Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e7fd07c-40bf-4d7b-af7c-043c20c75a6d.roa
File:                     2e7fd07c-40bf-4d7b-af7c-043c20c75a6d.roa (raw, json)
Hash identifier:          x1GPBlfDt+udBlAvzxPuA1sJOhL0sMbqxjrO/FYbxK4=
Subject key identifier:   F5:32:B4:DC:9D:41:8D:09:0C:36:60:FF:A2:27:C0:E8:24:9F:58:87
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1E21BC9EED3F699175D9698B92319DAC589AA89E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e7fd07c-40bf-4d7b-af7c-043c20c75a6d.roa
Signing time:             Sat 11 Oct 2025 00:00:51 +0000
ROA not before:           Sat 11 Oct 2025 00:00:51 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:40c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:21:bc:9e:ed:3f:69:91:75:d9:69:8b:92:31:9d:ac:58:9a:a8:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 11 00:00:51 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=171f069f8bf1644a389bd849dccc9d75b534b9f929e3a1a37d377d925a16f928, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fa:38:e6:fe:67:95:8f:e3:35:2f:d1:ae:44:
                    cc:bc:bd:13:85:78:b0:e3:7c:56:1d:70:4e:90:e4:
                    03:4c:d0:47:f1:9f:b4:5b:b0:a4:63:f8:3a:5f:51:
                    c7:ad:2f:af:b0:79:c4:d5:0b:c9:35:76:73:2b:8c:
                    7d:65:2d:af:7d:b8:d5:f4:59:e1:65:c2:f3:30:53:
                    db:6e:3d:a3:fc:2d:c4:06:34:1d:cc:69:aa:4b:41:
                    6f:0b:b7:6d:18:cc:43:bb:79:55:af:38:fc:6f:eb:
                    f7:6f:8d:4e:38:64:70:05:7f:20:8e:44:f8:54:c9:
                    3b:8b:0d:f6:9a:f6:55:73:bf:01:79:82:57:83:e4:
                    2f:29:fd:d8:48:9e:d8:3f:f4:6c:52:5c:26:07:21:
                    c9:dc:95:cb:dd:aa:81:aa:dd:e9:51:0a:13:9a:c7:
                    0e:3f:d9:0b:04:56:49:23:01:ee:8b:7b:e5:e8:8e:
                    ff:11:fb:83:18:36:72:bb:3d:17:94:19:ca:b6:58:
                    1e:c0:d8:ad:05:12:a9:47:45:d9:1e:ee:fb:45:5a:
                    c9:89:9a:7d:d7:2b:a1:3c:be:ef:3b:8b:25:46:5c:
                    d6:9f:ee:94:b6:63:e7:27:17:4f:66:a8:c6:35:5e:
                    2b:b3:01:3f:af:d1:e7:a3:1c:cc:43:0f:e9:7e:da:
                    55:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:32:B4:DC:9D:41:8D:09:0C:36:60:FF:A2:27:C0:E8:24:9F:58:87
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e7fd07c-40bf-4d7b-af7c-043c20c75a6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:40c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:a1:99:a3:cf:8c:e1:4b:a5:10:90:4e:b7:21:24:d7:26:fb:
         03:8b:a7:39:fd:07:13:2b:10:4f:2b:d9:21:48:fc:83:11:f2:
         95:00:da:d2:4d:f9:fc:8b:b5:13:7e:bf:f0:fc:df:08:f4:16:
         42:a0:bc:b6:ed:db:01:93:57:53:29:f1:9e:76:bf:3a:11:59:
         f4:bc:e6:7b:a9:73:81:b4:d6:28:ed:5e:d9:41:62:ef:41:ce:
         3d:ec:3c:10:8f:23:12:ab:5d:bd:66:0e:2a:4d:62:86:f2:e0:
         18:43:82:43:fe:9f:0f:74:9d:06:40:cf:36:2d:4c:b2:66:da:
         0a:d1:78:a7:00:db:32:46:0e:5f:c9:bf:7c:2d:65:78:ed:5d:
         4f:38:68:e5:6b:1b:59:33:f4:e4:4b:d8:a8:00:78:f1:9f:8a:
         6f:36:07:47:06:2c:41:25:cd:77:a9:a5:85:4d:b7:0f:a0:61:
         c9:80:63:c2:89:05:43:47:4e:93:76:16:b9:f7:39:6e:28:e4:
         4e:f1:c7:8c:9c:d2:4a:21:fc:67:c0:e7:cf:0b:1a:e8:a1:6c:
         d8:8d:7b:8d:1a:05:73:8a:b7:db:f1:d7:ab:f4:ef:2f:48:fd:
         db:cc:af:f3:37:39:08:60:b2:56:9f:03:96:15:c6:36:5a:23:
         87:e8:48:99
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUHiG8nu0/aZF12WmLkjGdrFiaqJ4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMTAwMDA1MVoX
DTI1MTExNTIzNTk1OVowejFJMEcGA1UEBRNAMTcxZjA2OWY4YmYxNjQ0YTM4OWJk
ODQ5ZGNjYzlkNzViNTM0YjlmOTI5ZTNhMWEzN2QzNzdkOTI1YTE2ZjkyODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/o45v5nlY/jNS/RrkTMvL0ThXiw
43xWHXBOkOQDTNBH8Z+0W7CkY/g6X1HHrS+vsHnE1QvJNXZzK4x9ZS2vfbjV9Fnh
ZcLzMFPbbj2j/C3EBjQdzGmqS0FvC7dtGMxDu3lVrzj8b+v3b41OOGRwBX8gjkT4
VMk7iw32mvZVc78BeYJXg+QvKf3YSJ7YP/RsUlwmByHJ3JXL3aqBqt3pUQoTmscO
P9kLBFZJIwHui3vl6I7/EfuDGDZyuz0XlBnKtlgewNitBRKpR0XZHu77RVrJiZp9
1yuhPL7vO4slRlzWn+6UtmPnJxdPZqjGNV4rswE/r9HnoxzMQw/pftpV/QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPUytNydQY0JDDZg/6InwOgkn1iHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzJlN2ZkMDdjLTQwYmYtNGQ3Yi1hZjdjLTA0M2MyMGM3NWE2ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8kDAMA0GCSqGSIb3DQEBCwUAA4IBAQCgoZmjz4zhS6UQkE63
ISTXJvsDi6c5/QcTKxBPK9khSPyDEfKVANrSTfn8i7UTfr/w/N8I9BZCoLy27dsB
k1dTKfGedr86EVn0vOZ7qXOBtNYo7V7ZQWLvQc497DwQjyMSq129Zg4qTWKG8uAY
Q4JD/p8PdJ0GQM82LUyyZtoK0XinANsyRg5fyb98LWV47V1POGjlaxtZM/TkS9io
AHjxn4pvNgdHBixBJc13qaWFTbcPoGHJgGPCiQVDR06Tdha59zluKORO8ceMnNJK
IfxnwOfPCxrooWzYjXuNGgVzirfb8der9O8vSP3bzK/zNzkIYLJWnwOWFcY2WiOH
6EiZ
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:33 2025 by rpki-client