Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a0d0474f-3a63-4312-ba91-4caeffc8b819.roa
File:                     a0d0474f-3a63-4312-ba91-4caeffc8b819.roa (raw, json)
Hash identifier:          SvQBdb3RRqkZ0tHtBc62KBB2BBFnvoT60ChNzqeCDmU=
Subject key identifier:   02:9D:52:11:DF:B7:1A:2A:F4:FD:88:5C:72:B1:9B:FB:D1:E0:45:04
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3BEB52BACCF79FC4FC4D5AEA81AF24403399C988
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a0d0474f-3a63-4312-ba91-4caeffc8b819.roa
Signing time:             Wed 15 Oct 2025 00:10:50 +0000
ROA not before:           Wed 15 Oct 2025 00:10:50 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da70:4800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:eb:52:ba:cc:f7:9f:c4:fc:4d:5a:ea:81:af:24:40:33:99:c9:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 15 00:10:50 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=8304bd88b07614015c5ae1074cf6e673f205f9046b221be6655396cf6932866f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a2:62:f0:41:90:b4:40:01:9e:f5:0a:bb:6d:
                    55:46:92:74:e8:08:69:d2:52:79:a4:bd:ac:18:69:
                    ed:c4:9a:5f:d6:52:d0:e4:f0:a6:58:47:8f:74:40:
                    e4:35:b1:16:54:d9:59:d5:23:c9:ea:1d:39:83:17:
                    52:a7:8e:18:86:b1:4d:78:b5:fb:aa:16:b6:4c:4f:
                    e5:83:c1:dc:02:5b:7c:36:36:a0:db:8e:27:b2:8f:
                    19:b6:d6:8c:24:af:ed:af:1d:c9:4b:c4:f6:3a:82:
                    bb:51:a9:6c:6e:ce:db:7f:1c:7c:82:21:d7:07:51:
                    4d:03:76:17:90:e7:0d:97:2c:6a:82:cb:5f:36:ec:
                    74:a0:5e:ec:36:39:a3:6b:a5:16:23:76:d5:9a:70:
                    c8:55:1c:92:6e:f6:82:8d:f6:ae:cc:69:ba:58:7c:
                    46:da:9d:30:10:1c:10:14:24:41:5a:3d:de:28:97:
                    e5:87:a5:88:7f:93:b3:97:38:c0:fb:ed:52:e0:36:
                    a0:21:d7:f9:d7:8c:a8:1c:31:d9:b7:31:f6:12:76:
                    a5:64:51:46:37:d1:49:5e:dd:95:b5:6b:93:8f:7a:
                    32:0b:91:6c:e4:ce:4a:65:8e:20:46:16:a8:ce:cf:
                    20:59:f9:5e:b6:d2:b3:3d:1b:ee:80:5b:40:2b:57:
                    ad:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:9D:52:11:DF:B7:1A:2A:F4:FD:88:5C:72:B1:9B:FB:D1:E0:45:04
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a0d0474f-3a63-4312-ba91-4caeffc8b819.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da70:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:22:b0:ac:a2:e1:d8:75:f3:2d:5a:8d:51:ad:8c:93:60:2a:
         57:69:4f:87:79:2f:25:7c:51:89:09:a6:d2:3f:69:85:9a:3a:
         53:df:e2:a7:be:3d:84:0a:27:d7:7c:1a:f5:bf:a2:e6:53:47:
         3c:ec:34:11:40:b8:07:37:d1:14:41:e0:ee:87:0a:dc:9b:e7:
         a0:95:ad:c1:89:55:04:36:1f:c5:4e:5a:2e:49:fc:2f:bf:25:
         47:4e:58:a8:7d:db:55:62:ad:7c:08:da:d5:16:26:b8:d8:b5:
         12:be:0a:09:42:02:56:63:e0:b0:01:08:10:c8:a4:53:8f:d9:
         1e:4f:a8:93:dc:14:1a:af:a5:34:71:f0:83:3d:93:6e:e4:d5:
         6e:0c:fe:01:ef:95:8c:4f:80:c9:09:b2:d0:e5:a4:52:7f:99:
         ca:7b:f0:74:08:3c:2b:2b:ba:63:a6:f1:79:89:8b:7a:18:bc:
         90:10:4e:c9:3a:53:b6:80:bb:52:46:37:dd:0a:04:90:50:2c:
         56:f9:09:df:55:8c:bc:41:e8:7e:18:bf:c4:96:20:e4:c0:41:
         ca:69:52:4f:62:68:7d:f9:c7:d7:b3:29:04:bb:d3:df:bb:4d:
         ac:87:28:8e:63:f2:fe:d3:84:1c:f1:27:ea:ab:ee:d7:23:32:
         43:da:54:b4
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUO+tSusz3n8T8TVrqga8kQDOZyYgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNTAwMTA1MFoX
DTI1MTExOTIzNTk1OVowejFJMEcGA1UEBRNAODMwNGJkODhiMDc2MTQwMTVjNWFl
MTA3NGNmNmU2NzNmMjA1ZjkwNDZiMjIxYmU2NjU1Mzk2Y2Y2OTMyODY2ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKJi8EGQtEABnvUKu21VRpJ06Ahp
0lJ5pL2sGGntxJpf1lLQ5PCmWEePdEDkNbEWVNlZ1SPJ6h05gxdSp44YhrFNeLX7
qha2TE/lg8HcAlt8Njag244nso8ZttaMJK/trx3JS8T2OoK7Ualsbs7bfxx8giHX
B1FNA3YXkOcNlyxqgstfNux0oF7sNjmja6UWI3bVmnDIVRySbvaCjfauzGm6WHxG
2p0wEBwQFCRBWj3eKJflh6WIf5OzlzjA++1S4DagIdf514yoHDHZtzH2EnalZFFG
N9FJXt2VtWuTj3oyC5Fs5M5KZY4gRhaozs8gWflettKzPRvugFtAK1et9QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAKdUhHftxoq9P2IXHKxm/vR4EUEMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2EwZDA0NzRmLTNhNjMtNDMxMi1iYTkxLTRjYWVmZmM4YjgxOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbacEgwDQYJKoZIhvcNAQELBQADggEBAA0isKyi4dh18y1ajVGt
jJNgKldpT4d5LyV8UYkJptI/aYWaOlPf4qe+PYQKJ9d8GvW/ouZTRzzsNBFAuAc3
0RRB4O6HCtyb56CVrcGJVQQ2H8VOWi5J/C+/JUdOWKh921VirXwI2tUWJrjYtRK+
CglCAlZj4LABCBDIpFOP2R5PqJPcFBqvpTRx8IM9k27k1W4M/gHvlYxPgMkJstDl
pFJ/mcp78HQIPCsrumOm8XmJi3oYvJAQTsk6U7aAu1JGN90KBJBQLFb5Cd9VjLxB
6H4Yv8SWIOTAQcppUk9iaH35x9ezKQS709+7TayHKI5j8v7ThBzxJ+qr7tcjMkPa
VLQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:20:11 2025 by rpki-client