Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4da79414-b08e-4f29-b46c-426f062e3a53.roa
File:                     4da79414-b08e-4f29-b46c-426f062e3a53.roa (raw, json)
Hash identifier:          0yfIZrY+4wKYVb2VDpCf0y2Ec62rp0u++DqGb9JSNZM=
Subject key identifier:   F3:35:75:CE:11:61:AF:DA:18:68:18:41:5C:22:23:E9:79:AE:6A:23
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       348730AFDCADD03D22F50C22DC9AF5E400A7E0B7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4da79414-b08e-4f29-b46c-426f062e3a53.roa
Signing time:             Tue 14 Oct 2025 00:10:48 +0000
ROA not before:           Tue 14 Oct 2025 00:10:48 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf8:a800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:87:30:af:dc:ad:d0:3d:22:f5:0c:22:dc:9a:f5:e4:00:a7:e0:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 14 00:10:48 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=08a1a835de600c9b3211f51f50c2d4a1213337bf5bd34e81ddc268b2886d80fc, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b1:30:57:92:d3:81:6a:fd:82:16:b5:1e:d0:
                    85:4b:e6:34:37:ae:27:87:57:e1:29:0f:53:f7:9f:
                    6e:5f:4a:56:5a:57:fc:0b:f9:df:32:3b:af:22:45:
                    cb:2f:ca:6a:ba:65:5c:62:32:86:a3:a2:7e:97:ba:
                    8f:7f:f0:42:c8:dc:11:4c:c5:b4:6a:12:0b:8a:47:
                    81:38:60:1c:1e:b7:1f:c1:50:63:50:f5:a6:d2:77:
                    a9:c5:80:2a:18:db:31:99:dd:a2:2a:9c:16:08:96:
                    33:0e:1e:cc:22:0a:42:2c:0b:4a:24:b4:06:87:54:
                    56:03:74:b1:26:ca:06:08:4f:28:08:de:6b:03:05:
                    24:43:ab:3f:84:40:e7:c2:8e:cc:61:60:bc:43:ed:
                    cc:83:fa:79:e9:35:f3:55:47:d0:e2:03:67:b7:d5:
                    65:67:4c:cf:c8:19:5b:e2:7f:17:0c:5b:72:50:f1:
                    eb:83:99:d2:19:db:fc:13:72:de:35:10:c2:2d:76:
                    f9:c9:f8:44:32:e3:d5:5d:56:0e:15:19:38:d8:1f:
                    42:6c:b3:9b:af:ef:d9:76:5f:16:e8:d4:df:de:e4:
                    a5:a2:9f:30:38:74:b7:96:84:fb:db:70:84:73:1d:
                    c3:ab:2d:8c:d4:6e:20:91:07:80:71:21:aa:07:f9:
                    47:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:35:75:CE:11:61:AF:DA:18:68:18:41:5C:22:23:E9:79:AE:6A:23
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4da79414-b08e-4f29-b46c-426f062e3a53.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf8:a800::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:65:ed:8b:94:8e:6c:e7:81:48:7c:fd:37:03:b4:53:0a:d7:
         b5:8e:1a:f3:b9:b2:a3:11:06:24:ea:f3:3d:af:a6:a9:a6:bf:
         a6:70:ef:92:9a:19:05:de:ce:5c:40:e0:b1:e2:5c:59:ff:5e:
         b1:37:99:8a:9c:67:a2:6f:d6:a9:e6:53:61:b5:29:41:2b:cd:
         2d:ed:7e:b7:3e:3e:ad:5d:d4:16:92:1d:06:3a:50:c3:f8:6c:
         c2:80:e2:81:28:9c:49:99:5e:c2:1a:f9:dd:c1:a6:8a:34:5b:
         f3:62:c9:59:98:a8:f5:38:9f:85:6f:d5:96:11:ae:d8:ae:db:
         ff:8e:9d:56:ee:ea:57:dc:1d:0f:4f:b9:1b:e4:d9:84:3d:88:
         50:14:0e:9d:41:64:89:3a:00:93:6d:a0:a2:4d:aa:3c:7a:a2:
         e2:34:bc:6f:15:fb:01:e6:ba:31:13:bd:17:50:a2:3e:35:9b:
         60:b3:29:92:07:e9:1e:a8:e0:f2:1b:95:5a:91:0f:1d:4c:2d:
         35:d2:92:34:68:72:49:b5:8a:47:1b:0a:9f:a8:2a:4d:86:b3:
         88:a6:62:37:d3:d6:23:4a:d0:a4:2e:97:1c:50:e2:5e:fa:4a:
         87:e7:e2:b6:ef:0d:65:4a:c7:ee:e7:53:fa:89:a5:43:33:4a:
         65:b3:f6:1b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNIcwr9yt0D0i9Qwi3Jr15ACn4LcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNDAwMTA0OFoX
DTI1MTExODIzNTk1OVowejFJMEcGA1UEBRNAMDhhMWE4MzVkZTYwMGM5YjMyMTFm
NTFmNTBjMmQ0YTEyMTMzMzdiZjViZDM0ZTgxZGRjMjY4YjI4ODZkODBmYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLEwV5LTgWr9gha1HtCFS+Y0N64n
h1fhKQ9T959uX0pWWlf8C/nfMjuvIkXLL8pqumVcYjKGo6J+l7qPf/BCyNwRTMW0
ahILikeBOGAcHrcfwVBjUPWm0nepxYAqGNsxmd2iKpwWCJYzDh7MIgpCLAtKJLQG
h1RWA3SxJsoGCE8oCN5rAwUkQ6s/hEDnwo7MYWC8Q+3Mg/p56TXzVUfQ4gNnt9Vl
Z0zPyBlb4n8XDFtyUPHrg5nSGdv8E3LeNRDCLXb5yfhEMuPVXVYOFRk42B9CbLOb
r+/Zdl8W6NTf3uSlop8wOHS3loT723CEcx3Dqy2M1G4gkQeAcSGqB/lHIwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPM1dc4RYa/aGGgYQVwiI+l5rmojMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRkYTc5NDE0LWIwOGUtNGYyOS1iNDZjLTQyNmYwNjJlM2E1My5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+KgwDQYJKoZIhvcNAQELBQADggEBABll7YuUjmzngUh8/TcD
tFMK17WOGvO5sqMRBiTq8z2vpqmmv6Zw75KaGQXezlxA4LHiXFn/XrE3mYqcZ6Jv
1qnmU2G1KUErzS3tfrc+Pq1d1BaSHQY6UMP4bMKA4oEonEmZXsIa+d3Bpoo0W/Ni
yVmYqPU4n4Vv1ZYRrtiu2/+OnVbu6lfcHQ9PuRvk2YQ9iFAUDp1BZIk6AJNtoKJN
qjx6ouI0vG8V+wHmujETvRdQoj41m2CzKZIH6R6o4PIblVqRDx1MLTXSkjRockm1
ikcbCp+oKk2Gs4imYjfT1iNK0KQulxxQ4l76Sofn4rbvDWVKx+7nU/qJpUMzSmWz
9hs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:52:06 2025 by rpki-client