Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa
File:                     97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa (raw, json)
Hash identifier:          689KNKUBZn0NoccQmQuuURUaLQ1jSLlg1QuNyo6h+MY=
Subject key identifier:   3D:A4:60:F1:8B:A9:8D:95:91:DE:F5:0F:BE:0D:6B:E4:41:0E:33:B5
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       386F8D06EDFCA86B605398965EB36EA577F8BD80
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa
Signing time:             Mon 06 Oct 2025 15:20:08 +0000
ROA not before:           Mon 06 Oct 2025 15:20:08 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da2b::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:6f:8d:06:ed:fc:a8:6b:60:53:98:96:5e:b3:6e:a5:77:f8:bd:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct  6 15:20:08 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=aa6f7776b503a5dbb339c06acabc519369b1d9c8e94f9c127c135b9a2d79cb73, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:51:57:79:3d:31:23:0d:ec:db:d8:35:ec:3d:
                    48:b2:9b:40:95:fc:3e:0d:b8:32:47:29:b1:d2:2d:
                    a3:3e:b4:5f:34:50:b6:c6:54:8d:8d:68:17:4f:18:
                    01:6b:eb:cc:91:26:f2:61:09:d0:09:66:95:01:7e:
                    de:25:a7:32:23:a5:c3:ab:19:e1:98:98:4b:33:78:
                    a4:c5:a3:ab:c9:ed:91:ed:fe:84:b0:e6:bd:72:7e:
                    8d:74:11:7a:40:5b:e3:42:ae:0e:59:2b:32:a2:d8:
                    02:71:a6:6b:7d:4d:54:ba:05:9c:02:6f:f2:8a:50:
                    a5:b8:68:01:62:43:f2:cd:7d:8f:0e:2f:15:d9:89:
                    f6:c8:2b:ce:1d:88:79:c0:ea:2f:3d:57:e3:cd:39:
                    2d:e3:fe:0b:3c:b7:15:93:6e:08:e0:f4:32:e9:1a:
                    86:cb:3d:37:f1:62:78:62:58:b8:90:4c:15:c9:f7:
                    4c:c1:21:7c:6d:01:bf:91:dd:a1:10:b3:a4:32:9d:
                    b4:13:05:46:28:78:be:f1:c4:e8:85:95:c9:2f:63:
                    c5:be:7b:f8:e5:43:ab:a6:c7:3b:2c:89:ae:40:99:
                    66:ac:0e:28:0e:27:14:12:21:44:ff:ea:13:ae:ce:
                    20:72:ff:ec:81:e7:81:1c:08:9d:29:ed:3e:94:23:
                    21:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A4:60:F1:8B:A9:8D:95:91:DE:F5:0F:BE:0D:6B:E4:41:0E:33:B5
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da2b::/36

    Signature Algorithm: sha256WithRSAEncryption
         0a:4b:41:df:be:c3:b8:34:f2:e6:c0:85:d6:18:3c:3d:5c:15:
         55:cd:01:34:db:0d:8f:dd:e5:88:f8:a5:3e:a5:9c:75:3d:4c:
         f1:4b:04:b6:80:71:00:71:1c:4c:11:c1:4c:90:de:96:3a:57:
         2a:76:14:16:42:dc:40:df:ad:3a:88:0e:53:e1:d2:6d:78:a4:
         3e:06:46:fe:a7:cc:7f:ac:c1:bd:b2:53:be:e9:03:fc:66:3d:
         99:58:2b:8d:1b:ab:46:80:75:9b:8a:2e:a8:3a:e7:9e:62:ff:
         c5:c4:a5:5c:13:30:20:79:76:b0:5c:02:80:54:b9:4d:db:16:
         2e:91:80:ae:35:2b:fd:aa:1d:39:ed:99:45:87:ea:99:70:f1:
         b1:7d:b6:1c:0e:d0:b9:89:0f:82:05:e5:a1:1e:bc:b4:b4:5f:
         77:e6:fd:c6:b3:f6:3f:00:32:c8:a5:85:7a:b6:9a:75:c0:74:
         2b:27:eb:49:d2:b9:fd:17:06:2b:f5:f2:24:75:55:1e:2a:3c:
         fa:9e:1f:1d:eb:47:74:4d:79:12:e4:2d:ad:94:53:d2:57:5b:
         0c:70:f1:05:de:47:d7:98:ca:29:a8:70:77:49:0e:c8:28:39:
         e0:c6:19:85:bd:0b:4f:0f:9a:a1:77:d5:26:3b:ed:9c:85:e9:
         c4:95:1e:18
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUOG+NBu38qGtgU5iWXrNupXf4vYAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAwNjE1MjAwOFoX
DTI1MTExMDIzNTk1OVowejFJMEcGA1UEBRNAYWE2Zjc3NzZiNTAzYTVkYmIzMzlj
MDZhY2FiYzUxOTM2OWIxZDljOGU5NGY5YzEyN2MxMzViOWEyZDc5Y2I3MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilFXeT0xIw3s29g17D1IsptAlfw+
DbgyRymx0i2jPrRfNFC2xlSNjWgXTxgBa+vMkSbyYQnQCWaVAX7eJacyI6XDqxnh
mJhLM3ikxaOrye2R7f6EsOa9cn6NdBF6QFvjQq4OWSsyotgCcaZrfU1UugWcAm/y
ilCluGgBYkPyzX2PDi8V2Yn2yCvOHYh5wOovPVfjzTkt4/4LPLcVk24I4PQy6RqG
yz038WJ4Yli4kEwVyfdMwSF8bQG/kd2hELOkMp20EwVGKHi+8cTohZXJL2PFvnv4
5UOrpsc7LImuQJlmrA4oDicUEiFE/+oTrs4gcv/sgeeBHAidKe0+lCMhoQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFD2kYPGLqY2Vkd71D74Na+RBDjO1MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk3YWNiMDllLWE0YWMtNDk4Yi1iZmE4LWZmMmQ4ZGEyYmYzYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaKwAwDQYJKoZIhvcNAQELBQADggEBAApLQd++w7g08ubAhdYY
PD1cFVXNATTbDY/d5Yj4pT6lnHU9TPFLBLaAcQBxHEwRwUyQ3pY6Vyp2FBZC3EDf
rTqIDlPh0m14pD4GRv6nzH+swb2yU77pA/xmPZlYK40bq0aAdZuKLqg6555i/8XE
pVwTMCB5drBcAoBUuU3bFi6RgK41K/2qHTntmUWH6plw8bF9thwO0LmJD4IF5aEe
vLS0X3fm/caz9j8AMsilhXq2mnXAdCsn60nSuf0XBiv18iR1VR4qPPqeHx3rR3RN
eRLkLa2UU9JXWwxw8QXeR9eYyimocHdJDsgoOeDGGYW9C08PmqF31SY77ZyF6cSV
Hhg=
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:28:24 2025 by rpki-client