Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df283100-6f05-4533-89fd-648b23de2ce4.roa
File:                     df283100-6f05-4533-89fd-648b23de2ce4.roa (raw, json)
Hash identifier:          OLv8E6rL5Vm7aWRzAWGLWv0it717BAf/youkAOSpiNc=
Subject key identifier:   BD:54:E9:63:64:7D:82:20:CD:20:03:7D:83:FC:C6:10:92:DE:C8:2A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4E212E862B976D053F40EA898DDEE6E9C221121D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df283100-6f05-4533-89fd-648b23de2ce4.roa
Signing time:             Tue 22 Jul 2025 00:00:13 +0000
ROA not before:           Tue 22 Jul 2025 00:00:13 +0000
ROA not after:            Tue 26 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da25::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:21:2e:86:2b:97:6d:05:3f:40:ea:89:8d:de:e6:e9:c2:21:12:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 22 00:00:13 2025 GMT
            Not After : Aug 26 23:59:59 2025 GMT
        Subject: serialNumber=13486a27a0cfb457d24c92fb69ca527e52b3044c6dfc2c564655e10df4dcc39a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c5:1b:39:a5:9e:54:01:18:3f:2e:3f:ac:78:
                    cc:ab:9e:d9:76:90:d1:3e:72:93:83:ea:ee:ed:11:
                    e0:6e:19:d5:e9:c5:5f:a5:23:2b:a4:df:94:95:94:
                    2f:a4:b4:1c:a9:fb:87:f1:fd:4d:12:eb:a3:65:de:
                    c7:77:a0:43:1a:fa:81:e0:05:5b:05:a9:09:53:ec:
                    2e:73:01:fc:78:bc:09:83:03:d8:60:9c:81:e8:59:
                    b2:92:49:80:f3:eb:0a:62:0d:30:dc:08:fc:cc:0c:
                    00:c4:a7:ec:d8:1d:02:89:c5:ad:c2:91:89:81:cf:
                    2c:d3:6e:0d:68:49:2c:2d:d6:24:47:34:fe:60:31:
                    95:8e:d6:95:69:e4:9a:78:84:27:d2:dd:9c:4f:85:
                    d9:ae:15:25:44:d6:a2:6c:bc:d1:e4:1b:b2:59:54:
                    1b:f7:a5:44:25:2e:14:cb:11:7f:de:72:9f:34:ec:
                    1c:99:e1:97:7f:ef:34:00:a0:44:5c:a8:f6:10:b7:
                    33:05:43:3d:51:97:2b:ab:27:54:64:8b:5e:09:97:
                    f6:6c:11:c4:a8:03:2b:bf:e2:dc:ca:71:a6:a9:df:
                    6f:d9:32:00:be:58:d8:75:14:7c:d5:0e:f2:80:10:
                    50:b4:df:7b:01:2e:5d:ae:f6:de:80:34:ad:65:b5:
                    6c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:54:E9:63:64:7D:82:20:CD:20:03:7D:83:FC:C6:10:92:DE:C8:2A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df283100-6f05-4533-89fd-648b23de2ce4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da25::/36

    Signature Algorithm: sha256WithRSAEncryption
         6b:86:61:7f:9e:4d:82:5d:85:58:b6:d0:13:c9:17:15:c6:20:
         8a:de:53:46:54:d1:67:3d:0a:f7:4a:68:4a:e8:e8:cb:03:1c:
         07:9c:35:2f:ac:a5:25:46:a5:35:5d:df:06:f1:d2:24:8d:db:
         f3:5b:7b:53:25:88:4b:56:ba:fa:2e:39:13:79:00:9c:0d:93:
         76:7f:e3:18:c9:6a:33:f0:27:ed:5f:33:0e:52:51:1f:02:70:
         ae:bc:17:75:7b:24:3c:c3:aa:26:f0:b0:df:4d:b2:80:ab:c9:
         63:7f:98:81:e9:9c:bd:7d:a3:7e:54:3c:9a:38:f6:19:62:4f:
         fb:db:68:a8:7c:ec:20:8e:6d:01:ad:84:41:4c:9f:42:a7:88:
         61:f1:e3:d8:96:f0:43:4e:1e:cd:a3:38:24:c7:50:84:ea:07:
         9e:8f:51:ba:c9:58:39:8e:b7:15:9b:b1:c7:f2:93:63:50:25:
         22:1c:1b:56:e9:81:3e:eb:c2:39:8f:7e:73:97:a1:64:ea:c8:
         5c:a5:0e:5d:fb:1f:21:c7:15:62:7b:15:58:11:e5:db:2d:fd:
         99:1c:32:cf:1e:c3:de:e4:3e:20:c9:2e:18:be:25:a4:39:32:
         79:18:cb:83:dd:f8:13:a5:bd:0a:d4:f1:01:0c:b7:b6:0b:a6:
         9c:36:9e:13
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTiEuhiuXbQU/QOqJjd7m6cIhEh0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyMjAwMDAxM1oX
DTI1MDgyNjIzNTk1OVowejFJMEcGA1UEBRNAMTM0ODZhMjdhMGNmYjQ1N2QyNGM5
MmZiNjljYTUyN2U1MmIzMDQ0YzZkZmMyYzU2NDY1NWUxMGRmNGRjYzM5YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsUbOaWeVAEYPy4/rHjMq57ZdpDR
PnKTg+ru7RHgbhnV6cVfpSMrpN+UlZQvpLQcqfuH8f1NEuujZd7Hd6BDGvqB4AVb
BakJU+wucwH8eLwJgwPYYJyB6FmykkmA8+sKYg0w3Aj8zAwAxKfs2B0CicWtwpGJ
gc8s024NaEksLdYkRzT+YDGVjtaVaeSaeIQn0t2cT4XZrhUlRNaibLzR5BuyWVQb
96VEJS4UyxF/3nKfNOwcmeGXf+80AKBEXKj2ELczBUM9UZcrqydUZIteCZf2bBHE
qAMrv+LcynGmqd9v2TIAvljYdRR81Q7ygBBQtN97AS5drvbegDStZbVs7wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL1U6WNkfYIgzSADfYP8xhCS3sgqMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RmMjgzMTAwLTZmMDUtNDUzMy04OWZkLTY0OGIyM2RlMmNlNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaJQAwDQYJKoZIhvcNAQELBQADggEBAGuGYX+eTYJdhVi20BPJ
FxXGIIreU0ZU0Wc9CvdKaEro6MsDHAecNS+spSVGpTVd3wbx0iSN2/Nbe1MliEtW
uvouORN5AJwNk3Z/4xjJajPwJ+1fMw5SUR8CcK68F3V7JDzDqibwsN9NsoCryWN/
mIHpnL19o35UPJo49hliT/vbaKh87CCObQGthEFMn0KniGHx49iW8ENOHs2jOCTH
UITqB56PUbrJWDmOtxWbscfyk2NQJSIcG1bpgT7rwjmPfnOXoWTqyFylDl37HyHH
FWJ7FVgR5dst/ZkcMs8ew97kPiDJLhi+JaQ5MnkYy4Pd+BOlvQrU8QEMt7YLppw2
nhM=
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:04:13 2025 by rpki-client