Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8dba85b7-4730-4c28-98df-3c8484e0f1cc.roa
File:                     8dba85b7-4730-4c28-98df-3c8484e0f1cc.roa (raw, json)
Hash identifier:          pC5I+sdzNAbJLLd0Hx2o3COpc6sMW6g1bPXxEcKRH4A=
Subject key identifier:   B9:72:67:8E:31:A4:30:3C:11:07:DF:AA:5B:CD:A9:0F:85:29:44:A0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4542C4D42B0F23A5732B2DE34ACC042AA63A2CE2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8dba85b7-4730-4c28-98df-3c8484e0f1cc.roa
Signing time:             Mon 13 Oct 2025 15:20:03 +0000
ROA not before:           Mon 13 Oct 2025 15:20:03 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:c840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:42:c4:d4:2b:0f:23:a5:73:2b:2d:e3:4a:cc:04:2a:a6:3a:2c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 13 15:20:03 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=95ed089bdafbdc0ac6b66d967efcfafded4cef0040ad9e6756cfe62a19920cf6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:3d:26:4b:0d:17:14:d5:9d:b3:2c:7c:eb:ab:
                    26:ae:b7:55:73:40:36:8a:24:e0:2a:0e:c4:05:b6:
                    0d:cc:16:d4:b9:5f:a4:fe:28:0d:ea:99:5a:6b:7a:
                    4f:00:32:88:29:01:92:31:70:55:b0:0c:d1:7f:51:
                    ba:e9:43:63:b8:b0:da:85:4a:55:94:a1:ec:53:7c:
                    1f:36:c7:fd:95:e9:0f:56:ba:b9:77:83:2b:fb:0d:
                    8c:48:28:e4:fd:e1:49:95:12:8a:e0:31:5d:7d:61:
                    b9:f9:b7:51:15:b9:3a:93:68:61:53:4a:78:0d:f5:
                    11:9d:3f:98:f4:b7:d9:5a:f2:8b:93:81:8b:75:de:
                    c9:65:a5:07:7a:7d:53:a4:6a:c4:cf:2f:51:78:27:
                    2c:07:7f:2b:04:f4:80:63:c2:54:9e:fb:3e:2e:79:
                    25:71:65:76:4f:5f:f3:42:72:fe:fb:15:48:86:d6:
                    30:ee:33:14:55:e6:9a:58:a0:c2:04:8c:0e:e8:34:
                    ec:17:0b:cb:8c:71:5d:19:87:8b:d6:a2:92:24:ee:
                    e2:8c:66:82:e4:3e:f2:6c:94:de:6e:24:70:a8:42:
                    36:a6:05:eb:44:92:bf:87:89:2e:00:f7:bc:98:c2:
                    92:8e:82:fb:10:dc:ea:0a:96:96:2a:f3:e0:da:6e:
                    0d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:72:67:8E:31:A4:30:3C:11:07:DF:AA:5B:CD:A9:0F:85:29:44:A0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8dba85b7-4730-4c28-98df-3c8484e0f1cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:c840::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:de:03:1d:80:07:88:2c:6e:bb:ca:1d:f1:bf:35:f1:2b:5a:
         75:8b:58:a7:94:69:bf:65:f7:80:61:a2:f8:91:4b:f1:b7:d7:
         b5:27:15:00:6d:a5:b5:21:60:0b:ef:1f:c5:72:38:ae:b6:9e:
         e3:64:5b:54:ec:81:7a:69:e8:e8:bb:0b:73:5a:a8:a1:2e:79:
         a0:ca:22:ca:0e:26:9c:a9:df:fc:5d:2d:6d:36:20:84:be:f5:
         aa:f8:d1:b7:69:10:33:57:a6:0d:8f:8a:8d:13:f6:cd:ea:c5:
         8c:b3:dd:15:0d:86:f3:60:2e:81:15:90:83:06:79:be:f1:3c:
         c1:d1:61:0f:2b:15:b7:c0:93:fa:42:56:dd:17:20:2c:1f:ae:
         64:21:17:e3:a7:14:29:8e:3a:c8:3b:4c:6b:ec:8e:21:4d:26:
         25:c8:b3:f5:7a:f5:08:39:53:c3:09:55:64:5f:fc:f5:93:37:
         ba:ec:f6:9b:08:44:66:01:95:22:8b:80:a3:1b:d0:e3:b2:43:
         b8:0b:a0:e2:a9:e4:1d:f8:da:57:d7:76:d0:64:79:b1:5c:43:
         47:81:46:df:ce:89:bf:23:dc:e6:44:3e:48:ad:2f:b4:18:c6:
         b8:8f:2b:bc:dc:06:0d:7d:84:80:ea:1b:57:b0:e9:ad:2b:20:
         5e:54:52:6c
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIURULE1CsPI6VzKy3jSswEKqY6LOIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMzE1MjAwM1oX
DTI1MTExNzIzNTk1OVowejFJMEcGA1UEBRNAOTVlZDA4OWJkYWZiZGMwYWM2YjY2
ZDk2N2VmY2ZhZmRlZDRjZWYwMDQwYWQ5ZTY3NTZjZmU2MmExOTkyMGNmNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8z0mSw0XFNWdsyx866smrrdVc0A2
iiTgKg7EBbYNzBbUuV+k/igN6plaa3pPADKIKQGSMXBVsAzRf1G66UNjuLDahUpV
lKHsU3wfNsf9lekPVrq5d4Mr+w2MSCjk/eFJlRKK4DFdfWG5+bdRFbk6k2hhU0p4
DfURnT+Y9LfZWvKLk4GLdd7JZaUHen1TpGrEzy9ReCcsB38rBPSAY8JUnvs+Lnkl
cWV2T1/zQnL++xVIhtYw7jMUVeaaWKDCBIwO6DTsFwvLjHFdGYeL1qKSJO7ijGaC
5D7ybJTebiRwqEI2pgXrRJK/h4kuAPe8mMKSjoL7ENzqCpaWKvPg2m4NMQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLlyZ44xpDA8EQffqlvNqQ+FKUSgMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhkYmE4NWI3LTQ3MzAtNGMyOC05OGRmLTNjODQ4NGUwZjFjYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8shAMA0GCSqGSIb3DQEBCwUAA4IBAQBe3gMdgAeILG67yh3x
vzXxK1p1i1inlGm/ZfeAYaL4kUvxt9e1JxUAbaW1IWAL7x/Fcjiutp7jZFtU7IF6
aejouwtzWqihLnmgyiLKDiacqd/8XS1tNiCEvvWq+NG3aRAzV6YNj4qNE/bN6sWM
s90VDYbzYC6BFZCDBnm+8TzB0WEPKxW3wJP6QlbdFyAsH65kIRfjpxQpjjrIO0xr
7I4hTSYlyLP1evUIOVPDCVVkX/z1kze67PabCERmAZUii4CjG9DjskO4C6DiqeQd
+NpX13bQZHmxXENHgUbfzom/I9zmRD5IrS+0GMa4jyu83AYNfYSA6htXsOmtKyBe
VFJs
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:32:15 2025 by rpki-client