Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6c88c264-a40d-4c0b-9138-31ff0c2ca926.roa
File:                     6c88c264-a40d-4c0b-9138-31ff0c2ca926.roa (raw, json)
Hash identifier:          vqIWJiO0/nMqWkjJXquVG3yDpsR6xi6vc47m9bus6k0=
Subject key identifier:   6A:55:BD:50:A7:94:05:08:A0:6B:5D:F8:B4:80:35:6D:4B:C1:65:83
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3F65545DA1D69192D71CF2AA34656920CD9167A8
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6c88c264-a40d-4c0b-9138-31ff0c2ca926.roa
Signing time:             Tue 14 Oct 2025 00:00:04 +0000
ROA not before:           Tue 14 Oct 2025 00:00:04 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        116.206.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:65:54:5d:a1:d6:91:92:d7:1c:f2:aa:34:65:69:20:cd:91:67:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 14 00:00:04 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=a3f3b38ea2060555eedb8ad4e3f661478079f007b103199265af880a544a794b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:ac:9a:82:7b:d0:31:ae:6f:bb:df:cf:1f:e9:
                    95:09:d6:a7:30:a5:4b:f3:68:55:af:4b:f1:f6:af:
                    e2:f9:2a:0a:40:ca:73:c6:55:9d:c2:fe:d8:bb:0f:
                    72:da:48:99:ac:8f:80:93:d7:53:14:70:18:de:f0:
                    03:e8:28:ab:5d:15:0f:48:16:79:d2:cf:a3:d3:ef:
                    ee:78:60:9e:c7:2f:f5:43:f5:34:1f:87:c3:e2:c0:
                    86:a9:49:3e:91:72:49:b0:c0:2d:cd:24:75:6c:50:
                    bf:71:67:40:c1:f4:57:48:46:99:22:94:1f:d9:03:
                    66:b5:8e:28:35:1d:06:10:68:85:7a:fd:f8:8c:ff:
                    d1:ac:67:f4:43:c7:c0:c2:5c:fb:dc:4f:19:eb:49:
                    bf:40:c8:fc:18:5a:8b:c7:1f:c0:62:75:2d:0c:af:
                    30:08:f0:b7:f1:ea:a3:d4:79:56:98:27:2b:22:89:
                    1b:98:1a:e6:59:e6:0f:1c:2b:ba:a8:ef:62:17:e5:
                    e7:c8:fb:55:dd:0e:72:98:32:ad:ee:7e:01:28:b3:
                    e4:f8:61:35:4b:d3:16:0c:f6:f8:c0:46:fb:32:16:
                    a2:d3:ab:cc:4d:e6:44:22:bd:8e:a5:1c:2a:bf:f8:
                    47:84:4b:26:4e:09:30:8b:f2:14:21:74:ef:2e:85:
                    8b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:55:BD:50:A7:94:05:08:A0:6B:5D:F8:B4:80:35:6D:4B:C1:65:83
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6c88c264-a40d-4c0b-9138-31ff0c2ca926.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.206.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:f7:22:1c:2d:1b:07:e8:6d:8c:71:57:2c:74:5b:04:7b:4c:
         26:b4:f1:41:61:12:2a:aa:94:51:05:f0:5a:7f:6e:e7:9d:32:
         b6:d4:90:a3:ff:cd:62:45:a8:f8:82:49:af:fc:46:6f:d9:ec:
         09:65:82:a5:2c:12:4c:bb:81:a2:af:fa:25:d6:5e:d5:4c:9f:
         c3:3a:e6:94:6c:d2:61:c0:54:29:18:6d:2e:ac:4f:81:4e:1b:
         f9:91:f7:ee:a9:b3:ec:77:5c:79:3c:69:0e:50:74:2c:96:b2:
         7e:98:16:76:1a:1e:0d:2a:50:a7:eb:e7:8f:4f:4a:81:4b:c9:
         20:ef:c7:98:76:bc:57:4e:58:6e:b8:78:e1:92:c1:f9:31:83:
         2a:f0:a5:25:0b:a2:0b:cb:5b:66:49:ec:5e:09:09:b4:16:68:
         90:2f:54:10:05:ec:b8:ed:12:9f:ad:16:12:19:52:9c:49:be:
         70:11:b2:af:f7:7d:18:f7:2f:39:99:2b:6f:a6:6a:0d:d3:96:
         6b:2e:26:e9:4f:db:43:62:3b:16:70:1a:17:28:86:76:e3:07:
         40:0f:75:b3:f5:ec:b6:a0:10:36:6f:8e:4e:5e:a5:45:ab:45:
         00:96:36:a8:42:1c:0c:20:2d:fa:e6:6c:8f:e0:c3:40:90:d8:
         b2:f2:ff:59
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUP2VUXaHWkZLXHPKqNGVpIM2RZ6gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNDAwMDAwNFoX
DTI1MTExODIzNTk1OVowejFJMEcGA1UEBRNAYTNmM2IzOGVhMjA2MDU1NWVlZGI4
YWQ0ZTNmNjYxNDc4MDc5ZjAwN2IxMDMxOTkyNjVhZjg4MGE1NDRhNzk0YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qyagnvQMa5vu9/PH+mVCdanMKVL
82hVr0vx9q/i+SoKQMpzxlWdwv7Yuw9y2kiZrI+Ak9dTFHAY3vAD6CirXRUPSBZ5
0s+j0+/ueGCexy/1Q/U0H4fD4sCGqUk+kXJJsMAtzSR1bFC/cWdAwfRXSEaZIpQf
2QNmtY4oNR0GEGiFev34jP/RrGf0Q8fAwlz73E8Z60m/QMj8GFqLxx/AYnUtDK8w
CPC38eqj1HlWmCcrIokbmBrmWeYPHCu6qO9iF+XnyPtV3Q5ymDKt7n4BKLPk+GE1
S9MWDPb4wEb7Mhai06vMTeZEIr2OpRwqv/hHhEsmTgkwi/IUIXTvLoWLOwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGpVvVCnlAUIoGtd+LSANW1LwWWDMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzZjODhjMjY0LWE0MGQtNGMwYi05MTM4LTMxZmYwYzJjYTkyNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCdM5IMA0GCSqGSIb3DQEBCwUAA4IBAQAd9yIcLRsH6G2McVcsdFsE
e0wmtPFBYRIqqpRRBfBaf27nnTK21JCj/81iRaj4gkmv/EZv2ewJZYKlLBJMu4Gi
r/ol1l7VTJ/DOuaUbNJhwFQpGG0urE+BThv5kffuqbPsd1x5PGkOUHQslrJ+mBZ2
Gh4NKlCn6+ePT0qBS8kg78eYdrxXTlhuuHjhksH5MYMq8KUlC6ILy1tmSexeCQm0
FmiQL1QQBey47RKfrRYSGVKcSb5wEbKv930Y9y85mStvpmoN05ZrLibpT9tDYjsW
cBoXKIZ24wdAD3Wz9ey2oBA2b45OXqVFq0UAljaoQhwMIC365myP4MNAkNiy8v9Z
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:38:27 2025 by rpki-client