Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/647d1ce2-309a-4cc5-8894-ff351320ce3d.roa
File:                     647d1ce2-309a-4cc5-8894-ff351320ce3d.roa (raw, json)
Hash identifier:          m3EE7jLCszNAnVVyoJrep9YnZvxi6VYFApNgxHzm0HM=
Subject key identifier:   3C:9D:00:29:2D:E3:BF:43:F0:F2:7F:94:A8:6E:E7:B3:FA:57:E1:43
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0C061C56B3B2472A07D832D69E94F813138BD80F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/647d1ce2-309a-4cc5-8894-ff351320ce3d.roa
Signing time:             Mon 06 Oct 2025 15:01:05 +0000
ROA not before:           Mon 06 Oct 2025 15:01:05 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafd:4080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:06:1c:56:b3:b2:47:2a:07:d8:32:d6:9e:94:f8:13:13:8b:d8:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct  6 15:01:05 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=66dc0fc34279f58dfe4a2463b7cbaab9dacc1baea4ad18093e642bb6bed6de8b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c5:b6:e4:b7:b2:ed:ea:05:d5:dd:d2:ea:7b:
                    25:c0:57:e6:03:0d:0e:22:4d:8f:cc:82:42:be:fb:
                    60:14:2d:03:46:98:05:4d:4f:33:a8:1f:bd:46:af:
                    38:0d:0a:da:f2:a0:59:be:9b:f6:26:5f:34:88:89:
                    5b:20:6d:58:7e:f3:f0:db:cb:fe:d2:02:09:5f:90:
                    d1:e3:cb:82:2a:81:97:dc:49:12:13:28:6e:c0:f9:
                    fc:e5:16:2b:c3:8d:67:e8:4c:3f:9b:2a:1c:d8:8b:
                    96:20:c4:fa:aa:0b:80:e2:8d:3e:aa:30:7e:60:80:
                    59:7e:95:b5:cc:75:71:4d:a5:bc:9b:31:3a:78:97:
                    02:73:25:10:27:b7:9e:24:71:9a:9d:0c:3a:86:dc:
                    6b:ba:3f:1f:50:98:d5:2b:a7:db:a9:5a:1a:bd:4f:
                    e4:c7:08:85:39:a5:c7:5c:de:26:6e:54:ef:d2:fc:
                    05:8c:ad:f5:6f:4f:a3:d7:69:13:f4:a7:5c:45:d6:
                    2f:ea:b2:02:38:f2:24:c8:05:5c:6f:69:19:0f:36:
                    37:d6:07:26:ad:91:4e:4a:f3:43:b9:cc:15:67:fc:
                    b1:1f:21:48:d8:11:7a:52:d4:03:04:2a:b3:8a:c2:
                    19:19:2e:c1:eb:72:23:5f:2a:84:52:60:6c:69:4f:
                    01:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:9D:00:29:2D:E3:BF:43:F0:F2:7F:94:A8:6E:E7:B3:FA:57:E1:43
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/647d1ce2-309a-4cc5-8894-ff351320ce3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafd:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:6c:f1:40:9d:ec:e0:fa:53:3e:99:0b:d4:2d:4c:66:5f:20:
         cc:33:ee:1a:6b:59:c8:57:31:e5:58:3d:3d:59:83:8b:ea:19:
         a1:ad:fa:c4:38:8a:49:6d:84:d2:4a:23:65:e2:a9:f0:bd:b8:
         b7:ef:e2:93:7b:23:5a:88:b1:41:63:26:c9:70:81:e5:ac:c7:
         e3:d7:ac:aa:f6:68:2e:d9:1c:cb:66:b7:b5:1f:c4:fa:77:70:
         82:82:70:af:86:7a:76:6d:b2:32:5e:f1:c1:91:03:59:bd:56:
         5c:b5:62:77:3e:01:64:93:68:0f:29:37:09:98:4e:24:f6:60:
         fd:e5:30:bc:d5:51:4f:c9:2c:c8:e6:0c:d6:58:40:35:85:a1:
         97:a4:93:15:70:b7:59:6e:ed:c2:21:f9:a7:cf:fe:c9:23:c3:
         c3:b1:43:ae:43:b3:16:3f:e1:43:db:c5:9f:b1:a3:45:54:4b:
         94:6b:89:b8:84:16:9b:fd:12:60:40:31:e7:a8:26:cc:0d:19:
         0e:23:86:81:2e:b7:3b:ab:d2:1f:20:c6:57:40:05:f6:cf:57:
         50:85:da:23:4f:46:66:48:29:e9:ac:87:71:75:ce:75:8c:90:
         5c:b8:2c:61:3c:d4:d0:ec:c7:a9:26:33:c0:79:10:32:e1:73:
         4f:5e:fc:e7
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUDAYcVrOyRyoH2DLWnpT4ExOL2A8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAwNjE1MDEwNVoX
DTI1MTExMDIzNTk1OVowejFJMEcGA1UEBRNANjZkYzBmYzM0Mjc5ZjU4ZGZlNGEy
NDYzYjdjYmFhYjlkYWNjMWJhZWE0YWQxODA5M2U2NDJiYjZiZWQ2ZGU4YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcW25Ley7eoF1d3S6nslwFfmAw0O
Ik2PzIJCvvtgFC0DRpgFTU8zqB+9Rq84DQra8qBZvpv2Jl80iIlbIG1YfvPw28v+
0gIJX5DR48uCKoGX3EkSEyhuwPn85RYrw41n6Ew/myoc2IuWIMT6qguA4o0+qjB+
YIBZfpW1zHVxTaW8mzE6eJcCcyUQJ7eeJHGanQw6htxruj8fUJjVK6fbqVoavU/k
xwiFOaXHXN4mblTv0vwFjK31b0+j12kT9KdcRdYv6rICOPIkyAVcb2kZDzY31gcm
rZFOSvNDucwVZ/yxHyFI2BF6UtQDBCqzisIZGS7B63IjXyqEUmBsaU8BOwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFDydACkt479D8PJ/lKhu57P6V+FDMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY0N2QxY2UyLTMwOWEtNGNjNS04ODk0LWZmMzUxMzIwY2UzZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/UCAMA0GCSqGSIb3DQEBCwUAA4IBAQAvbPFAnezg+lM+mQvU
LUxmXyDMM+4aa1nIVzHlWD09WYOL6hmhrfrEOIpJbYTSSiNl4qnwvbi37+KTeyNa
iLFBYybJcIHlrMfj16yq9mgu2RzLZre1H8T6d3CCgnCvhnp2bbIyXvHBkQNZvVZc
tWJ3PgFkk2gPKTcJmE4k9mD95TC81VFPySzI5gzWWEA1haGXpJMVcLdZbu3CIfmn
z/7JI8PDsUOuQ7MWP+FD28WfsaNFVEuUa4m4hBab/RJgQDHnqCbMDRkOI4aBLrc7
q9IfIMZXQAX2z1dQhdojT0ZmSCnprIdxdc51jJBcuCxhPNTQ7MepJjPAeRAy4XNP
Xvzn
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:50:45 2025 by rpki-client