Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa
File:                     4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa (raw, json)
Hash identifier:          PM4wEIL6yp5w101MxW3iZrCKNKvuwhDsJSSi+fZKpPE=
Subject key identifier:   E0:9A:87:95:C8:C1:51:22:C5:EF:D8:A5:85:1E:5C:2E:BE:DD:D3:49
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       35834D56F6FC5FB58E3808D8E8541A96FCAE17DC
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa
Signing time:             Sat 23 Aug 2025 00:50:12 +0000
ROA not before:           Sat 23 Aug 2025 00:50:12 +0000
ROA not after:            Sat 27 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:1080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Aug 2025 00:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:83:4d:56:f6:fc:5f:b5:8e:38:08:d8:e8:54:1a:96:fc:ae:17:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Aug 23 00:50:12 2025 GMT
            Not After : Sep 27 23:59:59 2025 GMT
        Subject: serialNumber=c3871afa34ceb35622869e16c6c1edecca9901665f114b90c95ff5caa4ddf4b3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:84:7e:89:1c:c2:29:55:35:a6:40:b0:99:57:
                    a0:96:56:8c:51:df:ec:3b:7d:8b:c4:f4:62:69:05:
                    41:22:de:08:2f:75:4c:98:43:ea:fa:d4:8f:fa:aa:
                    3b:23:b8:7c:89:cc:8f:47:08:d4:cd:81:b4:f1:de:
                    51:0f:0c:25:ab:37:13:0c:4e:12:f2:41:a1:53:36:
                    bc:5c:e2:02:e7:cc:96:09:39:cb:5f:d7:0a:28:64:
                    7e:7f:e8:27:d6:5a:11:9d:a6:9d:92:25:10:9e:77:
                    19:57:aa:ad:92:17:85:90:11:f0:69:c7:74:02:fa:
                    23:8d:81:5c:94:3c:b8:07:42:6c:77:58:97:80:8b:
                    cb:c2:89:97:7f:10:87:1f:7a:b6:20:4a:e1:0e:99:
                    6c:ed:61:25:ad:37:6e:c7:60:30:3d:a3:a7:f9:9b:
                    c2:a1:ab:8b:6d:59:80:aa:d0:d2:42:cb:2b:69:b8:
                    b8:67:91:94:ed:95:44:66:1c:8c:f0:94:bd:e1:7e:
                    ab:44:b4:62:14:b5:7f:7d:19:19:f7:2d:15:ad:65:
                    25:8c:bb:1e:78:8d:81:da:f6:d7:6b:81:77:75:7f:
                    e2:90:b6:fd:df:57:4d:e7:8f:7e:7b:c3:4f:38:3c:
                    0a:92:4a:5d:d2:d9:27:02:55:06:34:0a:d6:b6:21:
                    69:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:9A:87:95:C8:C1:51:22:C5:EF:D8:A5:85:1E:5C:2E:BE:DD:D3:49
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:1080::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:e5:c3:7a:94:2c:13:3b:45:a9:19:13:0c:c6:09:13:d3:3b:
         84:9c:f2:f2:ff:b1:02:bc:b5:fb:c8:0b:97:8a:27:fc:bf:b1:
         ca:72:c2:d6:42:62:65:e5:4d:83:62:06:da:0d:a0:d6:16:69:
         0d:52:90:0a:cf:d2:ee:73:5c:d6:d0:6d:5f:56:78:b1:78:36:
         dc:30:9c:20:d7:67:a2:62:d7:81:4a:a0:02:9c:b4:11:21:31:
         0b:f6:d6:54:0b:bb:79:f8:39:65:26:55:d9:da:fe:55:ed:f4:
         53:dd:19:e8:1c:e8:0c:f5:fe:4f:b2:24:f1:15:16:0c:4d:9c:
         aa:ee:56:df:db:3e:08:4d:3b:cc:a0:62:4b:9f:cb:77:55:ce:
         29:5c:c5:dd:92:56:cc:cf:f5:88:da:44:15:93:c1:00:75:ff:
         4c:10:4b:7f:ed:c5:69:37:0f:26:a4:ae:17:8e:76:da:54:ed:
         ed:0b:ae:3f:51:95:c3:23:d9:68:68:88:f4:2a:9b:dd:1c:74:
         65:26:5c:92:df:cf:90:d8:97:ca:af:ae:88:86:b3:95:1f:62:
         80:d7:dd:cf:41:71:2c:05:3e:5f:06:98:32:fd:f9:fc:9e:a6:
         0b:8e:91:c9:b6:6f:65:75:d8:5a:c8:c0:8c:2d:58:f8:18:34:
         47:08:1d:08
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUNYNNVvb8X7WOOAjY6FQalvyuF9wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDgyMzAwNTAxMloX
DTI1MDkyNzIzNTk1OVowejFJMEcGA1UEBRNAYzM4NzFhZmEzNGNlYjM1NjIyODY5
ZTE2YzZjMWVkZWNjYTk5MDE2NjVmMTE0YjkwYzk1ZmY1Y2FhNGRkZjRiMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4R+iRzCKVU1pkCwmVegllaMUd/s
O32LxPRiaQVBIt4IL3VMmEPq+tSP+qo7I7h8icyPRwjUzYG08d5RDwwlqzcTDE4S
8kGhUza8XOIC58yWCTnLX9cKKGR+f+gn1loRnaadkiUQnncZV6qtkheFkBHwacd0
AvojjYFclDy4B0Jsd1iXgIvLwomXfxCHH3q2IErhDpls7WElrTdux2AwPaOn+ZvC
oauLbVmAqtDSQssrabi4Z5GU7ZVEZhyM8JS94X6rRLRiFLV/fRkZ9y0VrWUljLse
eI2B2vbXa4F3dX/ikLb931dN549+e8NPODwKkkpd0tknAlUGNArWtiFpvwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFOCah5XIwVEixe/YpYUeXC6+3dNJMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRjMDFkMGI3LWEzNmMtNGZkNC04NzYzLTVjZmZhZTk2YmM2YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaABCAMA0GCSqGSIb3DQEBCwUAA4IBAQCB5cN6lCwTO0WpGRMM
xgkT0zuEnPLy/7ECvLX7yAuXiif8v7HKcsLWQmJl5U2DYgbaDaDWFmkNUpAKz9Lu
c1zW0G1fVnixeDbcMJwg12eiYteBSqACnLQRITEL9tZUC7t5+DllJlXZ2v5V7fRT
3RnoHOgM9f5PsiTxFRYMTZyq7lbf2z4ITTvMoGJLn8t3Vc4pXMXdklbMz/WI2kQV
k8EAdf9MEEt/7cVpNw8mpK4XjnbaVO3tC64/UZXDI9loaIj0KpvdHHRlJlyS38+Q
2JfKr66IhrOVH2KA193PQXEsBT5fBpgy/fn8nqYLjpHJtm9lddhayMCMLVj4GDRH
CB0I
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:05:32 2025 by rpki-client