Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32e4ece6-d35e-41cf-8da1-3b7733e46e63.roa
File:                     32e4ece6-d35e-41cf-8da1-3b7733e46e63.roa (raw, json)
Hash identifier:          K/8Kjfq/4NgbSY5FSrfizoruBrtWBLfS71Y1cxLfxtg=
Subject key identifier:   C2:2A:89:6A:93:DE:A1:08:A0:F8:94:4E:7E:97:A3:5F:0E:6A:AD:7E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       22267852F313B958D8B29C1E7141AB10E2667238
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32e4ece6-d35e-41cf-8da1-3b7733e46e63.roa
Signing time:             Wed 08 Oct 2025 00:01:00 +0000
ROA not before:           Wed 08 Oct 2025 00:01:00 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:26:78:52:f3:13:b9:58:d8:b2:9c:1e:71:41:ab:10:e2:66:72:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct  8 00:01:00 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=260053ec2fd73731a7fa47835405ab052993177c871abf26a5d9765c698c9fad, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a8:2b:23:67:38:e3:7f:00:73:fc:dc:3e:5c:
                    73:e2:f6:59:5a:f8:0b:7a:df:fb:9c:31:ee:99:2f:
                    62:16:fb:0b:3c:c7:28:72:1a:ea:07:ae:41:54:98:
                    0e:d2:41:96:5b:c8:cb:09:50:20:9a:66:48:35:72:
                    5a:ad:a2:75:ae:bb:c1:5e:0e:b3:9c:8b:4e:f7:d6:
                    31:0c:1e:6f:fa:77:25:0a:d4:c9:19:b7:c1:a1:eb:
                    7f:da:0b:78:6e:c1:74:4b:75:f4:85:4a:31:f7:f9:
                    79:32:0c:f2:60:c1:5c:0d:e2:e1:cb:9d:e3:87:f7:
                    cc:6e:6b:1b:88:a0:06:75:09:55:71:ea:72:b8:ad:
                    d5:a3:df:1f:dd:74:70:39:4a:95:08:b4:e5:35:d7:
                    bf:84:b4:92:41:a3:90:96:2d:70:4d:4f:17:bb:4c:
                    dc:49:37:62:4a:be:92:30:63:df:db:b1:18:a3:66:
                    00:4c:2d:de:e8:7f:3a:80:84:2c:65:71:e0:8a:f9:
                    7d:20:b1:8e:56:ee:d9:8f:79:c6:d4:59:fa:bd:c0:
                    e1:ac:02:d7:50:4d:bb:8b:20:69:54:bb:fb:55:a4:
                    8a:2b:58:0f:02:7c:76:f7:92:4b:00:c8:1c:47:bd:
                    30:8c:83:5c:02:29:dc:59:11:a6:75:6d:b5:8d:bb:
                    8a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2A:89:6A:93:DE:A1:08:A0:F8:94:4E:7E:97:A3:5F:0E:6A:AD:7E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32e4ece6-d35e-41cf-8da1-3b7733e46e63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a2:9d:80:34:f2:59:93:b2:14:56:7b:92:a0:2b:58:0c:6a:a2:
         50:38:3a:6f:a6:e9:8d:97:5d:93:8a:64:44:1c:bc:02:15:a5:
         c4:b2:4d:d2:a1:66:92:a2:96:d4:d1:b6:d5:60:61:31:b4:3e:
         c1:f6:17:09:86:67:59:67:79:c3:92:a9:79:ab:27:dd:2a:6c:
         85:3c:ad:12:90:63:be:61:62:e0:4b:c6:66:63:71:ee:e5:85:
         e6:37:fa:68:aa:5e:5d:6d:bd:0e:90:a2:fe:22:c6:50:5d:7a:
         fb:29:f5:e9:e9:86:7c:63:8a:94:30:f4:2c:a2:6f:60:b8:bf:
         47:b1:84:bd:11:b1:0e:02:1a:64:d6:d4:9b:c0:14:ac:a2:79:
         a8:48:d1:c0:8a:9c:65:2f:f9:93:e8:66:47:c8:d8:ea:73:9e:
         53:9b:9e:d3:23:0e:14:69:2e:3c:69:e2:0e:35:5f:50:c5:31:
         d0:38:f7:a7:c4:50:73:48:c6:7e:1c:ed:79:fd:41:50:03:7a:
         09:e1:2e:7b:f9:2f:1a:e1:90:b6:47:66:0c:80:b1:d5:fb:c5:
         6d:58:08:98:28:eb:1d:d4:65:19:63:54:c0:9c:2c:30:e9:13:
         52:a5:0f:ed:e2:66:1e:b3:37:be:f9:c1:ed:58:48:4a:05:d0:
         cb:98:98:ec
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUIiZ4UvMTuVjYspwecUGrEOJmcjgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAwODAwMDEwMFoX
DTI1MTExMjIzNTk1OVowejFJMEcGA1UEBRNAMjYwMDUzZWMyZmQ3MzczMWE3ZmE0
NzgzNTQwNWFiMDUyOTkzMTc3Yzg3MWFiZjI2YTVkOTc2NWM2OThjOWZhZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6grI2c4438Ac/zcPlxz4vZZWvgL
et/7nDHumS9iFvsLPMcochrqB65BVJgO0kGWW8jLCVAgmmZINXJaraJ1rrvBXg6z
nItO99YxDB5v+nclCtTJGbfBoet/2gt4bsF0S3X0hUox9/l5MgzyYMFcDeLhy53j
h/fMbmsbiKAGdQlVcepyuK3Vo98f3XRwOUqVCLTlNde/hLSSQaOQli1wTU8Xu0zc
STdiSr6SMGPf27EYo2YATC3e6H86gIQsZXHgivl9ILGOVu7Zj3nG1Fn6vcDhrALX
UE27iyBpVLv7VaSKK1gPAnx295JLAMgcR70wjINcAincWRGmdW21jbuKMwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMIqiWqT3qEIoPiUTn6Xo18Oaq1+MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMyZTRlY2U2LWQzNWUtNDFjZi04ZGExLTNiNzczM2U0NmU2My5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYKAwDQYJKoZIhvcNAQELBQADggEBAKKdgDTyWZOyFFZ7kqAr
WAxqolA4Om+m6Y2XXZOKZEQcvAIVpcSyTdKhZpKiltTRttVgYTG0PsH2FwmGZ1ln
ecOSqXmrJ90qbIU8rRKQY75hYuBLxmZjce7lheY3+miqXl1tvQ6Qov4ixlBdevsp
9enphnxjipQw9Cyib2C4v0exhL0RsQ4CGmTW1JvAFKyieahI0cCKnGUv+ZPoZkfI
2OpznlObntMjDhRpLjxp4g41X1DFMdA496fEUHNIxn4c7Xn9QVADegnhLnv5Lxrh
kLZHZgyAsdX7xW1YCJgo6x3UZRljVMCcLDDpE1KlD+3iZh6zN775we1YSEoF0MuY
mOw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:01:09 2025 by rpki-client