Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f872164c-416d-44ed-81ce-172f02efdfbf.roa
File:                     f872164c-416d-44ed-81ce-172f02efdfbf.roa (raw, json)
Hash identifier:          Jn4H18oqzuJmw69n4oVJByehVUhmIQTuOjOEVYreqsw=
Subject key identifier:   B1:3C:EB:EC:6F:4D:A0:AB:2C:57:BB:F1:6A:79:82:4F:86:6A:9D:21
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       37A410A18C9B6CD256E4DCA4C85AFDB13C44260F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f872164c-416d-44ed-81ce-172f02efdfbf.roa
Signing time:             Tue 22 Jul 2025 00:00:39 +0000
ROA not before:           Tue 22 Jul 2025 00:00:39 +0000
ROA not after:            Tue 26 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da26::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Aug 2025 18:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:a4:10:a1:8c:9b:6c:d2:56:e4:dc:a4:c8:5a:fd:b1:3c:44:26:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 22 00:00:39 2025 GMT
            Not After : Aug 26 23:59:59 2025 GMT
        Subject: serialNumber=c52657d2ea4d5629dd3ae13a980fce34af24c9c6d537f6a69ac61861818ee2ca, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5d:8b:1a:11:66:71:a8:4c:50:bf:49:3b:f9:
                    ce:fb:08:4a:83:db:b4:6a:cf:cc:10:02:67:e8:81:
                    07:87:61:21:78:fb:ff:e0:47:02:ab:26:49:df:c6:
                    de:b3:0d:97:15:1f:7c:6e:72:4f:9d:4b:fa:88:3e:
                    86:34:95:c5:2d:fb:32:96:a0:c6:c7:26:0d:b1:55:
                    a6:e2:c3:47:8f:f2:b5:31:b4:8a:7f:c0:1a:ce:99:
                    67:b1:ac:04:d9:44:a6:7b:ff:e0:ad:60:5b:38:b5:
                    39:ac:19:91:f4:80:e2:71:17:c7:b0:99:f5:a1:ae:
                    13:69:90:3f:1e:e8:8f:5c:e9:74:b8:1e:35:34:0a:
                    8a:97:2f:8c:1e:9a:ba:10:7d:dd:a2:1b:22:19:16:
                    a3:4e:47:d5:72:15:95:57:e9:45:12:31:58:8d:f5:
                    d4:6c:cd:0e:32:a1:68:73:c4:f8:27:0b:97:2d:ab:
                    dc:1a:62:0b:36:31:08:11:82:d1:8c:40:d0:64:47:
                    d9:36:05:0e:6f:df:5a:ca:b3:8f:3a:28:d7:4c:07:
                    c0:a4:4e:e4:c2:6d:80:5c:64:5b:4b:87:db:61:87:
                    f1:b2:a7:71:93:5f:99:be:09:35:b6:d2:71:87:f0:
                    7e:f2:7a:cd:cb:6d:a9:54:08:5c:58:90:7d:c1:51:
                    68:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:3C:EB:EC:6F:4D:A0:AB:2C:57:BB:F1:6A:79:82:4F:86:6A:9D:21
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f872164c-416d-44ed-81ce-172f02efdfbf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da26::/36

    Signature Algorithm: sha256WithRSAEncryption
         c2:eb:4b:f6:e5:c2:ca:ec:48:30:13:fa:97:c8:d1:ca:ce:85:
         21:92:4e:d4:bc:12:71:56:72:6d:70:99:04:09:f8:37:72:df:
         c8:b7:49:62:cb:16:bf:0d:df:90:65:1d:4b:2f:4a:8d:4a:c1:
         63:e8:ab:6a:eb:35:df:fc:99:20:c0:1c:77:d6:b7:89:8a:64:
         58:bd:8b:15:d0:a6:fc:73:94:eb:a6:33:5a:34:6f:a8:66:52:
         d6:63:39:35:51:30:f2:a2:45:f2:91:1b:b9:b4:04:fb:74:a7:
         9b:d3:2f:4a:9a:c1:c4:11:cf:01:4b:67:78:66:8a:06:42:87:
         8c:b9:88:8f:77:85:0d:f9:5f:ce:64:88:89:d7:e4:84:1b:5e:
         d9:e8:2c:11:ec:99:ed:1a:ce:26:a2:d6:b3:06:bb:0a:79:73:
         fd:db:c8:3c:98:54:b8:10:c9:da:08:db:c3:f4:3e:f3:77:97:
         c3:07:ab:48:ff:ee:f9:a7:e9:53:d2:7f:00:cd:88:75:5c:a3:
         50:ee:df:e9:6e:52:f6:64:a0:8e:c1:44:0f:81:ad:4f:21:1d:
         bb:97:95:b7:f9:e8:2b:e0:73:fc:0d:44:5d:2e:8e:91:ab:67:
         bc:6f:ac:2a:30:a5:db:04:03:a5:6d:61:c2:16:3c:57:0e:9f:
         42:62:89:e9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUN6QQoYybbNJW5NykyFr9sTxEJg8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyMjAwMDAzOVoX
DTI1MDgyNjIzNTk1OVowejFJMEcGA1UEBRNAYzUyNjU3ZDJlYTRkNTYyOWRkM2Fl
MTNhOTgwZmNlMzRhZjI0YzljNmQ1MzdmNmE2OWFjNjE4NjE4MThlZTJjYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwV2LGhFmcahMUL9JO/nO+whKg9u0
as/MEAJn6IEHh2EhePv/4EcCqyZJ38besw2XFR98bnJPnUv6iD6GNJXFLfsylqDG
xyYNsVWm4sNHj/K1MbSKf8AazplnsawE2USme//grWBbOLU5rBmR9IDicRfHsJn1
oa4TaZA/HuiPXOl0uB41NAqKly+MHpq6EH3dohsiGRajTkfVchWVV+lFEjFYjfXU
bM0OMqFoc8T4JwuXLavcGmILNjEIEYLRjEDQZEfZNgUOb99ayrOPOijXTAfApE7k
wm2AXGRbS4fbYYfxsqdxk1+Zvgk1ttJxh/B+8nrNy22pVAhcWJB9wVFoxwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLE86+xvTaCrLFe78Wp5gk+Gap0hMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y4NzIxNjRjLTQxNmQtNDRlZC04MWNlLTE3MmYwMmVmZGZiZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaJgAwDQYJKoZIhvcNAQELBQADggEBAMLrS/blwsrsSDAT+pfI
0crOhSGSTtS8EnFWcm1wmQQJ+Ddy38i3SWLLFr8N35BlHUsvSo1KwWPoq2rrNd/8
mSDAHHfWt4mKZFi9ixXQpvxzlOumM1o0b6hmUtZjOTVRMPKiRfKRG7m0BPt0p5vT
L0qawcQRzwFLZ3hmigZCh4y5iI93hQ35X85kiInX5IQbXtnoLBHsme0aziai1rMG
uwp5c/3byDyYVLgQydoI28P0PvN3l8MHq0j/7vmn6VPSfwDNiHVco1Du3+luUvZk
oI7BRA+BrU8hHbuXlbf56Cvgc/wNRF0ujpGrZ7xvrCowpdsEA6VtYcIWPFcOn0Ji
iek=
-----END CERTIFICATE-----
Generated at Thu Jul 31 01:02:32 2025 by rpki-client