Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e32899b9-14c3-4649-a1dc-82fec0214193.roa
File:                     e32899b9-14c3-4649-a1dc-82fec0214193.roa (raw, json)
Hash identifier:          +ZGfGtjap4DmlmJC56SBON9e/SRFM4OL6Ba41/DEMZ0=
Subject key identifier:   C2:33:D8:C6:CB:22:19:E2:63:D9:F2:7B:51:71:EC:A1:1E:6C:CE:BE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       61CD46C5EB4746243405217DFF32F735B2A90741
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e32899b9-14c3-4649-a1dc-82fec0214193.roa
Signing time:             Mon 28 Jul 2025 15:00:10 +0000
ROA not before:           Mon 28 Jul 2025 15:00:10 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:e080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:cd:46:c5:eb:47:46:24:34:05:21:7d:ff:32:f7:35:b2:a9:07:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 28 15:00:10 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=35c7e0db46e6413aed4feeddc79c896c1b0a38769e36749793729920d2b873bb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:99:f4:9c:22:ec:5b:25:b6:e6:cd:da:ac:17:
                    52:fa:c2:16:b4:81:e0:7c:1f:2d:f7:d9:60:32:f3:
                    4f:ab:68:26:ca:3c:fd:f5:40:53:0d:f4:8a:b8:ca:
                    ed:5c:f7:42:cf:dc:4b:1c:38:37:d5:dd:de:43:25:
                    d0:92:3a:4d:4c:c2:5f:65:f6:ff:ae:e8:62:80:eb:
                    ce:c6:60:9c:3e:30:5a:37:32:dd:ec:9c:23:1f:ee:
                    5f:64:25:ba:44:88:59:65:bc:e0:5c:93:53:b4:03:
                    96:a3:dc:d9:08:59:0b:71:23:19:f3:50:39:3f:24:
                    b8:a5:3f:2d:54:64:73:fe:e7:d7:64:c4:ed:10:21:
                    d9:6c:e5:9d:ba:11:8f:90:34:38:b1:1f:7e:83:8e:
                    a0:3d:d7:ff:2f:d2:0e:6e:21:fb:0f:d0:82:86:c5:
                    ac:13:3c:8f:d9:64:bd:91:54:e3:37:3a:13:ec:7e:
                    a0:d4:71:23:5a:67:bf:6a:82:84:07:bf:e1:99:80:
                    1b:e6:55:ed:de:3f:44:08:db:3e:f3:30:6d:5a:94:
                    1a:25:48:39:76:93:6f:73:ee:98:af:6d:c3:7c:93:
                    5d:06:3a:3b:59:b6:fd:7d:e7:60:a3:a3:83:e1:1f:
                    f5:bf:b5:67:fb:69:18:40:f1:f1:38:ef:73:e8:ef:
                    72:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:33:D8:C6:CB:22:19:E2:63:D9:F2:7B:51:71:EC:A1:1E:6C:CE:BE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e32899b9-14c3-4649-a1dc-82fec0214193.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:e080::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:b1:a5:dc:99:cd:e0:33:14:65:5e:3e:77:37:ca:86:14:fa:
         89:15:7b:6f:1d:87:03:10:8d:bd:28:fc:0b:05:f3:22:83:ad:
         ca:bd:25:9b:66:85:b5:90:85:55:f0:a8:33:6a:a5:96:09:c8:
         95:a1:8a:ed:a2:4b:4a:e5:32:79:b0:61:1c:29:e5:dd:78:a3:
         fc:2b:ef:26:1a:e4:82:c1:aa:3b:71:59:24:75:d6:5c:1c:a2:
         84:a7:cc:5d:4e:35:f5:51:80:3c:91:95:2f:86:52:ef:93:81:
         57:08:98:d3:fd:84:f4:95:79:26:b5:8b:55:2e:1b:8e:87:f8:
         1d:38:cd:6f:fa:ff:d9:7f:ae:06:99:42:13:f9:33:45:65:11:
         f8:39:46:77:23:d7:7d:8d:30:d8:08:e6:52:56:ea:fa:df:85:
         fe:63:38:1f:9e:fe:27:46:84:1b:d2:64:87:26:51:94:23:78:
         44:f2:25:99:30:d4:8d:ea:8d:e9:08:83:5c:99:11:f3:44:cb:
         de:c1:4b:f4:91:0b:36:89:e7:02:6d:d2:b8:2e:5a:d5:91:b5:
         29:41:34:cb:dc:75:8f:5f:28:9a:3d:b8:b3:28:51:b5:74:64:
         7e:36:45:b9:cb:3e:3d:4d:23:9b:ea:38:03:24:a9:b6:8d:cb:
         15:17:c3:93
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUYc1GxetHRiQ0BSF9/zL3NbKpB0EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyODE1MDAxMFoX
DTI1MDkwMTIzNTk1OVowejFJMEcGA1UEBRNAMzVjN2UwZGI0NmU2NDEzYWVkNGZl
ZWRkYzc5Yzg5NmMxYjBhMzg3NjllMzY3NDk3OTM3Mjk5MjBkMmI4NzNiYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5n0nCLsWyW25s3arBdS+sIWtIHg
fB8t99lgMvNPq2gmyjz99UBTDfSKuMrtXPdCz9xLHDg31d3eQyXQkjpNTMJfZfb/
ruhigOvOxmCcPjBaNzLd7JwjH+5fZCW6RIhZZbzgXJNTtAOWo9zZCFkLcSMZ81A5
PyS4pT8tVGRz/ufXZMTtECHZbOWduhGPkDQ4sR9+g46gPdf/L9IObiH7D9CChsWs
EzyP2WS9kVTjNzoT7H6g1HEjWme/aoKEB7/hmYAb5lXt3j9ECNs+8zBtWpQaJUg5
dpNvc+6Yr23DfJNdBjo7Wbb9fedgo6OD4R/1v7Vn+2kYQPHxOO9z6O9ymQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMIz2MbLIhniY9nye1Fx7KEebM6+MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UzMjg5OWI5LTE0YzMtNDY0OS1hMWRjLTgyZmVjMDIxNDE5My5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaAOCAMA0GCSqGSIb3DQEBCwUAA4IBAQC9saXcmc3gMxRlXj53
N8qGFPqJFXtvHYcDEI29KPwLBfMig63KvSWbZoW1kIVV8KgzaqWWCciVoYrtoktK
5TJ5sGEcKeXdeKP8K+8mGuSCwao7cVkkddZcHKKEp8xdTjX1UYA8kZUvhlLvk4FX
CJjT/YT0lXkmtYtVLhuOh/gdOM1v+v/Zf64GmUIT+TNFZRH4OUZ3I9d9jTDYCOZS
Vur634X+Yzgfnv4nRoQb0mSHJlGUI3hE8iWZMNSN6o3pCINcmRHzRMvewUv0kQs2
iecCbdK4LlrVkbUpQTTL3HWPXyiaPbizKFG1dGR+NkW5yz49TSOb6jgDJKm2jcsV
F8OT
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:03:58 2025 by rpki-client