Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa
File:                     84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa (raw, json)
Hash identifier:          uwUISPLrAIi8vaoAQDL62KqL3xZ9Gm1sCPXfW7ktwB8=
Subject key identifier:   D7:5A:45:F3:0F:FE:26:D4:AA:63:36:EC:2E:FC:A8:65:E2:A2:D9:F7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1F9F19AEFA5B0B77A4E687B00E1235FD9C952259
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa
Signing time:             Mon 13 Oct 2025 15:38:58 +0000
ROA not before:           Mon 13 Oct 2025 15:38:58 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:80c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:9f:19:ae:fa:5b:0b:77:a4:e6:87:b0:0e:12:35:fd:9c:95:22:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 13 15:38:58 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=29beaaee8d458b5ca2880c6c7b2dbe20fc8eee7609a6472ccd7734fe1da27c1f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f4:4f:9f:3e:10:2c:61:4c:57:57:89:61:ae:
                    d5:9d:35:9d:f3:10:79:2f:fd:55:77:aa:21:0f:50:
                    e7:e4:c7:2f:5a:81:6e:d2:52:b0:fb:df:ef:9a:ec:
                    82:e0:81:f6:42:0f:53:13:1f:71:9e:6a:c8:a0:5b:
                    ff:0d:4b:e4:92:e4:8f:9f:7a:3e:e3:f9:b8:26:82:
                    d6:5e:b1:62:3c:e2:41:28:3d:75:6f:e2:6b:c9:b3:
                    c8:85:b3:02:d9:66:09:35:5e:2a:71:a4:51:01:eb:
                    32:d3:e8:8c:20:8b:d4:0f:fb:2f:de:f1:d1:c3:bf:
                    1e:fd:c9:f2:31:0f:ac:21:f9:d6:bb:6b:60:30:75:
                    d2:48:c2:31:69:b5:3a:59:88:2a:17:9e:21:2a:0a:
                    a8:20:aa:1e:97:e5:ba:2b:e8:2a:a4:26:bf:7e:4e:
                    7a:88:dc:d3:2b:2c:f7:ef:97:25:cf:31:89:ff:a3:
                    67:6f:53:54:6b:6d:88:5e:b7:a1:7f:67:99:b8:d3:
                    fc:c5:a9:c7:9b:4c:c9:20:f5:b5:98:d8:bc:14:66:
                    4b:b4:1b:f1:86:90:1a:24:45:94:ce:8a:2f:9c:34:
                    a7:e2:75:49:37:bc:48:7c:41:ba:65:4e:1c:55:6f:
                    13:43:67:c6:c5:51:a8:3e:9a:b0:ec:d0:ac:84:d0:
                    cf:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5A:45:F3:0F:FE:26:D4:AA:63:36:EC:2E:FC:A8:65:E2:A2:D9:F7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/84ce14d5-7bf8-4610-8dae-0f2ea4ce82be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:80c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:17:5d:a6:00:40:59:59:a9:a9:59:c9:3f:70:11:ac:e7:06:
         99:11:ac:02:0e:5e:4b:e9:41:bd:10:ae:6f:c4:12:b5:a5:87:
         2e:66:5a:03:53:de:f6:f5:4b:44:2e:81:70:eb:81:df:4e:27:
         1b:e7:c8:82:bf:35:11:8b:77:60:b3:2e:20:f4:61:57:c4:27:
         f7:ec:84:7d:eb:84:98:2c:74:83:54:a4:09:05:a7:0a:ac:9d:
         60:2b:0b:6e:9a:d1:f1:9b:63:f5:0f:6b:50:24:8b:9c:53:c8:
         21:a9:0d:20:6c:72:67:33:f5:e5:6f:87:f5:b4:d2:50:0b:77:
         e0:4e:d0:f9:34:63:79:aa:52:cb:67:e4:d5:90:f5:ab:35:5b:
         b2:a3:04:55:9d:2b:bf:6e:b6:93:7b:09:de:c5:7a:79:81:7c:
         9e:24:7f:23:32:fc:12:00:a6:51:f7:eb:7f:21:35:5e:bc:b8:
         42:d6:1c:f1:5e:2f:39:3c:96:f7:f5:5b:d7:6d:02:6b:90:5f:
         cd:0f:f9:62:0a:fe:2e:1a:cf:90:82:58:90:01:54:a9:a8:6c:
         30:ec:f4:14:bf:e4:c5:ac:d9:f4:ee:26:31:95:d1:2e:c3:0b:
         71:ae:84:9a:3d:e7:62:91:87:23:ae:e9:35:c0:4b:15:24:51:
         bb:46:2c:cc
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUH58ZrvpbC3ek5oewDhI1/ZyVIlkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMzE1Mzg1OFoX
DTI1MTExNzIzNTk1OVowejFJMEcGA1UEBRNAMjliZWFhZWU4ZDQ1OGI1Y2EyODgw
YzZjN2IyZGJlMjBmYzhlZWU3NjA5YTY0NzJjY2Q3NzM0ZmUxZGEyN2MxZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfRPnz4QLGFMV1eJYa7VnTWd8xB5
L/1Vd6ohD1Dn5McvWoFu0lKw+9/vmuyC4IH2Qg9TEx9xnmrIoFv/DUvkkuSPn3o+
4/m4JoLWXrFiPOJBKD11b+JrybPIhbMC2WYJNV4qcaRRAesy0+iMIIvUD/sv3vHR
w78e/cnyMQ+sIfnWu2tgMHXSSMIxabU6WYgqF54hKgqoIKoel+W6K+gqpCa/fk56
iNzTKyz375clzzGJ/6Nnb1NUa22IXrehf2eZuNP8xanHm0zJIPW1mNi8FGZLtBvx
hpAaJEWUzoovnDSn4nVJN7xIfEG6ZU4cVW8TQ2fGxVGoPpqw7NCshNDPiwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNdaRfMP/ibUqmM27C78qGXiotn3MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg0Y2UxNGQ1LTdiZjgtNDYxMC04ZGFlLTBmMmVhNGNlODJiZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8oDAMA0GCSqGSIb3DQEBCwUAA4IBAQAoF12mAEBZWampWck/
cBGs5waZEawCDl5L6UG9EK5vxBK1pYcuZloDU9729UtELoFw64HfTicb58iCvzUR
i3dgsy4g9GFXxCf37IR964SYLHSDVKQJBacKrJ1gKwtumtHxm2P1D2tQJIucU8gh
qQ0gbHJnM/Xlb4f1tNJQC3fgTtD5NGN5qlLLZ+TVkPWrNVuyowRVnSu/braTewne
xXp5gXyeJH8jMvwSAKZR9+t/ITVevLhC1hzxXi85PJb39VvXbQJrkF/ND/liCv4u
Gs+QgliQAVSpqGww7PQUv+TFrNn07iYxldEuwwtxroSaPedikYcjruk1wEsVJFG7
RizM
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:03:12 2025 by rpki-client