Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa
File:                     bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa (raw, json)
Hash identifier:          jxRa4L/ancCNpgC+PAIPBnoFl4sCUFIJrpvUlMB/Pkw=
Subject key identifier:   1A:CA:1B:D2:07:B8:37:54:93:E2:89:E9:E8:80:20:C3:34:FA:C9:7C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7B60C3AE682F69270A966DB7449EF8975D2B499C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa
Signing time:             Sat 04 Oct 2025 00:20:05 +0000
ROA not before:           Sat 04 Oct 2025 00:20:05 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daa0:c800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:60:c3:ae:68:2f:69:27:0a:96:6d:b7:44:9e:f8:97:5d:2b:49:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct  4 00:20:05 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=b01a34850574479fa39105d619107f2c73707f51da71dfef3c8af40e5a191304, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:93:28:78:4b:af:a1:49:9e:5e:dd:11:31:5a:
                    20:c2:4a:5c:03:95:c1:5d:64:29:48:60:ac:d1:5c:
                    98:b7:3a:a8:c1:59:f5:a0:a7:57:5a:1a:22:1e:2e:
                    18:a9:47:6b:3e:3b:6a:28:60:e1:07:4e:6c:b7:30:
                    b5:24:b8:62:bc:b2:43:38:d1:ef:9c:03:b9:f2:87:
                    a0:09:9a:26:73:f2:7d:8e:69:fb:28:f3:92:4b:15:
                    81:f9:f6:a1:f4:bb:d9:9d:ff:bc:c6:2a:4d:1b:ba:
                    c9:f5:67:54:e8:b1:05:8a:6f:6c:61:f9:c0:c7:58:
                    48:72:26:ed:dd:7d:cf:77:04:32:97:eb:66:9c:35:
                    62:ba:1b:17:9e:05:42:73:0e:ec:f2:c3:63:b1:53:
                    0a:4d:7a:73:22:4a:e7:dc:5e:8e:16:ef:03:3d:a9:
                    a2:6e:2f:27:2b:f8:74:1a:93:17:8e:ed:06:9d:f5:
                    fe:4c:fc:4d:cf:4e:4e:03:73:53:da:05:0c:13:f9:
                    55:b5:3f:0e:2d:4d:8e:3b:45:67:8d:f4:01:1c:71:
                    8d:63:65:71:25:8a:58:f1:e0:3e:06:f3:73:6d:b5:
                    61:3c:46:03:08:f5:e4:fd:28:4d:53:2a:b9:9f:0c:
                    fa:b6:62:42:f1:03:07:d1:6f:c9:7b:4b:43:62:27:
                    b0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:CA:1B:D2:07:B8:37:54:93:E2:89:E9:E8:80:20:C3:34:FA:C9:7C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daa0:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         00:c5:7b:49:3f:2b:a6:ec:5b:22:85:28:4e:ab:3c:4b:d5:30:
         45:76:b2:e1:32:61:41:53:9d:f7:43:01:db:52:73:99:5b:9f:
         23:ec:e2:11:2c:ff:b7:3b:92:9d:dc:98:20:58:97:72:c6:36:
         ef:cc:3a:82:7e:bf:6f:ec:f6:16:ca:03:de:68:70:01:68:0f:
         20:31:57:95:c2:6a:c4:11:14:50:0e:03:1a:30:e1:37:a6:d6:
         0c:ee:3d:38:ea:20:7f:77:08:1e:46:6d:34:14:83:b8:7d:dd:
         10:2e:12:6b:43:33:88:6e:d8:f0:17:84:9c:00:56:47:6b:a4:
         3a:5d:f7:66:95:fb:3f:8e:b2:e6:7a:d2:33:fe:73:7f:e3:17:
         d9:50:4d:da:7e:fc:12:e8:f3:6e:36:84:44:51:df:43:6b:72:
         6e:01:2e:08:2d:26:57:ca:b0:ae:b1:27:12:72:cc:64:bb:c4:
         97:66:94:f4:0e:59:8c:f0:7e:ac:51:3e:07:5f:fc:09:13:2f:
         93:36:51:69:02:75:9f:25:25:43:8e:71:99:8b:b8:95:58:cf:
         cb:b6:2a:45:89:dd:b9:e4:ef:0c:0c:ff:82:35:26:c6:b9:e4:
         db:66:f3:bd:24:c6:9a:b6:4a:67:05:8b:9c:d2:01:26:98:8e:
         05:0c:7b:e7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUe2DDrmgvaScKlm23RJ74l10rSZwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAwNDAwMjAwNVoX
DTI1MTEwODIzNTk1OVowejFJMEcGA1UEBRNAYjAxYTM0ODUwNTc0NDc5ZmEzOTEw
NWQ2MTkxMDdmMmM3MzcwN2Y1MWRhNzFkZmVmM2M4YWY0MGU1YTE5MTMwNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZMoeEuvoUmeXt0RMVogwkpcA5XB
XWQpSGCs0VyYtzqowVn1oKdXWhoiHi4YqUdrPjtqKGDhB05stzC1JLhivLJDONHv
nAO58oegCZomc/J9jmn7KPOSSxWB+fah9LvZnf+8xipNG7rJ9WdU6LEFim9sYfnA
x1hIcibt3X3PdwQyl+tmnDViuhsXngVCcw7s8sNjsVMKTXpzIkrn3F6OFu8DPami
bi8nK/h0GpMXju0GnfX+TPxNz05OA3NT2gUME/lVtT8OLU2OO0VnjfQBHHGNY2Vx
JYpY8eA+BvNzbbVhPEYDCPXk/ShNUyq5nwz6tmJC8QMH0W/Je0tDYiewmQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBrKG9IHuDdUk+KJ6eiAIMM0+sl8MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JmN2RmY2Y4LWJhMGMtNDdlOS04ZGRiLTZhNmQ4ZWM3MDQxMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaoMgwDQYJKoZIhvcNAQELBQADggEBAADFe0k/K6bsWyKFKE6r
PEvVMEV2suEyYUFTnfdDAdtSc5lbnyPs4hEs/7c7kp3cmCBYl3LGNu/MOoJ+v2/s
9hbKA95ocAFoDyAxV5XCasQRFFAOAxow4Tem1gzuPTjqIH93CB5GbTQUg7h93RAu
EmtDM4hu2PAXhJwAVkdrpDpd92aV+z+OsuZ60jP+c3/jF9lQTdp+/BLo8242hERR
30Nrcm4BLggtJlfKsK6xJxJyzGS7xJdmlPQOWYzwfqxRPgdf/AkTL5M2UWkCdZ8l
JUOOcZmLuJVYz8u2KkWJ3bnk7wwM/4I1Jsa55Ntm870kxpq2SmcFi5zSASaYjgUM
e+c=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:37:01 2025 by rpki-client