Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4f94d4be-2864-45c5-a16e-6384684a8060.roa
File:                     4f94d4be-2864-45c5-a16e-6384684a8060.roa (raw, json)
Hash identifier:          758y4/seriwaPsVhXlDZKcOteiA4o7VPXoi1aDujk+4=
Subject key identifier:   19:3E:77:10:B9:A4:1C:37:5F:0A:2D:D9:18:DF:B0:77:98:2D:56:23
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       53778EBB1F8453071D0CEA3BB91CEB25734CB191
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4f94d4be-2864-45c5-a16e-6384684a8060.roa
Signing time:             Wed 15 Oct 2025 00:40:14 +0000
ROA not before:           Wed 15 Oct 2025 00:40:14 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da16:400::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:77:8e:bb:1f:84:53:07:1d:0c:ea:3b:b9:1c:eb:25:73:4c:b1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 15 00:40:14 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=06b997b472842cd41e2858e09b5eb548e5704a379e5a09f723ae79e74414310b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:95:1d:46:2e:22:26:e7:9e:fb:f0:ff:43:08:
                    2b:31:f0:92:90:a6:c9:bb:8d:8f:00:08:62:a1:d3:
                    30:85:99:72:5a:6b:72:dc:dd:68:68:5c:d8:39:fd:
                    68:94:36:00:c7:99:57:cd:18:56:d7:5c:17:87:74:
                    96:d4:15:e9:55:69:24:04:51:9d:e6:b6:5b:4f:fa:
                    69:d9:4a:7d:f1:5c:5b:b1:a7:2f:cc:c6:77:33:e0:
                    7e:02:58:7f:a5:02:ef:ad:ec:95:97:4e:b7:76:25:
                    53:42:94:70:44:13:f8:92:16:40:b4:ea:d9:a4:c1:
                    f9:8a:95:94:73:76:02:8d:f6:27:4b:a4:40:71:13:
                    f0:46:a3:17:d1:77:7f:89:c5:67:2c:f5:0d:ef:49:
                    b1:c0:47:54:81:ff:71:46:e0:9f:4f:3b:7a:25:8f:
                    11:2c:9e:72:12:79:66:96:b7:34:db:cb:c7:24:c7:
                    61:04:23:c5:eb:f9:82:a6:4c:e6:dd:22:31:23:5e:
                    40:e1:f6:9b:ad:b3:12:a0:d7:d7:b0:fb:72:97:96:
                    c5:8b:0d:0a:ee:93:9a:75:96:b1:79:66:a6:b0:2d:
                    11:2f:d3:cb:6a:dd:8c:aa:03:f3:ee:13:76:e2:2f:
                    d4:e6:f8:c9:16:c5:7b:5d:b8:95:19:f2:32:ec:a2:
                    c4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:3E:77:10:B9:A4:1C:37:5F:0A:2D:D9:18:DF:B0:77:98:2D:56:23
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4f94d4be-2864-45c5-a16e-6384684a8060.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da16:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         ad:46:93:07:ed:a2:98:3d:04:0d:c0:e5:96:71:2c:f1:65:56:
         da:12:c0:eb:0c:68:06:2a:0b:31:02:12:95:cf:f1:45:27:f4:
         9e:83:7b:6c:71:83:22:ea:b5:0c:78:00:a5:ea:61:8a:4d:6f:
         74:33:1b:73:c8:2f:f5:ea:7a:31:51:92:a6:cb:7f:1e:ae:d0:
         8d:11:4b:d9:86:5b:c7:c9:fc:52:16:af:56:b3:34:fd:60:c3:
         2c:97:0d:85:0f:c1:1b:a7:1c:43:54:bf:2a:a3:9b:fc:d9:bc:
         92:06:34:ee:94:3d:d3:e3:2e:69:04:a2:23:f9:c7:d6:e2:15:
         8c:6f:5e:f1:19:43:c1:04:11:f1:b4:da:3f:48:bf:3f:06:bd:
         7b:10:c8:c6:80:39:c3:46:81:29:1b:76:8e:7a:d2:ec:01:42:
         ea:a5:12:a9:fb:a9:d8:d2:41:6e:ca:4b:ce:15:d1:75:e5:21:
         3c:32:34:44:55:6f:8d:0c:70:be:25:9f:d6:49:32:fd:57:8c:
         0e:94:64:33:90:1e:58:c6:05:39:1f:bb:37:c2:65:8a:71:0e:
         24:0e:e4:1e:d1:f3:11:09:8d:e7:f2:66:0d:93:5a:67:d4:b6:
         2f:8f:43:ee:b9:6f:95:fc:eb:9f:99:f6:8d:ce:16:d6:e5:c4:
         52:18:cc:6f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUU3eOux+EUwcdDOo7uRzrJXNMsZEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNTAwNDAxNFoX
DTI1MTExOTIzNTk1OVowejFJMEcGA1UEBRNAMDZiOTk3YjQ3Mjg0MmNkNDFlMjg1
OGUwOWI1ZWI1NDhlNTcwNGEzNzllNWEwOWY3MjNhZTc5ZTc0NDE0MzEwYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpUdRi4iJuee+/D/QwgrMfCSkKbJ
u42PAAhiodMwhZlyWmty3N1oaFzYOf1olDYAx5lXzRhW11wXh3SW1BXpVWkkBFGd
5rZbT/pp2Up98VxbsacvzMZ3M+B+Alh/pQLvreyVl063diVTQpRwRBP4khZAtOrZ
pMH5ipWUc3YCjfYnS6RAcRPwRqMX0Xd/icVnLPUN70mxwEdUgf9xRuCfTzt6JY8R
LJ5yEnlmlrc028vHJMdhBCPF6/mCpkzm3SIxI15A4fabrbMSoNfXsPtyl5bFiw0K
7pOadZaxeWamsC0RL9PLat2MqgPz7hN24i/U5vjJFsV7XbiVGfIy7KLELQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBk+dxC5pBw3Xwot2RjfsHeYLVYjMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRmOTRkNGJlLTI4NjQtNDVjNS1hMTZlLTYzODQ2ODRhODA2MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYCJAbaFgQwDQYJKoZIhvcNAQELBQADggEBAK1Gkwftopg9BA3A5ZZx
LPFlVtoSwOsMaAYqCzECEpXP8UUn9J6De2xxgyLqtQx4AKXqYYpNb3QzG3PIL/Xq
ejFRkqbLfx6u0I0RS9mGW8fJ/FIWr1azNP1gwyyXDYUPwRunHENUvyqjm/zZvJIG
NO6UPdPjLmkEoiP5x9biFYxvXvEZQ8EEEfG02j9Ivz8GvXsQyMaAOcNGgSkbdo56
0uwBQuqlEqn7qdjSQW7KS84V0XXlITwyNERVb40McL4ln9ZJMv1XjA6UZDOQHljG
BTkfuzfCZYpxDiQO5B7R8xEJjefyZg2TWmfUti+PQ+65b5X865+Z9o3OFtblxFIY
zG8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:19:20 2025 by rpki-client