Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bffbf7d3-f229-458a-8400-7dc848730d21.roa
File:                     bffbf7d3-f229-458a-8400-7dc848730d21.roa (raw, json)
Hash identifier:          R43DfdlI8nxtMA2GeYH43wjrYSmwhVL8JTNGCA36Wm0=
Subject key identifier:   06:0D:C1:E5:B2:A2:A5:BD:FF:DF:82:EE:D4:8F:89:5D:F3:45:89:6E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7A772E601EB587BDD1F3E3472E0378B357534C29
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bffbf7d3-f229-458a-8400-7dc848730d21.roa
Signing time:             Sat 11 Oct 2025 00:00:57 +0000
ROA not before:           Sat 11 Oct 2025 00:00:57 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:c080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:77:2e:60:1e:b5:87:bd:d1:f3:e3:47:2e:03:78:b3:57:53:4c:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 11 00:00:57 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=58e3fa0fb4d642618afda2b601fd6afafbf6aded0999b4fb0ac78e8ed2f4f610, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:30:50:4e:da:f2:5b:42:38:e6:7f:2c:dd:c5:
                    2d:f1:28:a7:72:dc:e6:81:d5:a6:b7:0a:6a:82:7c:
                    64:1a:a1:0f:70:11:1d:c2:6b:6b:d9:69:40:43:c9:
                    fd:cc:fd:99:e8:c3:a2:23:bb:0b:e1:b3:2c:c2:26:
                    64:7c:ae:dc:cb:f9:9e:68:b8:83:06:02:20:45:c3:
                    31:1a:24:1d:8b:32:99:bd:9c:c9:b2:a7:5a:b3:83:
                    c5:bf:dc:de:46:95:92:76:32:56:ad:46:91:e7:61:
                    f2:76:f3:60:f3:47:29:aa:11:66:3b:be:4e:d8:9b:
                    c8:82:2d:41:4f:74:48:39:7b:30:bb:71:5d:cd:a6:
                    0f:eb:44:97:c5:62:a7:12:8b:07:93:3c:f3:20:8d:
                    51:42:17:3d:a1:5b:f3:72:ac:9b:39:80:4d:86:99:
                    93:dc:be:a0:62:04:a5:b3:c9:e7:7d:d2:75:0d:f6:
                    97:d4:91:41:30:5c:e4:11:62:f7:5d:2d:00:0d:22:
                    40:fb:f7:c7:c7:38:57:e1:51:4b:ca:a4:e4:a6:20:
                    00:89:e2:b8:02:db:98:05:fc:1e:1d:c4:8e:12:91:
                    c0:5b:64:65:0c:60:44:4d:14:a8:a3:a9:d0:3b:2d:
                    14:45:7b:96:b6:9e:ab:ff:ea:da:1e:a0:1e:62:82:
                    3d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0D:C1:E5:B2:A2:A5:BD:FF:DF:82:EE:D4:8F:89:5D:F3:45:89:6E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bffbf7d3-f229-458a-8400-7dc848730d21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:c080::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:4c:f9:fe:2a:b5:ee:63:21:41:76:75:c9:9f:3d:ed:e0:fc:
         74:91:9d:9b:fa:49:34:a1:27:b5:05:48:03:ec:b3:15:78:c2:
         ce:7f:18:09:fd:37:a9:41:96:b9:6c:27:cf:c9:03:2d:a6:80:
         a0:53:05:12:27:a4:7c:6c:5d:2c:77:ee:04:b9:df:54:db:00:
         88:87:25:89:e2:29:e1:20:89:d5:1b:ce:e6:39:0c:82:c7:e8:
         02:3f:64:d1:c4:ef:db:9b:05:2d:ed:25:c7:39:3c:40:0c:a9:
         4d:37:55:e3:77:ee:82:8a:0b:de:55:61:63:98:f3:64:6e:57:
         0f:a7:31:51:f6:41:15:b6:b3:7e:9a:61:0d:82:62:b8:83:60:
         d1:ff:e0:61:ec:53:c8:97:a3:43:82:65:b0:fa:26:1e:6a:8c:
         93:8b:68:16:07:29:3a:96:4f:5c:46:d4:4e:71:43:ab:0b:97:
         79:d6:02:3f:13:e3:5c:0e:3b:4a:b7:48:34:43:a1:ba:f9:6b:
         27:a4:90:ca:4d:aa:21:5d:ae:54:ae:f8:af:ec:f4:8c:6e:19:
         2a:a4:3a:fc:1b:bf:e4:34:e8:84:51:4c:a6:63:e0:5c:b2:14:
         48:2f:51:4c:c9:15:4c:75:fb:e7:12:c7:98:71:54:15:79:d6:
         24:00:0b:dd
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUencuYB61h73R8+NHLgN4s1dTTCkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMTAwMDA1N1oX
DTI1MTExNTIzNTk1OVowejFJMEcGA1UEBRNANThlM2ZhMGZiNGQ2NDI2MThhZmRh
MmI2MDFmZDZhZmFmYmY2YWRlZDA5OTliNGZiMGFjNzhlOGVkMmY0ZjYxMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjBQTtryW0I45n8s3cUt8Sinctzm
gdWmtwpqgnxkGqEPcBEdwmtr2WlAQ8n9zP2Z6MOiI7sL4bMswiZkfK7cy/meaLiD
BgIgRcMxGiQdizKZvZzJsqdas4PFv9zeRpWSdjJWrUaR52HydvNg80cpqhFmO75O
2JvIgi1BT3RIOXswu3FdzaYP60SXxWKnEosHkzzzII1RQhc9oVvzcqybOYBNhpmT
3L6gYgSls8nnfdJ1DfaX1JFBMFzkEWL3XS0ADSJA+/fHxzhX4VFLyqTkpiAAieK4
AtuYBfweHcSOEpHAW2RlDGBETRSoo6nQOy0URXuWtp6r/+raHqAeYoI9DwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAYNweWyoqW9/9+C7tSPiV3zRYluMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JmZmJmN2QzLWYyMjktNDU4YS04NDAwLTdkYzg0ODczMGQyMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba8sCAMA0GCSqGSIb3DQEBCwUAA4IBAQACTPn+KrXuYyFBdnXJ
nz3t4Px0kZ2b+kk0oSe1BUgD7LMVeMLOfxgJ/TepQZa5bCfPyQMtpoCgUwUSJ6R8
bF0sd+4Eud9U2wCIhyWJ4inhIInVG87mOQyCx+gCP2TRxO/bmwUt7SXHOTxADKlN
N1Xjd+6CigveVWFjmPNkblcPpzFR9kEVtrN+mmENgmK4g2DR/+Bh7FPIl6NDgmWw
+iYeaoyTi2gWByk6lk9cRtROcUOrC5d51gI/E+NcDjtKt0g0Q6G6+WsnpJDKTaoh
Xa5Urviv7PSMbhkqpDr8G7/kNOiEUUymY+BcshRIL1FMyRVMdfvnEseYcVQVedYk
AAvd
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:06:34 2025 by rpki-client