23:51:88:17:3f:43:3f:84:42:cd:af:78:e1:22:
         8d:7d:fe:cb:67:63:cd:2b:95:c2:9a:20:5d:58:17:7e:d5:e3:
         4a:3d:6f:74:99:04:81:a4:25:a0:69:f9:eb:d6:d8:7b:cf:32:
         95:d6:6d:09:a5:8d:86:58:93:8f:fb:ee:3c:c1:da:fa:51:84:
         0b:ab:a6:15:c7:ad:91:80:4c:99:13:5f:62:fc:f8:0b:aa:27:
         32:e3:ba:1c:53:9e:49:37:ec:cf:2d:e8:77:c4:eb:2b:ef:6e:
         f1:9d:e5:2b:98:5b:86:ac:0b:25:d4:35:25:7e:fa:94:1b:46:
         26:a4:aa:dd:12:44:c7:63:05:52:57:b2:50:ac:ff:0c:59:18:
         c6:c4:93:54:d5:71:8e:4b:79:d6:9e:28:ce:3b:3b:43:e6:b1:
         d8:ce:93:95:c2:6f:39:9b:2b:68:fc:33:66:f5:bf:75:0f:88:
         6c:44:2e:0e:93:0a:14:cc:7d:f9:06:d8:62:be:23:0a:7a:46:
         b4:f0:0f:20
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFX9Fzx1FzPui7epHyU8gPAIrCO8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcwNzE1MjAwOVoX
DTI1MDgxMTIzNTk1OVowejFJMEcGA1UEBRNAMTg0ZmRjMjM1MTRhZjg1ZWU3Njc5
YmY0MmZhNzk1ZjgxNzAzZWMwZTUzYTA0ZDk5NzFkMWVjYjBlYjMxNDYyODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjykQPascbw02BAhLfgdMRqOr0h28
yiCKEXnRjC1rWUzWKh7C/eAKHOwdM/4+ZZJqz/GjtVjlzA1n9qUNinLoPKD8uRFl
/ixOIupYXLTZtaBTcW/cg2YP7YxT55/73/zp8tl9UssahoEBxgdZ8Bwd8T+vzC0s
9kn3IDFYW1jnzQgFWSxPURPpridNJkcFUfIZPnOKUX0QTkvLFjh/riZ5WFmP4NAz
cAaDrvwDR5nIpFA6PAF+WyLkmaCqHvrkWOxRIdkBbjof/WCe2hWE75ERTM4F7PN8
u30q9QGH0cgDBjphREfW/m5tFCRgqp2WMSupCqvlEjeNNYfQoMNA1KPEqQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFP2b26gguvrOz5AzCf/9YaCa8GZoMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NmYjNjZTYzLTNkMGEtNDcyNC1hY2M3LTM3NGI1ZGE3MTFmMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOLAwDQYJKoZIhvcNAQELBQADggEBAG4M90MBLJHzFRD/TQ2I
rREOkczraRE1R8QTWCTZMUkXD38/EhK42LozTUqRuMnBb1yPLtVbtkLZb60jUYgX
P0M/hELNr3jhIo19/stnY80rlcKaIF1YF37V40o9b3SZBIGkJaBp+evW2HvPMpXW
bQmljYZYk4/77jzB2vpRhAurphXHrZGATJkTX2L8+AuqJzLjuhxTnkk37M8t6HfE
6yvvbvGd5SuYW4asCyXUNSV++pQbRiakqt0SRMdjBVJXslCs/wxZGMbEk1TVcY5L
edaeKM47O0PmsdjOk5XCbzmbK2j8M2b1v3UPiGxELg6TChTMffkG2GK+Iwp6RrTw
DyA=
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:02:15 2025 by rpki-client