Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af8dad8f-1b43-44a7-a8af-fef9607356c3.roa
File:                     af8dad8f-1b43-44a7-a8af-fef9607356c3.roa (raw, json)
Hash identifier:          pA8XgBuZGzGOk01bKdv0SSYTN3en9d6iFK5DwJu+FeM=
Subject key identifier:   33:6B:95:24:6C:2C:90:3A:D0:22:8A:89:20:14:63:63:E9:73:B6:C4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3630709CE389CA1E6994BFBF80FA0018E08FC0E4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af8dad8f-1b43-44a7-a8af-fef9607356c3.roa
Signing time:             Wed 06 Aug 2025 00:01:05 +0000
ROA not before:           Wed 06 Aug 2025 00:01:05 +0000
ROA not after:            Wed 10 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daef:f000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Aug 2025 00:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:30:70:9c:e3:89:ca:1e:69:94:bf:bf:80:fa:00:18:e0:8f:c0:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Aug  6 00:01:05 2025 GMT
            Not After : Sep 10 23:59:59 2025 GMT
        Subject: serialNumber=96aa751c0b871af6750867fab9376296bec5c5ebaa6a266120680bfebffd1548, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a9:c0:9f:a8:03:fb:6b:13:3e:4f:28:0b:e5:
                    2c:0e:d4:c8:c7:76:80:30:6c:20:8c:34:81:cd:de:
                    9a:fc:42:04:c5:cd:6c:be:0f:66:d2:d9:85:52:7f:
                    14:54:02:77:28:f1:ef:99:80:d3:cf:e8:af:cf:77:
                    99:a7:f9:a2:9b:f0:ca:67:3b:02:26:ee:0e:c0:45:
                    39:37:87:f4:d7:21:da:38:f4:a4:58:99:8f:dc:3d:
                    c8:25:2d:fc:4d:42:72:3d:32:eb:86:ba:04:1e:41:
                    b1:ed:80:5a:ea:4f:03:01:bf:ac:be:1d:c6:76:25:
                    9b:3f:01:ba:38:0a:cd:2a:db:88:d4:73:31:22:c9:
                    f1:7b:6e:bd:ca:9a:b3:c2:44:54:bf:4a:87:d2:13:
                    35:4b:a1:f1:f0:22:49:52:53:45:19:f1:e0:88:88:
                    dc:ba:40:97:9e:14:76:a4:1f:59:0a:2c:b7:ad:76:
                    4a:c6:c2:19:51:9a:37:53:7d:24:a6:19:1a:43:66:
                    19:c2:19:0e:23:a0:4d:0d:cb:16:39:15:79:e4:05:
                    fc:38:af:e7:35:4c:61:89:ec:3b:63:4a:10:99:97:
                    90:75:16:7f:19:bb:bf:c5:73:91:e8:51:e2:c8:95:
                    ee:1c:59:d2:1c:72:f9:08:13:aa:2f:be:12:e9:53:
                    49:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6B:95:24:6C:2C:90:3A:D0:22:8A:89:20:14:63:63:E9:73:B6:C4
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af8dad8f-1b43-44a7-a8af-fef9607356c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daef:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:a2:15:01:d6:9e:65:04:02:20:ed:c7:28:37:13:66:be:36:
         5a:52:31:6c:ef:6f:df:37:54:ed:8a:89:cb:36:d2:7d:57:03:
         e3:c2:91:60:e1:84:dc:f5:2d:2e:7e:37:e4:da:80:97:c0:60:
         25:f9:56:8e:55:ff:f6:49:e9:4d:7f:68:4f:e4:15:4e:9e:f6:
         e8:81:5c:ea:0b:bc:91:94:63:33:e5:9d:7d:9e:c9:d9:a6:de:
         fa:0e:6f:d3:fe:c7:cd:64:96:cc:bf:1d:42:8a:06:db:fa:ab:
         ce:7b:10:58:12:92:ff:64:35:36:a7:77:26:a4:c6:9e:1e:2f:
         89:dc:37:43:30:22:13:06:55:c3:87:7b:86:44:ea:77:04:54:
         70:9a:3d:98:6e:d8:26:1f:65:1d:73:dd:90:9d:c1:a9:79:2b:
         a0:49:d1:10:66:70:59:7b:5d:01:18:a6:59:ae:99:1b:a1:b5:
         f3:2a:dc:2d:0c:b1:b2:21:e6:9b:e4:d5:d1:b6:28:57:4e:34:
         29:96:cf:2d:49:b6:fe:08:52:58:9a:44:f1:39:a0:46:53:77:
         19:f4:e4:03:7f:07:f9:20:46:8c:35:9c:4a:85:5d:9c:2d:35:
         f6:9b:9d:bf:71:8f:4b:e8:a9:e7:c6:aa:73:71:34:a5:ad:14:
         c1:f4:73:93
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNjBwnOOJyh5plL+/gPoAGOCPwOQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDgwNjAwMDEwNVoX
DTI1MDkxMDIzNTk1OVowejFJMEcGA1UEBRNAOTZhYTc1MWMwYjg3MWFmNjc1MDg2
N2ZhYjkzNzYyOTZiZWM1YzVlYmFhNmEyNjYxMjA2ODBiZmViZmZkMTU0ODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKnAn6gD+2sTPk8oC+UsDtTIx3aA
MGwgjDSBzd6a/EIExc1svg9m0tmFUn8UVAJ3KPHvmYDTz+ivz3eZp/mim/DKZzsC
Ju4OwEU5N4f01yHaOPSkWJmP3D3IJS38TUJyPTLrhroEHkGx7YBa6k8DAb+svh3G
diWbPwG6OArNKtuI1HMxIsnxe269ypqzwkRUv0qH0hM1S6Hx8CJJUlNFGfHgiIjc
ukCXnhR2pB9ZCiy3rXZKxsIZUZo3U30kphkaQ2YZwhkOI6BNDcsWORV55AX8OK/n
NUxhiew7Y0oQmZeQdRZ/Gbu/xXOR6FHiyJXuHFnSHHL5CBOqL74S6VNJSwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDNrlSRsLJA60CKKiSAUY2Ppc7bEMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FmOGRhZDhmLTFiNDMtNDRhNy1hOGFmLWZlZjk2MDczNTZjMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba7/AwDQYJKoZIhvcNAQELBQADggEBAJCiFQHWnmUEAiDtxyg3
E2a+NlpSMWzvb983VO2Kics20n1XA+PCkWDhhNz1LS5+N+TagJfAYCX5Vo5V//ZJ
6U1/aE/kFU6e9uiBXOoLvJGUYzPlnX2eydmm3voOb9P+x81klsy/HUKKBtv6q857
EFgSkv9kNTandyakxp4eL4ncN0MwIhMGVcOHe4ZE6ncEVHCaPZhu2CYfZR1z3ZCd
wal5K6BJ0RBmcFl7XQEYplmumRuhtfMq3C0MsbIh5pvk1dG2KFdONCmWzy1Jtv4I
UliaRPE5oEZTdxn05AN/B/kgRow1nEqFXZwtNfabnb9xj0voqefGqnNxNKWtFMH0
c5M=
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:10:02 2025 by rpki-client