Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f0035674-15ff-434e-b4d2-44fc6010a1aa.roa
File:                     f0035674-15ff-434e-b4d2-44fc6010a1aa.roa (raw, json)
Hash identifier:          pjZazndRVQznA6hQny962sBrGjXR7dD+7QHBvp4K0T0=
Subject key identifier:   96:36:77:3E:4B:85:FA:2D:67:04:3F:36:E8:DC:FB:19:11:05:51:D2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4EE2CCA689125875B7F37658035AA3A7C7756BA2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f0035674-15ff-434e-b4d2-44fc6010a1aa.roa
Signing time:             Fri 16 May 2025 15:01:00 +0000
ROA not before:           Fri 16 May 2025 15:01:00 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 06 Jun 2025 00:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:e2:cc:a6:89:12:58:75:b7:f3:76:58:03:5a:a3:a7:c7:75:6b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 16 15:01:00 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=cc35ee77c6aa53d5eb11bbe68961777ed365b27c0ddf246bec4725bd1622d7fb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:c3:09:4c:31:29:ba:d7:70:9a:5d:be:30:77:
                    f4:80:8d:8b:9c:22:05:99:5b:88:ec:f9:b0:47:73:
                    47:93:c2:b3:6b:bd:83:a2:82:2c:47:2f:09:5f:c6:
                    0d:b1:83:a1:83:d7:db:a6:48:7f:91:70:10:c9:be:
                    5d:74:94:7b:31:42:de:43:d9:69:ac:1f:40:b4:b1:
                    59:49:f0:36:a4:c1:e6:71:6b:76:d5:54:16:13:a9:
                    7e:23:bc:36:84:bc:e8:77:43:d8:eb:67:8f:7b:1d:
                    5f:f3:91:10:df:e2:87:f2:ea:e2:3b:12:6b:c9:89:
                    84:5e:68:92:fc:f1:5e:b0:8d:25:90:3c:bf:f7:d2:
                    50:80:0b:e9:66:81:89:da:0b:e4:d6:f6:4d:23:72:
                    f1:60:17:bd:ee:5b:9d:64:21:cc:e2:c2:d5:b5:69:
                    4c:cb:d0:9f:3c:09:95:ee:65:cc:80:fa:99:36:30:
                    b2:63:63:02:0a:8b:4d:3f:b1:07:36:aa:c3:0a:af:
                    c6:01:32:b5:99:06:30:1c:3a:84:7e:9f:21:7b:4d:
                    7d:7f:79:12:29:20:f9:02:da:c5:3a:cf:43:4d:21:
                    fc:c7:5f:80:8b:9d:cd:61:22:95:40:6b:94:be:87:
                    6d:39:3e:f0:d5:b6:80:7f:4f:1f:16:a7:fe:61:f5:
                    d1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:36:77:3E:4B:85:FA:2D:67:04:3F:36:E8:DC:FB:19:11:05:51:D2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f0035674-15ff-434e-b4d2-44fc6010a1aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:ac:b4:96:b5:52:99:63:6c:da:0f:87:9a:f0:f7:3b:2a:da:
         e2:db:fd:68:cf:a0:1a:23:98:e2:77:6f:ac:de:3c:a4:a3:82:
         1a:fa:a8:01:5d:8c:c2:d6:e2:85:7f:96:f4:b5:98:aa:7d:64:
         aa:d9:36:42:84:2d:7a:b2:c3:11:c6:f5:52:da:01:16:45:01:
         56:30:64:9f:27:ca:f6:55:93:3b:05:a0:0f:39:9b:60:0d:57:
         9f:d6:e8:6d:4c:f4:c8:a9:2c:7b:d9:69:5c:0f:7d:c1:c7:7d:
         2d:35:87:97:2a:c8:8d:24:be:84:e1:6d:12:99:81:52:d6:8b:
         68:7d:e1:d2:e6:16:37:d6:98:6e:de:dd:66:f9:00:4b:90:33:
         c6:43:9c:37:1d:74:61:92:f6:e3:eb:c7:41:b4:70:a0:2e:48:
         6b:8f:70:99:34:db:13:d4:7b:b1:2d:18:cb:66:25:22:85:84:
         20:fd:b0:70:e1:a6:0e:3c:e3:19:f0:4f:78:df:5a:44:e6:02:
         95:24:e7:8e:48:41:77:20:63:d4:37:1d:d8:ea:50:dd:21:3a:
         93:9f:64:72:29:38:89:77:6c:08:c7:56:39:87:b9:ca:0e:65:
         b8:a5:36:95:a1:47:93:5f:16:04:f4:de:71:ff:4b:81:e0:72:
         46:64:fb:03
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTuLMpokSWHW383ZYA1qjp8d1a6IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxNjE1MDEwMFoX
DTI1MDYyMDIzNTk1OVowejFJMEcGA1UEBRNAY2MzNWVlNzdjNmFhNTNkNWViMTFi
YmU2ODk2MTc3N2VkMzY1YjI3YzBkZGYyNDZiZWM0NzI1YmQxNjIyZDdmYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8sMJTDEputdwml2+MHf0gI2LnCIF
mVuI7PmwR3NHk8Kza72DooIsRy8JX8YNsYOhg9fbpkh/kXAQyb5ddJR7MULeQ9lp
rB9AtLFZSfA2pMHmcWt21VQWE6l+I7w2hLzod0PY62ePex1f85EQ3+KH8uriOxJr
yYmEXmiS/PFesI0lkDy/99JQgAvpZoGJ2gvk1vZNI3LxYBe97ludZCHM4sLVtWlM
y9CfPAmV7mXMgPqZNjCyY2MCCotNP7EHNqrDCq/GATK1mQYwHDqEfp8he019f3kS
KSD5AtrFOs9DTSH8x1+Ai53NYSKVQGuUvodtOT7w1baAf08fFqf+YfXRzQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJY2dz5LhfotZwQ/Nujc+xkRBVHSMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2YwMDM1Njc0LTE1ZmYtNDM0ZS1iNGQyLTQ0ZmM2MDEwYTFhYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaOAwDQYJKoZIhvcNAQELBQADggEBAA2stJa1UpljbNoPh5rw
9zsq2uLb/WjPoBojmOJ3b6zePKSjghr6qAFdjMLW4oV/lvS1mKp9ZKrZNkKELXqy
wxHG9VLaARZFAVYwZJ8nyvZVkzsFoA85m2ANV5/W6G1M9MipLHvZaVwPfcHHfS01
h5cqyI0kvoThbRKZgVLWi2h94dLmFjfWmG7e3Wb5AEuQM8ZDnDcddGGS9uPrx0G0
cKAuSGuPcJk02xPUe7EtGMtmJSKFhCD9sHDhpg484xnwT3jfWkTmApUk545IQXcg
Y9Q3HdjqUN0hOpOfZHIpOIl3bAjHVjmHucoOZbilNpWhR5NfFgT03nH/S4HgckZk
+wM=
-----END CERTIFICATE-----
Generated at Mon Jun 2 06:28:12 2025 by rpki-client