Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f607473c-b847-4f33-9284-b75fe670bc74.roa
File:                     f607473c-b847-4f33-9284-b75fe670bc74.roa (raw, json)
Hash identifier:          Q62+BrVYNTul5N0w9Q7HR4CN76IfYttZVTdn7JO0G+I=
Subject key identifier:   65:4B:22:67:B5:AE:72:02:2E:38:E6:C1:25:91:73:56:C7:B3:79:93
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       20C29FD234F7E132BD7BECEBC2A22B0AAA5DF13E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f607473c-b847-4f33-9284-b75fe670bc74.roa
Signing time:             Wed 30 Jul 2025 00:02:05 +0000
ROA not before:           Wed 30 Jul 2025 00:02:05 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:c2:9f:d2:34:f7:e1:32:bd:7b:ec:eb:c2:a2:2b:0a:aa:5d:f1:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:02:05 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=49a63b520fece70a7d31c14cded34e504790f245c069ed6de1e2f73e4185fbe8, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7d:9d:a4:86:b3:33:94:cd:c1:56:9d:6f:f0:
                    4b:c2:c2:04:9f:bb:02:62:25:05:11:16:34:6b:07:
                    57:37:69:9d:4a:13:88:db:77:d7:ca:a1:82:9d:18:
                    0a:43:3e:23:b9:ed:7e:9f:c4:48:01:ae:86:99:12:
                    ac:c8:d7:e3:00:ec:9d:44:a0:59:d3:b6:56:06:5f:
                    98:7c:3e:7f:89:e7:5d:03:8a:c8:be:78:57:d7:44:
                    e8:51:8e:a4:53:2d:2a:b6:a3:07:1c:43:f1:42:25:
                    a0:ed:92:0c:37:dd:fe:78:a5:de:82:b7:71:eb:78:
                    56:7e:a0:f6:38:69:9a:ff:98:54:af:a5:1b:9b:d7:
                    c2:58:c0:47:8d:e8:91:08:35:54:fd:64:38:5b:35:
                    b2:3f:1e:0e:d1:5d:a2:c5:71:74:ab:18:02:c4:6e:
                    93:af:f7:1d:9c:4b:9d:8c:4e:ca:bb:4c:d9:35:14:
                    01:56:b8:fd:35:77:4b:a2:d7:84:bf:9b:39:71:75:
                    18:02:e3:0f:90:66:1e:4a:1e:82:01:de:de:55:37:
                    3c:cf:d7:d0:e2:73:1a:0a:1c:3c:55:f0:ec:7b:b7:
                    12:d9:51:ed:e2:89:0a:c4:94:6a:76:5b:28:59:8f:
                    ce:d1:4f:db:27:ab:99:41:72:85:4a:23:a3:7b:c0:
                    95:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:4B:22:67:B5:AE:72:02:2E:38:E6:C1:25:91:73:56:C7:B3:79:93
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f607473c-b847-4f33-9284-b75fe670bc74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4f:ca:98:e2:fc:82:32:40:c8:48:76:21:74:a4:3f:e6:4e:13:
         c1:0f:20:67:9d:a4:e2:8f:b4:f8:a1:ee:1f:13:49:a4:a7:d8:
         1f:dd:e2:40:9b:31:f7:1b:8c:c3:d1:2c:6f:da:45:23:d0:4d:
         ef:a6:f7:47:1a:ca:1f:e2:28:8e:76:fb:8d:97:39:81:61:1d:
         4f:ee:f8:42:0d:bd:ae:d3:ee:1d:46:e8:58:5b:98:c5:a5:4b:
         39:70:9f:5b:97:c6:ad:a2:40:08:93:1b:e0:77:1b:0d:11:94:
         c9:da:13:ad:9f:60:c5:eb:69:5a:af:fa:f1:ad:a2:11:c2:26:
         b5:38:69:9c:8b:53:47:02:d2:c7:ac:1d:ec:13:39:2e:1c:66:
         c5:ce:e5:78:1e:0b:9b:f4:cb:67:3d:4c:b1:e6:c0:10:f7:d6:
         ce:d0:a0:dc:44:27:0f:1e:4a:26:6c:fd:ce:a8:f6:7a:0f:e2:
         cc:2b:75:23:22:92:73:18:7f:89:dc:54:84:23:e1:8e:64:bd:
         2e:18:ad:7e:a9:62:c6:02:49:78:0a:bd:af:b5:5f:90:fe:7e:
         4b:29:d4:c3:90:bc:fd:47:04:51:74:52:02:0e:f0:58:b1:91:
         5b:6f:f3:f8:77:1d:16:b3:84:e9:9e:4f:d4:99:31:de:02:7e:
         9c:60:89:aa
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUIMKf0jT34TK9e+zrwqIrCqpd8T4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwMDIwNVoX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNANDlhNjNiNTIwZmVjZTcwYTdkMzFj
MTRjZGVkMzRlNTA0NzkwZjI0NWMwNjllZDZkZTFlMmY3M2U0MTg1ZmJlODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi32dpIazM5TNwVadb/BLwsIEn7sC
YiUFERY0awdXN2mdShOI23fXyqGCnRgKQz4jue1+n8RIAa6GmRKsyNfjAOydRKBZ
07ZWBl+YfD5/ieddA4rIvnhX10ToUY6kUy0qtqMHHEPxQiWg7ZIMN93+eKXegrdx
63hWfqD2OGma/5hUr6Ubm9fCWMBHjeiRCDVU/WQ4WzWyPx4O0V2ixXF0qxgCxG6T
r/cdnEudjE7Ku0zZNRQBVrj9NXdLoteEv5s5cXUYAuMPkGYeSh6CAd7eVTc8z9fQ
4nMaChw8VfDse7cS2VHt4okKxJRqdlsoWY/O0U/bJ6uZQXKFSiOje8CVvwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGVLIme1rnICLjjmwSWRc1bHs3mTMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y2MDc0NzNjLWI4NDctNGYzMy05Mjg0LWI3NWZlNjcwYmM3NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOMAwDQYJKoZIhvcNAQELBQADggEBAE/KmOL8gjJAyEh2IXSk
P+ZOE8EPIGedpOKPtPih7h8TSaSn2B/d4kCbMfcbjMPRLG/aRSPQTe+m90cayh/i
KI52+42XOYFhHU/u+EINva7T7h1G6FhbmMWlSzlwn1uXxq2iQAiTG+B3Gw0RlMna
E62fYMXraVqv+vGtohHCJrU4aZyLU0cC0sesHewTOS4cZsXO5XgeC5v0y2c9TLHm
wBD31s7QoNxEJw8eSiZs/c6o9noP4swrdSMiknMYf4ncVIQj4Y5kvS4YrX6pYsYC
SXgKva+1X5D+fksp1MOQvP1HBFF0UgIO8FixkVtv8/h3HRazhOmeT9SZMd4Cfpxg
iao=
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:04:00 2025 by rpki-client