Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa
File:                     eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa (raw, json)
Hash identifier:          z6uNnG4TJSsARy5SMZ3GMP4b+myZY32uYd7kaqA4vXw=
Subject key identifier:   CF:37:72:EC:A9:B9:C9:78:CB:9B:23:09:28:C6:10:EE:62:F9:AE:DB
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5F9E63B7CE280C5A71A2A58A72DCEAF2C243614B
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa
Signing time:             Mon 07 Jul 2025 15:00:29 +0000
ROA not before:           Mon 07 Jul 2025 15:00:29 +0000
ROA not after:            Mon 11 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 19 Jul 2025 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:9e:63:b7:ce:28:0c:5a:71:a2:a5:8a:72:dc:ea:f2:c2:43:61:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul  7 15:00:29 2025 GMT
            Not After : Aug 11 23:59:59 2025 GMT
        Subject: serialNumber=344a9b10aa01ae3d4b67919a754e409820f0507d477ae02b3c79ed90579fe10b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7d:24:f5:33:b0:43:46:6e:14:4c:8a:13:de:
                    94:c0:c0:db:4b:0e:23:fa:b0:31:f1:5c:59:a4:74:
                    54:c2:6c:76:f0:24:da:25:b6:90:67:0b:7f:37:fe:
                    36:5a:9d:33:1e:a9:00:88:b8:ac:4c:dd:be:1e:fd:
                    f7:e8:0f:a9:ed:cc:df:da:92:b6:f8:38:25:dd:0b:
                    cf:a6:b0:40:89:8d:30:a2:fd:ae:d2:85:20:00:f4:
                    f8:b8:48:a4:8f:62:a5:69:15:a4:58:57:55:6b:c7:
                    f2:33:b5:d4:ce:94:17:06:dd:f9:7f:f7:c2:d4:a8:
                    1f:8c:a9:2a:62:c1:c6:4c:56:9b:11:99:84:48:7f:
                    7f:49:1f:90:e7:8e:53:a0:db:04:eb:94:d2:40:4d:
                    cc:80:6d:8b:ac:e0:30:35:ec:4b:b4:f5:c7:a1:e9:
                    d0:ef:38:1c:b6:56:89:19:00:b9:4f:60:06:7d:96:
                    45:90:e1:d8:9c:32:4e:b3:e8:ad:bb:97:fc:a2:ce:
                    18:a5:c6:52:b3:d4:40:70:fa:d9:86:df:9e:d0:87:
                    56:c1:9e:af:f2:d7:8b:b6:71:4d:15:3b:de:96:3d:
                    da:58:70:7c:6d:46:b2:04:11:d1:72:26:9f:9a:36:
                    ad:6c:df:24:1d:64:29:2b:65:b9:5c:d2:3f:5a:43:
                    d5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:37:72:EC:A9:B9:C9:78:CB:9B:23:09:28:C6:10:EE:62:F9:AE:DB
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:fb:53:6a:33:e6:ea:cc:62:d8:76:dc:5c:17:cc:46:bc:f8:
         7f:40:db:42:e0:c7:a5:75:7f:d4:45:e7:00:f4:c7:35:24:86:
         d0:ec:75:11:b8:06:f4:75:20:f2:5d:23:5c:e4:33:e2:81:32:
         7f:9b:be:0b:53:9a:31:07:39:41:6e:0c:ae:59:2a:ee:8b:32:
         d0:d7:b2:72:30:a2:b8:da:a8:86:13:e4:23:ab:41:c8:91:de:
         07:1a:3d:32:05:b3:2d:fb:18:79:55:e4:58:84:8c:ac:86:ac:
         c0:d1:f8:68:b1:75:3e:8b:dc:fd:f9:a8:b7:b5:b8:b4:dd:6e:
         ee:55:3e:f0:ba:86:b9:89:56:c7:26:0d:15:b5:88:8a:df:a9:
         19:06:b2:49:b8:30:1e:90:00:1d:28:ec:2a:a1:9c:55:84:71:
         c0:ea:71:65:a0:ff:f1:9c:51:61:fc:4b:f6:3c:d2:87:88:a6:
         07:38:06:16:d7:01:03:dc:93:e6:4a:07:2c:1e:20:61:53:3c:
         1b:82:b5:f3:7e:ae:56:3a:2b:fc:09:f0:8d:bc:6f:65:7e:73:
         8a:87:e5:25:1f:24:7e:63:97:47:f5:07:a9:d0:66:4f:82:ca:
         d2:66:ce:f6:1a:71:20:78:ab:e6:d1:41:83:49:62:fd:98:24:
         5e:7f:96:b6
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUX55jt84oDFpxoqWKctzq8sJDYUswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcwNzE1MDAyOVoX
DTI1MDgxMTIzNTk1OVowejFJMEcGA1UEBRNAMzQ0YTliMTBhYTAxYWUzZDRiNjc5
MTlhNzU0ZTQwOTgyMGYwNTA3ZDQ3N2FlMDJiM2M3OWVkOTA1NzlmZTEwYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoX0k9TOwQ0ZuFEyKE96UwMDbSw4j
+rAx8VxZpHRUwmx28CTaJbaQZwt/N/42Wp0zHqkAiLisTN2+Hv336A+p7czf2pK2
+Dgl3QvPprBAiY0wov2u0oUgAPT4uEikj2KlaRWkWFdVa8fyM7XUzpQXBt35f/fC
1KgfjKkqYsHGTFabEZmESH9/SR+Q545ToNsE65TSQE3MgG2LrOAwNexLtPXHoenQ
7zgctlaJGQC5T2AGfZZFkOHYnDJOs+itu5f8os4YpcZSs9RAcPrZht+e0IdWwZ6v
8teLtnFNFTvelj3aWHB8bUayBBHRciafmjatbN8kHWQpK2W5XNI/WkPVwQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFM83cuypucl4y5sjCSjGEO5i+a7bMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ViMTQ3YjBhLTkzYWMtNGFiNy04YzQwLTFkZjJjODg3MjVhNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8UAwDQYJKoZIhvcNAQELBQADggEBAGH7U2oz5urMYth23FwX
zEa8+H9A20Lgx6V1f9RF5wD0xzUkhtDsdRG4BvR1IPJdI1zkM+KBMn+bvgtTmjEH
OUFuDK5ZKu6LMtDXsnIworjaqIYT5COrQciR3gcaPTIFsy37GHlV5FiEjKyGrMDR
+GixdT6L3P35qLe1uLTdbu5VPvC6hrmJVscmDRW1iIrfqRkGskm4MB6QAB0o7Cqh
nFWEccDqcWWg//GcUWH8S/Y80oeIpgc4BhbXAQPck+ZKByweIGFTPBuCtfN+rlY6
K/wJ8I28b2V+c4qH5SUfJH5jl0f1B6nQZk+CytJmzvYacSB4q+bRQYNJYv2YJF5/
lrY=
-----END CERTIFICATE-----
Generated at Tue Jul 15 19:30:07 2025 by rpki-client