Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa
File:                     4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa (raw, json)
Hash identifier:          lksSa1aw71bLO7vfUq8s0VmKwZCmZC2p3nM9ix5mqBw=
Subject key identifier:   DD:91:99:D2:CC:74:5C:97:6C:9D:4C:F6:E3:29:14:D6:7E:F1:6C:0C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       048F6DFA452EF072D551507F062005D50AB2E857
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa
Signing time:             Mon 13 Oct 2025 15:50:04 +0000
ROA not before:           Mon 13 Oct 2025 15:50:04 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:1080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:8f:6d:fa:45:2e:f0:72:d5:51:50:7f:06:20:05:d5:0a:b2:e8:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 13 15:50:04 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=a139789e2703ec5fb4153e5bed8f11caf60a6a778d0c9947c562833504e35546, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:22:6d:72:ca:56:a5:28:21:b2:18:c3:c2:11:
                    16:03:43:68:53:a9:18:e3:37:3a:1b:7f:41:a5:cc:
                    6f:b1:ee:9b:be:f2:34:f9:5b:b9:39:36:94:ca:c6:
                    4c:1e:36:b8:2b:0e:80:45:2c:f7:d7:81:19:b9:8d:
                    42:7e:bb:ae:73:9a:65:49:75:d7:10:71:40:3f:fe:
                    0b:36:a1:82:89:60:42:56:d4:ec:7d:a8:a6:b7:ec:
                    8b:84:86:ab:4b:8d:41:f4:59:af:a1:5d:1f:e0:b4:
                    2b:3d:5f:34:4e:63:e1:b4:9c:82:c7:27:01:aa:55:
                    df:69:17:96:52:88:01:ef:eb:98:aa:e5:5d:f4:87:
                    fb:d4:68:af:46:9f:c5:a7:9d:f0:0d:80:65:68:98:
                    17:51:73:41:07:13:3a:40:13:f9:5a:45:6a:65:37:
                    58:a8:ba:07:49:ce:16:8b:b8:77:9e:e1:3b:c3:2a:
                    bd:68:e2:d1:06:a8:05:45:80:86:83:02:49:4a:68:
                    64:6f:84:16:16:ce:a9:e0:c2:08:39:45:6b:df:f9:
                    61:da:51:d8:15:e6:2c:09:8e:4b:a5:45:ea:87:3d:
                    25:f8:72:ec:4e:40:37:53:e4:7e:c0:ea:ae:bc:2a:
                    91:9b:4e:aa:ab:73:d0:51:80:60:a5:04:77:a8:78:
                    8d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:91:99:D2:CC:74:5C:97:6C:9D:4C:F6:E3:29:14:D6:7E:F1:6C:0C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c01d0b7-a36c-4fd4-8763-5cffae96bc6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:1080::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:4e:4d:39:ea:05:97:be:db:d6:52:be:60:b2:25:27:56:44:
         3f:c7:ce:1a:fb:23:1b:97:00:11:8f:71:0c:96:14:56:f1:4d:
         c5:0c:23:92:77:d3:51:cf:a5:16:54:5e:0e:57:b5:9c:3d:89:
         8b:ab:be:ea:b6:46:60:7b:c4:0b:1e:b9:7b:08:5e:cd:7c:34:
         ad:eb:e1:8d:a2:6e:7b:7f:61:45:42:dd:34:a1:8b:d4:a2:2d:
         d6:0e:50:f2:2b:8e:f9:d0:72:f9:88:0b:b3:b7:ad:5d:8e:ff:
         78:b7:d0:58:8e:b4:25:6c:b5:f9:0b:b0:43:b5:8b:9a:7a:b6:
         12:74:a8:cd:5c:e2:56:61:49:ef:78:d1:30:ad:21:f4:09:32:
         b4:83:ce:ab:cb:a7:62:31:5d:0d:09:23:c7:2d:14:43:d8:0b:
         99:e1:d5:8a:db:20:d8:7e:0e:11:99:c1:51:82:25:bb:33:62:
         fc:b4:e7:23:0d:a6:eb:c0:af:38:64:a2:8d:e7:fb:01:b8:00:
         d1:a0:4a:00:39:f0:b2:93:27:62:75:57:bd:a8:ef:f1:1e:6d:
         9b:88:1e:23:af:b1:87:d0:37:a3:90:73:91:d0:62:7a:2b:b7:
         83:e6:39:55:97:36:53:25:6f:9e:75:2b:aa:25:f7:61:38:65:
         15:12:b9:73
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUBI9t+kUu8HLVUVB/BiAF1Qqy6FcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMzE1NTAwNFoX
DTI1MTExNzIzNTk1OVowejFJMEcGA1UEBRNAYTEzOTc4OWUyNzAzZWM1ZmI0MTUz
ZTViZWQ4ZjExY2FmNjBhNmE3NzhkMGM5OTQ3YzU2MjgzMzUwNGUzNTU0NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSJtcspWpSghshjDwhEWA0NoU6kY
4zc6G39Bpcxvse6bvvI0+Vu5OTaUysZMHja4Kw6ARSz314EZuY1Cfruuc5plSXXX
EHFAP/4LNqGCiWBCVtTsfaimt+yLhIarS41B9FmvoV0f4LQrPV80TmPhtJyCxycB
qlXfaReWUogB7+uYquVd9If71GivRp/Fp53wDYBlaJgXUXNBBxM6QBP5WkVqZTdY
qLoHSc4Wi7h3nuE7wyq9aOLRBqgFRYCGgwJJSmhkb4QWFs6p4MIIOUVr3/lh2lHY
FeYsCY5LpUXqhz0l+HLsTkA3U+R+wOquvCqRm06qq3PQUYBgpQR3qHiNSwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFN2RmdLMdFyXbJ1M9uMpFNZ+8WwMMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRjMDFkMGI3LWEzNmMtNGZkNC04NzYzLTVjZmZhZTk2YmM2YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaABCAMA0GCSqGSIb3DQEBCwUAA4IBAQAVTk056gWXvtvWUr5g
siUnVkQ/x84a+yMblwARj3EMlhRW8U3FDCOSd9NRz6UWVF4OV7WcPYmLq77qtkZg
e8QLHrl7CF7NfDSt6+GNom57f2FFQt00oYvUoi3WDlDyK4750HL5iAuzt61djv94
t9BYjrQlbLX5C7BDtYuaerYSdKjNXOJWYUnveNEwrSH0CTK0g86ry6diMV0NCSPH
LRRD2AuZ4dWK2yDYfg4RmcFRgiW7M2L8tOcjDabrwK84ZKKN5/sBuADRoEoAOfCy
kydidVe9qO/xHm2biB4jr7GH0DejkHOR0GJ6K7eD5jlVlzZTJW+edSuqJfdhOGUV
Erlz
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:33:04 2025 by rpki-client