Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7105aadf-8449-4060-98c4-d4b349ff7892.roa
File:                     7105aadf-8449-4060-98c4-d4b349ff7892.roa (raw, json)
Hash identifier:          enAcS6Df9O/KVPiHbbvNrKu4UP0HGm9+4sgA75k10N0=
Subject key identifier:   F0:89:CE:08:48:BC:55:C1:01:47:BA:EC:7F:CD:B7:BE:31:89:F1:A7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7A497B99B62EA7210D05C989C6F0B9818E7EB528
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7105aadf-8449-4060-98c4-d4b349ff7892.roa
Signing time:             Mon 06 Oct 2025 15:10:08 +0000
ROA not before:           Mon 06 Oct 2025 15:10:08 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf5:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:49:7b:99:b6:2e:a7:21:0d:05:c9:89:c6:f0:b9:81:8e:7e:b5:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct  6 15:10:08 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=762e3b31fbc6d5d1d2d808e02dea06fc7c754f8543163871ae574d9319b6f3ed, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:a0:2f:97:a8:c1:4b:2e:58:d3:0f:86:9b:e4:
                    e7:9f:b5:73:ea:d7:0b:a1:77:98:47:e4:ee:63:9a:
                    f8:38:9c:1f:81:c3:68:67:18:4d:43:9d:16:fb:32:
                    9e:a8:ac:82:ba:f4:53:ba:59:5b:3d:03:ff:0a:0e:
                    76:45:18:d8:11:67:f4:d5:72:08:92:ca:02:c3:8a:
                    d3:58:63:69:38:92:89:56:73:2f:c1:0b:71:5e:f3:
                    24:dc:c5:99:b4:ea:21:2c:40:55:19:f8:d0:cb:53:
                    3f:d5:b8:a1:c6:14:61:e8:9c:68:b5:9e:5d:2c:b9:
                    00:21:58:20:d4:29:2a:05:a6:c1:a6:e3:c1:91:74:
                    46:55:37:2b:93:4c:47:3e:54:56:5e:7b:59:41:09:
                    f5:89:27:ee:e8:c6:1c:e4:1d:42:25:13:84:16:13:
                    5d:6c:0f:12:00:e6:99:fe:74:1a:f2:ca:6e:37:1b:
                    10:3b:9b:c2:90:ad:ec:85:8f:56:a4:a2:12:34:18:
                    66:ae:7b:14:93:e9:0c:6e:76:76:b5:ac:2b:72:46:
                    83:70:52:e0:96:72:63:8b:c9:ce:13:cc:06:d3:21:
                    76:cf:a4:46:e6:ab:c6:6a:18:0f:d4:ea:4d:40:0e:
                    b7:b1:81:87:28:21:1f:04:a1:00:92:d1:a4:49:3a:
                    08:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:89:CE:08:48:BC:55:C1:01:47:BA:EC:7F:CD:B7:BE:31:89:F1:A7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7105aadf-8449-4060-98c4-d4b349ff7892.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf5:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ac:e6:b0:20:35:bd:76:d2:30:d1:2e:32:15:7d:b9:ef:95:5b:
         1b:33:b0:13:48:f0:d3:cb:7d:0f:c6:fe:08:1f:3a:a6:38:68:
         9a:a8:7a:ae:1f:34:3b:ee:bc:8a:83:f3:43:24:3f:9d:86:8c:
         2e:f3:8d:2e:27:c2:3e:99:fa:bc:ed:59:0f:1d:19:8e:31:dd:
         88:ee:77:62:05:95:52:0d:06:5f:66:ac:2d:15:7b:5c:d0:46:
         1c:c2:f3:44:e9:a0:eb:df:c3:6c:b8:76:29:a5:16:70:67:b6:
         7e:96:6d:33:91:82:cd:8d:12:eb:af:2e:7d:d1:18:ac:e5:76:
         a7:29:e8:e3:fc:d7:d4:5d:51:eb:e1:01:7a:d4:43:c1:49:fb:
         51:07:e1:d2:32:65:ec:ee:ce:03:80:04:92:ea:fe:b0:91:64:
         df:e4:67:ff:95:b8:de:8c:47:b6:9e:7c:c2:55:29:5b:b0:7d:
         1e:7c:c8:6b:a2:f3:74:1c:c2:a5:4c:e3:e3:19:88:de:08:f5:
         82:da:aa:01:11:0b:e3:e8:80:fa:5f:44:44:27:af:7f:51:0b:
         14:60:ed:f4:44:71:c9:79:9a:12:66:ee:8f:c1:4b:aa:cf:a2:
         60:6b:69:5f:a1:d0:5a:a0:2e:45:a9:7d:76:38:68:9c:81:b0:
         80:57:46:6a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUekl7mbYupyENBcmJxvC5gY5+tSgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAwNjE1MTAwOFoX
DTI1MTExMDIzNTk1OVowejFJMEcGA1UEBRNANzYyZTNiMzFmYmM2ZDVkMWQyZDgw
OGUwMmRlYTA2ZmM3Yzc1NGY4NTQzMTYzODcxYWU1NzRkOTMxOWI2ZjNlZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qAvl6jBSy5Y0w+Gm+Tnn7Vz6tcL
oXeYR+TuY5r4OJwfgcNoZxhNQ50W+zKeqKyCuvRTullbPQP/Cg52RRjYEWf01XII
ksoCw4rTWGNpOJKJVnMvwQtxXvMk3MWZtOohLEBVGfjQy1M/1bihxhRh6JxotZ5d
LLkAIVgg1CkqBabBpuPBkXRGVTcrk0xHPlRWXntZQQn1iSfu6MYc5B1CJROEFhNd
bA8SAOaZ/nQa8spuNxsQO5vCkK3shY9WpKISNBhmrnsUk+kMbnZ2tawrckaDcFLg
lnJji8nOE8wG0yF2z6RG5qvGahgP1OpNQA63sYGHKCEfBKEAktGkSToIGwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPCJzghIvFXBAUe67H/Nt74xifGnMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzcxMDVhYWRmLTg0NDktNDA2MC05OGM0LWQ0YjM0OWZmNzg5Mi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9bAwDQYJKoZIhvcNAQELBQADggEBAKzmsCA1vXbSMNEuMhV9
ue+VWxszsBNI8NPLfQ/G/ggfOqY4aJqoeq4fNDvuvIqD80MkP52GjC7zjS4nwj6Z
+rztWQ8dGY4x3Yjud2IFlVINBl9mrC0Ve1zQRhzC80TpoOvfw2y4dimlFnBntn6W
bTORgs2NEuuvLn3RGKzldqcp6OP819RdUevhAXrUQ8FJ+1EH4dIyZezuzgOABJLq
/rCRZN/kZ/+VuN6MR7aefMJVKVuwfR58yGui83QcwqVM4+MZiN4I9YLaqgERC+Po
gPpfREQnr39RCxRg7fREccl5mhJm7o/BS6rPomBraV+h0FqgLkWpfXY4aJyBsIBX
Rmo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:56:07 2025 by rpki-client