Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bd3366c-489c-4afe-af18-d26b5824bd0e.roa
File:                     8bd3366c-489c-4afe-af18-d26b5824bd0e.roa (raw, json)
Hash identifier:          BQKPl2i6voKKTNzxCWDz+wj88xClOztvgyf7qDD19rs=
Subject key identifier:   20:9E:63:6F:FD:EA:38:12:AC:60:47:CE:90:37:B2:51:05:94:BB:3D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       016FE8FADC0A82A943FCBB11956D11A6BA951BCB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bd3366c-489c-4afe-af18-d26b5824bd0e.roa
Signing time:             Mon 13 Oct 2025 15:38:55 +0000
ROA not before:           Mon 13 Oct 2025 15:38:55 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:9040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:6f:e8:fa:dc:0a:82:a9:43:fc:bb:11:95:6d:11:a6:ba:95:1b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 13 15:38:55 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=61660ecf343112cddefd0e3cfaf5a3fbf5af28a9b45ab25242604ea95a49053a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:be:f0:2a:4f:c7:ee:3c:e8:fc:b7:68:e2:e5:
                    d2:24:fb:5a:00:9c:ce:9f:22:61:db:d7:c2:09:98:
                    76:35:71:ae:05:6d:dd:d5:ce:95:0a:1c:53:53:df:
                    23:44:59:7a:94:a8:15:9b:a0:03:db:51:d3:59:5c:
                    bd:c1:f2:db:49:cd:aa:d7:11:bb:14:36:4e:78:8a:
                    ed:3e:27:a4:05:0d:ca:07:49:53:0a:28:62:41:50:
                    48:f4:75:9a:f9:57:10:17:b2:dc:2d:f4:f0:97:18:
                    93:d3:80:7b:96:a7:22:66:ab:3c:82:d2:65:14:02:
                    49:46:ae:95:00:44:ba:35:a6:f1:cd:56:41:ec:37:
                    06:2a:b5:92:ba:14:ca:4e:1a:00:ea:3b:59:08:25:
                    9d:d8:28:f5:07:56:e3:ee:57:ce:f9:5c:db:03:99:
                    ed:6c:a0:ec:d4:89:29:d3:d2:49:66:9f:55:42:fe:
                    7b:dc:67:aa:d5:06:f2:a7:e3:a3:2f:52:0e:1b:bf:
                    57:b6:85:6b:59:28:9c:13:1e:f0:77:38:a2:5c:fa:
                    7c:66:9d:eb:07:88:45:bc:5b:17:6e:4f:37:42:af:
                    cf:bc:f6:0a:d1:c4:49:c0:74:8b:4d:67:a7:29:fc:
                    b3:5c:d1:84:39:cb:12:00:fe:62:53:72:4b:f5:5c:
                    72:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:9E:63:6F:FD:EA:38:12:AC:60:47:CE:90:37:B2:51:05:94:BB:3D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8bd3366c-489c-4afe-af18-d26b5824bd0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:9040::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:1d:34:7c:45:bf:d9:35:05:cf:b0:b1:f8:1e:14:33:ef:23:
         c5:b2:7c:d7:6b:13:27:80:f8:2a:0a:9f:9d:43:f8:88:a2:9b:
         f8:21:07:b4:63:94:87:23:52:e6:a6:17:27:49:70:7d:a0:9a:
         1e:2d:d3:27:64:28:02:5e:2c:5c:76:99:2b:00:82:b7:12:11:
         f5:fd:fc:e1:b0:95:63:97:ee:e3:23:d4:ac:75:31:81:a8:c4:
         72:8d:d8:9e:b7:34:7f:8f:62:d5:41:48:93:12:af:de:a4:a3:
         88:87:2f:08:91:44:54:75:7f:6d:8c:be:b2:a3:b6:f8:09:dd:
         5b:94:6c:60:de:55:c5:8d:4c:62:b5:89:20:5f:64:b2:4f:47:
         bd:f0:e1:b6:ba:09:96:cb:e2:7d:22:bf:88:93:89:f0:25:59:
         d0:93:9d:00:18:66:51:b2:36:5b:d4:98:8b:a1:54:72:dc:4f:
         14:bc:6c:ea:a6:fa:f1:f6:73:89:d9:af:5e:08:e7:3a:65:29:
         d2:3a:91:17:5b:6e:a6:d7:ee:bc:da:32:01:93:7d:32:28:d3:
         a4:ef:14:42:fa:d0:c5:bc:80:ed:e3:d5:03:fc:92:8c:68:63:
         0d:06:2d:c9:c5:a5:5f:66:2c:84:a4:e9:88:a0:ac:6e:d2:02:
         8b:b8:e7:f9
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUAW/o+twKgqlD/LsRlW0RprqVG8swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMzE1Mzg1NVoX
DTI1MTExNzIzNTk1OVowejFJMEcGA1UEBRNANjE2NjBlY2YzNDMxMTJjZGRlZmQw
ZTNjZmFmNWEzZmJmNWFmMjhhOWI0NWFiMjUyNDI2MDRlYTk1YTQ5MDUzYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhb7wKk/H7jzo/Ldo4uXSJPtaAJzO
nyJh29fCCZh2NXGuBW3d1c6VChxTU98jRFl6lKgVm6AD21HTWVy9wfLbSc2q1xG7
FDZOeIrtPiekBQ3KB0lTCihiQVBI9HWa+VcQF7LcLfTwlxiT04B7lqciZqs8gtJl
FAJJRq6VAES6NabxzVZB7DcGKrWSuhTKThoA6jtZCCWd2Cj1B1bj7lfO+VzbA5nt
bKDs1Ikp09JJZp9VQv573Geq1Qbyp+OjL1IOG79XtoVrWSicEx7wdziiXPp8Zp3r
B4hFvFsXbk83Qq/PvPYK0cRJwHSLTWenKfyzXNGEOcsSAP5iU3JL9VxynQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCCeY2/96jgSrGBHzpA3slEFlLs9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhiZDMzNjZjLTQ4OWMtNGFmZS1hZjE4LWQyNmI1ODI0YmQwZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8pBAMA0GCSqGSIb3DQEBCwUAA4IBAQC0HTR8Rb/ZNQXPsLH4
HhQz7yPFsnzXaxMngPgqCp+dQ/iIopv4IQe0Y5SHI1LmphcnSXB9oJoeLdMnZCgC
XixcdpkrAIK3EhH1/fzhsJVjl+7jI9SsdTGBqMRyjdietzR/j2LVQUiTEq/epKOI
hy8IkURUdX9tjL6yo7b4Cd1blGxg3lXFjUxitYkgX2SyT0e98OG2ugmWy+J9Ir+I
k4nwJVnQk50AGGZRsjZb1JiLoVRy3E8UvGzqpvrx9nOJ2a9eCOc6ZSnSOpEXW26m
1+682jIBk30yKNOk7xRC+tDFvIDt49UD/JKMaGMNBi3JxaVfZiyEpOmIoKxu0gKL
uOf5
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:07:58 2025 by rpki-client