Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/35c40aab-f83d-41b2-947a-e29a7ed6818f.roa
File:                     35c40aab-f83d-41b2-947a-e29a7ed6818f.roa (raw, json)
Hash identifier:          hMuCih7telCiWuaglnriXyQ/lNG/8/VQ4bRXdWgGdIQ=
Subject key identifier:   D1:0C:9C:3F:1D:A5:71:7C:30:22:5C:0C:3B:F1:B8:43:38:34:01:8C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4863F4451F7F187DBEFE74C4225060DE91BEC9B9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/35c40aab-f83d-41b2-947a-e29a7ed6818f.roa
Signing time:             Fri 17 Oct 2025 00:01:49 +0000
ROA not before:           Fri 17 Oct 2025 00:01:49 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:63:f4:45:1f:7f:18:7d:be:fe:74:c4:22:50:60:de:91:be:c9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 17 00:01:49 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=5fea9302c7d1e7884a3ea5509eb95de1a4334521729349e08dcb28cfadd58539, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fb:83:24:6a:ab:6a:4d:5f:1f:33:aa:be:09:
                    d1:5b:91:fb:f9:e7:ac:1d:9a:47:6c:af:8f:dc:86:
                    76:b5:a0:28:29:6e:ae:b8:fb:f8:67:55:39:6e:bb:
                    7b:b5:1b:2e:76:67:b5:f2:94:63:86:ea:90:86:ab:
                    9e:00:58:ee:dc:2d:85:7e:ee:77:1f:95:b6:1b:ca:
                    6e:bf:7d:b4:0c:24:56:5f:66:9e:ac:18:62:b6:9b:
                    11:97:bc:8b:f3:b8:c8:4f:a8:30:0b:f0:b0:6a:79:
                    8d:8d:ee:58:c0:0c:ec:66:6c:85:d2:0b:74:ae:e3:
                    84:e2:29:04:16:1b:20:69:85:a4:8d:e0:3f:03:42:
                    56:54:1d:3c:08:b0:db:d3:ae:00:45:13:d9:99:61:
                    6e:32:17:2f:d5:b5:39:37:73:30:17:26:6e:7c:a0:
                    e2:ac:8f:89:ca:53:1f:e9:54:6b:23:e5:83:bb:cc:
                    dd:04:8c:29:66:bd:b0:d5:38:7b:f6:c9:5b:c9:3e:
                    5d:03:75:30:b9:19:3f:8c:4f:13:02:fc:86:9d:30:
                    92:72:62:23:9b:71:d7:a4:7a:16:3f:6a:17:95:d2:
                    ec:61:13:66:69:99:63:3f:ad:00:9b:60:bb:ee:9f:
                    a2:92:f4:c0:69:63:67:13:73:9a:92:a0:55:2b:e2:
                    e3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:0C:9C:3F:1D:A5:71:7C:30:22:5C:0C:3B:F1:B8:43:38:34:01:8C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/35c40aab-f83d-41b2-947a-e29a7ed6818f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab8::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:f0:c0:de:97:1e:f3:66:42:08:d0:0a:cd:95:65:b4:23:1f:
         da:8a:8c:6d:01:5b:25:eb:24:a6:05:b9:38:a0:09:9c:36:e8:
         eb:14:1d:b1:3a:0d:89:05:5e:53:c2:c2:e3:20:40:29:47:c1:
         df:1c:9e:e1:14:1e:07:fb:e8:1b:a5:45:0c:5c:71:99:72:c0:
         87:00:bd:0f:06:6f:d4:12:a6:91:f8:36:be:3c:55:47:d9:7b:
         91:88:90:d3:7e:ed:86:73:88:cc:a8:8b:e0:63:ce:c6:23:c4:
         e2:85:8f:7c:02:53:42:a9:36:24:30:4a:8b:ef:53:d3:14:39:
         69:37:0e:ad:af:31:4e:40:aa:77:38:e5:1d:70:3c:0e:4c:81:
         d9:d9:e8:3b:d4:32:d6:fd:06:6e:bd:c1:4f:36:ac:f2:14:89:
         69:73:52:ce:2c:b8:7f:3f:7a:e8:05:c5:6b:5a:13:9d:d2:23:
         5e:eb:20:33:8a:43:6b:05:83:a2:d0:88:04:f4:d5:1f:e5:ec:
         9e:15:78:ba:f6:63:29:e6:c1:7b:5f:5e:20:88:28:ac:98:6d:
         cd:e9:82:ee:18:1e:46:7d:a0:6e:09:12:24:5f:e7:d1:73:33:
         5b:ea:39:bf:f1:bc:67:ef:86:8c:50:f6:70:fe:0d:70:07:87:
         65:95:db:8b
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUSGP0RR9/GH2+/nTEIlBg3pG+ybkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNzAwMDE0OVoX
DTI1MTEyMTIzNTk1OVowejFJMEcGA1UEBRNANWZlYTkzMDJjN2QxZTc4ODRhM2Vh
NTUwOWViOTVkZTFhNDMzNDUyMTcyOTM0OWUwOGRjYjI4Y2ZhZGQ1ODUzOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPuDJGqrak1fHzOqvgnRW5H7+ees
HZpHbK+P3IZ2taAoKW6uuPv4Z1U5brt7tRsudme18pRjhuqQhqueAFju3C2Ffu53
H5W2G8puv320DCRWX2aerBhitpsRl7yL87jIT6gwC/CwanmNje5YwAzsZmyF0gt0
ruOE4ikEFhsgaYWkjeA/A0JWVB08CLDb064ARRPZmWFuMhcv1bU5N3MwFyZufKDi
rI+JylMf6VRrI+WDu8zdBIwpZr2w1Th79slbyT5dA3UwuRk/jE8TAvyGnTCScmIj
m3HXpHoWP2oXldLsYRNmaZljP60Am2C77p+ikvTAaWNnE3OakqBVK+LjnwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFNEMnD8dpXF8MCJcDDvxuEM4NAGMMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM1YzQwYWFiLWY4M2QtNDFiMi05NDdhLWUyOWE3ZWQ2ODE4Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAbauDANBgkqhkiG9w0BAQsFAAOCAQEAP/DA3pce82ZCCNAKzZVl
tCMf2oqMbQFbJeskpgW5OKAJnDbo6xQdsToNiQVeU8LC4yBAKUfB3xye4RQeB/vo
G6VFDFxxmXLAhwC9DwZv1BKmkfg2vjxVR9l7kYiQ037thnOIzKiL4GPOxiPE4oWP
fAJTQqk2JDBKi+9T0xQ5aTcOra8xTkCqdzjlHXA8DkyB2dnoO9Qy1v0Gbr3BTzas
8hSJaXNSziy4fz966AXFa1oTndIjXusgM4pDawWDotCIBPTVH+XsnhV4uvZjKebB
e19eIIgorJhtzemC7hgeRn2gbgkSJF/n0XMzW+o5v/G8Z++GjFD2cP4NcAeHZZXb
iw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:38:35 2025 by rpki-client