Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5b15b8cc-026d-4909-976b-a48a26fc3ee0.roa
File:                     5b15b8cc-026d-4909-976b-a48a26fc3ee0.roa (raw, json)
Hash identifier:          zEZbK2zZRrxMjhhVxJGab0TGI09pZiBZkd0XjqTXbWY=
Subject key identifier:   A5:6E:99:F6:FB:0D:DD:40:83:E6:B6:79:C9:7C:22:5A:53:48:01:E5
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       60517CFC696DB7EC73CC01A4BC1F10B96509E844
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5b15b8cc-026d-4909-976b-a48a26fc3ee0.roa
Signing time:             Mon 13 Oct 2025 15:40:56 +0000
ROA not before:           Mon 13 Oct 2025 15:40:56 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:8800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:51:7c:fc:69:6d:b7:ec:73:cc:01:a4:bc:1f:10:b9:65:09:e8:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 13 15:40:56 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=06aaf8242835b6fe5aec6a175173a6e3dbae45c9baf52a1c3ae5a35119e508b4, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2e:0b:fc:62:2a:5b:43:dd:82:8f:82:d9:ee:
                    b8:99:4d:92:45:0e:98:7b:db:49:f1:a4:61:cd:7c:
                    fb:a7:0d:49:ea:6e:84:d9:2c:79:d9:9e:a0:e0:18:
                    b0:eb:f4:bd:87:1f:f7:a3:aa:55:0c:00:38:9e:59:
                    03:ec:ec:fe:4a:44:2b:64:88:d3:03:c6:e5:76:b8:
                    ea:e6:63:d3:c2:0f:eb:20:b8:74:d6:ad:61:e7:ed:
                    d8:8b:e9:3e:1e:fb:ac:0b:79:cb:1c:51:7c:72:e0:
                    42:a7:38:f2:92:ef:d0:9f:ae:4a:37:23:89:3a:0f:
                    0b:8b:ba:6e:b0:f8:a7:16:83:64:11:05:d4:31:2c:
                    d1:9e:09:96:6c:be:5e:5a:e8:3b:90:b7:8d:1b:70:
                    5c:e1:a4:28:7a:68:6d:49:ec:20:80:11:85:e9:98:
                    2b:71:19:78:df:90:20:b5:96:5b:d3:a0:cb:cb:eb:
                    2c:8b:53:5d:34:27:bb:4c:36:de:43:f6:a2:f9:2e:
                    4d:6d:fd:7d:d5:53:d8:25:f8:ae:d0:c2:87:59:ec:
                    29:7e:09:47:0b:c1:93:3e:60:16:62:96:9b:a8:09:
                    dd:b8:a7:57:49:7b:18:04:11:98:1c:aa:20:2a:b9:
                    a3:b3:bb:b0:0c:3a:a7:7c:c3:92:7e:6e:6e:d0:65:
                    6a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:6E:99:F6:FB:0D:DD:40:83:E6:B6:79:C9:7C:22:5A:53:48:01:E5
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5b15b8cc-026d-4909-976b-a48a26fc3ee0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         3d:dd:a6:4d:26:4d:17:e9:1e:45:e1:03:15:65:c8:a9:ec:01:
         78:bd:d0:a1:86:5f:9a:1d:b5:64:71:63:ca:84:8f:4a:27:09:
         14:f9:e9:f5:0a:74:f9:8b:d3:82:b6:68:d8:9a:83:25:06:e9:
         92:78:02:25:d5:2e:f9:1b:d8:55:11:56:ac:fe:94:67:ca:a8:
         43:34:ed:e8:cd:31:5d:44:90:01:5d:3b:6a:ce:de:69:43:a6:
         b0:11:88:fa:17:84:f3:4c:66:ca:d9:3c:01:23:9d:df:32:a7:
         ce:0b:7f:d0:5e:53:b7:63:70:ad:a6:d9:44:79:9f:16:a7:4f:
         b2:72:97:3e:6d:5e:35:cb:a9:b7:4c:51:e1:6b:9f:99:d6:ef:
         fe:b0:eb:a8:ad:c5:f2:e1:7c:a7:cb:7f:fa:1f:e3:75:d9:3c:
         4c:44:be:14:72:71:ea:f0:7f:0a:86:1d:fa:35:9a:71:48:01:
         4a:1d:65:1e:39:e8:0e:78:0a:7b:c1:58:20:a4:e6:57:5c:b3:
         83:d8:e4:cf:98:d4:58:8e:6f:51:0c:46:e8:f0:4d:66:54:da:
         70:93:50:11:b3:22:a6:cc:21:b9:cd:00:72:38:76:c2:9f:59:
         1f:70:9d:2c:a2:4e:0e:5f:13:76:03:21:14:1d:c0:56:77:13:
         89:94:8c:ea
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUYFF8/Gltt+xzzAGkvB8QuWUJ6EQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMzE1NDA1NloX
DTI1MTExNzIzNTk1OVowejFJMEcGA1UEBRNAMDZhYWY4MjQyODM1YjZmZTVhZWM2
YTE3NTE3M2E2ZTNkYmFlNDVjOWJhZjUyYTFjM2FlNWEzNTExOWU1MDhiNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy4L/GIqW0Pdgo+C2e64mU2SRQ6Y
e9tJ8aRhzXz7pw1J6m6E2Sx52Z6g4Biw6/S9hx/3o6pVDAA4nlkD7Oz+SkQrZIjT
A8bldrjq5mPTwg/rILh01q1h5+3Yi+k+HvusC3nLHFF8cuBCpzjyku/Qn65KNyOJ
Og8Li7pusPinFoNkEQXUMSzRngmWbL5eWug7kLeNG3Bc4aQoemhtSewggBGF6Zgr
cRl435AgtZZb06DLy+ssi1NdNCe7TDbeQ/ai+S5Nbf191VPYJfiu0MKHWewpfglH
C8GTPmAWYpabqAnduKdXSXsYBBGYHKogKrmjs7uwDDqnfMOSfm5u0GVqBQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKVumfb7Dd1Ag+a2ecl8IlpTSAHlMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzViMTViOGNjLTAyNmQtNDkwOS05NzZiLWE0OGEyNmZjM2VlMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/4gwDQYJKoZIhvcNAQELBQADggEBAD3dpk0mTRfpHkXhAxVl
yKnsAXi90KGGX5odtWRxY8qEj0onCRT56fUKdPmL04K2aNiagyUG6ZJ4AiXVLvkb
2FURVqz+lGfKqEM07ejNMV1EkAFdO2rO3mlDprARiPoXhPNMZsrZPAEjnd8yp84L
f9BeU7djcK2m2UR5nxanT7Jylz5tXjXLqbdMUeFrn5nW7/6w66itxfLhfKfLf/of
43XZPExEvhRycerwfwqGHfo1mnFIAUodZR456A54CnvBWCCk5ldcs4PY5M+Y1FiO
b1EMRujwTWZU2nCTUBGzIqbMIbnNAHI4dsKfWR9wnSyiTg5fE3YDIRQdwFZ3E4mU
jOo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:36:58 2025 by rpki-client