Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0f308446-71c0-4da7-9488-837b94b0ca9c.roa
File:                     0f308446-71c0-4da7-9488-837b94b0ca9c.roa (raw, json)
Hash identifier:          uB28sqD1gpCyQGvRjPEnKmLGBm7/WIJBOnMHssQEHa4=
Subject key identifier:   21:0E:A8:83:2B:D9:11:EC:6A:E4:2D:9E:77:60:44:DE:79:2F:44:F7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0BC96CF46101C8E8FC95D9A7652DC04431B0F2A7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0f308446-71c0-4da7-9488-837b94b0ca9c.roa
Signing time:             Mon 13 Oct 2025 15:40:51 +0000
ROA not before:           Mon 13 Oct 2025 15:40:51 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:4080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:c9:6c:f4:61:01:c8:e8:fc:95:d9:a7:65:2d:c0:44:31:b0:f2:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 13 15:40:51 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=e786cdcb95c4a0c35a1ae5b827c8df4a1efe56335a1617101d36387dff45a31d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c3:44:94:5c:62:59:99:3f:e6:8e:30:b6:7b:
                    89:ca:7a:2a:b7:65:2d:13:6c:ad:bd:a8:49:21:b2:
                    4c:c8:e9:e6:e6:cc:63:d9:ac:52:53:94:8a:b5:fd:
                    c6:4c:8e:8a:46:4f:34:02:55:fc:61:ab:43:c8:72:
                    63:80:b1:98:91:f2:cc:1f:89:4e:6e:04:79:72:de:
                    2d:18:3d:49:dd:59:2b:72:5d:71:9a:8a:b0:35:ed:
                    f2:3c:93:f4:57:54:95:f1:5b:08:b5:a9:48:38:98:
                    21:67:05:74:fb:ea:ba:10:8d:53:62:e4:87:ad:bf:
                    06:78:ba:73:81:a3:39:6b:14:bb:74:fb:78:5f:29:
                    ce:5d:2a:50:82:91:70:72:ae:b5:bf:78:2b:d4:15:
                    9f:3d:e1:1b:1f:ac:f3:7b:b6:dd:a4:ab:2a:ef:77:
                    3e:7a:d0:d6:8e:31:3d:2a:e9:85:32:94:e6:fe:81:
                    f2:05:09:94:3d:e9:b3:13:97:0e:10:bc:f8:f2:32:
                    47:b5:49:e3:9e:8a:e4:55:2c:39:8e:8f:d3:95:a2:
                    3f:c9:1a:d8:32:a5:5d:87:e8:c9:de:bc:f8:ce:f9:
                    45:63:39:18:7d:ec:5a:c2:e9:f3:fe:ad:b0:6f:f0:
                    ca:bb:1d:ac:e1:d4:37:84:ab:fe:5d:a1:dc:53:3c:
                    e5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0E:A8:83:2B:D9:11:EC:6A:E4:2D:9E:77:60:44:DE:79:2F:44:F7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0f308446-71c0-4da7-9488-837b94b0ca9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:ae:1e:de:31:b1:a5:8e:6d:e0:b6:ba:d4:b8:3e:74:7d:49:
         e7:ec:2e:d8:36:b3:e1:34:42:a7:ac:1c:f9:8e:99:95:cc:b9:
         aa:25:64:df:19:79:ea:f3:43:bf:59:d5:27:ee:2e:22:28:81:
         b6:8a:72:a3:06:df:83:67:8d:84:5b:91:40:4a:83:4e:13:4f:
         0b:7d:48:c3:42:b8:13:a8:87:e3:cd:1c:fe:4d:4f:3e:05:97:
         76:cd:c0:64:9c:fb:95:2f:f2:05:23:8a:2d:25:88:54:64:cd:
         42:66:c6:9f:35:7e:14:f9:57:55:7c:25:91:9d:fa:fb:d8:49:
         e6:04:d3:aa:27:6d:ad:c1:85:69:32:6c:86:e0:3f:a8:5d:4e:
         d0:8e:a5:69:7f:3b:e7:8b:a0:aa:ae:54:e8:67:96:32:73:69:
         e7:e5:d7:1f:72:93:57:80:ae:fd:2e:df:d5:c1:86:f0:a9:d5:
         44:f3:b1:59:4f:7d:0a:9a:83:cc:f4:ef:38:1e:25:70:87:f6:
         3c:dd:e1:e3:8a:c1:d3:5c:3c:c3:b3:db:b1:32:e3:2c:86:4c:
         8d:ae:d7:90:09:21:f2:0c:d6:67:37:51:08:bf:64:20:ef:84:
         47:c9:49:c1:62:28:7d:89:c6:16:88:6c:74:74:cc:1c:2e:00:
         26:41:be:e4
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUC8ls9GEByOj8ldmnZS3ARDGw8qcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMzE1NDA1MVoX
DTI1MTExNzIzNTk1OVowejFJMEcGA1UEBRNAZTc4NmNkY2I5NWM0YTBjMzVhMWFl
NWI4MjdjOGRmNGExZWZlNTYzMzVhMTYxNzEwMWQzNjM4N2RmZjQ1YTMxZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscNElFxiWZk/5o4wtnuJynoqt2Ut
E2ytvahJIbJMyOnm5sxj2axSU5SKtf3GTI6KRk80AlX8YatDyHJjgLGYkfLMH4lO
bgR5ct4tGD1J3Vkrcl1xmoqwNe3yPJP0V1SV8VsItalIOJghZwV0++q6EI1TYuSH
rb8GeLpzgaM5axS7dPt4XynOXSpQgpFwcq61v3gr1BWfPeEbH6zze7bdpKsq73c+
etDWjjE9KumFMpTm/oHyBQmUPemzE5cOELz48jJHtUnjnorkVSw5jo/TlaI/yRrY
MqVdh+jJ3rz4zvlFYzkYfexawunz/q2wb/DKux2s4dQ3hKv+XaHcUzzlLwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCEOqIMr2RHsauQtnndgRN55L0T3MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBmMzA4NDQ2LTcxYzAtNGRhNy05NDg4LTgzN2I5NGIwY2E5Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8kCAMA0GCSqGSIb3DQEBCwUAA4IBAQBwrh7eMbGljm3gtrrU
uD50fUnn7C7YNrPhNEKnrBz5jpmVzLmqJWTfGXnq80O/WdUn7i4iKIG2inKjBt+D
Z42EW5FASoNOE08LfUjDQrgTqIfjzRz+TU8+BZd2zcBknPuVL/IFI4otJYhUZM1C
ZsafNX4U+VdVfCWRnfr72EnmBNOqJ22twYVpMmyG4D+oXU7QjqVpfzvni6CqrlTo
Z5Yyc2nn5dcfcpNXgK79Lt/VwYbwqdVE87FZT30KmoPM9O84HiVwh/Y83eHjisHT
XDzDs9uxMuMshkyNrteQCSHyDNZnN1EIv2Qg74RHyUnBYih9icYWiGx0dMwcLgAm
Qb7k
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:39:49 2025 by rpki-client