Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/da917d8a-5f87-4b60-9a74-a3a380e8de88.roa
File:                     da917d8a-5f87-4b60-9a74-a3a380e8de88.roa (raw, json)
Hash identifier:          63AS4a8WAx/bMv7yAI54H62v9gb9CQ7qnYPKsZoQKy8=
Subject key identifier:   BD:A9:4D:9D:6A:93:28:BD:97:C2:E0:85:1A:A5:8A:4B:1E:41:73:6A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2206A62F736619307B1271800CF30D030EC4AAD3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/da917d8a-5f87-4b60-9a74-a3a380e8de88.roa
Signing time:             Mon 13 Oct 2025 15:10:25 +0000
ROA not before:           Mon 13 Oct 2025 15:10:25 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:c020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:06:a6:2f:73:66:19:30:7b:12:71:80:0c:f3:0d:03:0e:c4:aa:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 13 15:10:25 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=e8462d9600818782239a672c5c2820a4297af02ead305ed9d9af6d4cca809bb0, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:54:b0:75:6b:89:47:37:51:07:ad:6a:4a:52:
                    4e:ac:14:bb:ee:a2:9b:7f:18:28:b3:99:54:90:d7:
                    f2:20:a1:8c:18:12:a6:6f:cf:9e:03:5d:c1:3d:24:
                    9b:3f:0d:38:c0:60:6e:72:00:d3:d6:4d:9d:65:73:
                    c4:4e:de:90:be:8c:78:32:69:57:09:e6:dd:00:fe:
                    44:54:d6:ee:11:d2:f1:e7:75:b1:10:c4:8a:ff:6b:
                    29:83:05:cc:46:3c:12:a0:85:fd:fe:4b:40:2d:47:
                    8e:b8:59:a7:f1:33:ac:1f:d3:1e:0c:d8:29:84:f0:
                    6c:c7:6d:b3:60:77:08:3c:9c:e0:4d:bf:9a:96:d5:
                    8c:c1:e3:0a:cf:a8:50:e1:fe:fd:f0:80:da:24:9d:
                    a8:ae:1d:54:95:f9:67:7c:cc:87:59:44:12:56:7d:
                    d1:1c:f0:84:fd:27:6b:02:f5:5e:ac:bd:d6:eb:19:
                    af:2a:9a:a0:c6:23:1e:8c:bb:c9:1c:21:2f:d0:57:
                    76:40:08:ee:c3:67:06:51:dd:e3:de:62:97:21:6f:
                    22:f1:66:7a:1f:15:85:af:4f:fa:d5:e8:80:8d:e9:
                    d4:72:39:8b:5f:39:40:47:9c:9f:7f:b0:40:8a:b9:
                    00:33:f2:5c:85:33:1b:98:85:22:68:8b:8d:1a:ad:
                    19:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A9:4D:9D:6A:93:28:BD:97:C2:E0:85:1A:A5:8A:4B:1E:41:73:6A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/da917d8a-5f87-4b60-9a74-a3a380e8de88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:c020::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:e9:0c:41:7b:46:a7:d7:b7:84:2a:c2:9c:99:52:b2:d2:d8:
         58:73:69:73:94:f2:c3:c2:be:24:ec:d9:be:70:c6:13:a5:fb:
         a6:cc:09:77:60:f1:56:1d:ea:4b:28:c8:a0:41:6c:4c:66:eb:
         cc:a9:50:74:a0:57:a9:b1:70:fe:52:d5:64:4e:6e:45:63:94:
         be:5c:b5:cd:ce:9f:00:af:84:d0:c1:f0:03:cc:c5:ce:a2:cb:
         07:be:7b:a4:52:1e:96:a7:fa:4f:1c:f7:14:1a:0f:e7:31:f4:
         bf:0c:db:53:3f:f9:e8:36:ca:26:37:87:82:68:3b:10:1f:85:
         d0:40:d7:d3:2c:24:08:7d:a5:3d:ec:75:41:bf:cf:b9:8d:b8:
         1b:1c:68:71:57:e7:72:63:17:bf:e3:cb:8c:36:ee:32:ab:9d:
         13:2e:84:67:d0:ad:35:a0:75:8a:2e:03:6c:4d:46:17:2c:b3:
         26:15:19:73:13:f4:76:f2:fd:26:4d:a2:9f:8d:24:37:19:bd:
         5e:c8:ad:88:b6:b5:e5:ee:e9:be:37:30:96:c1:67:92:be:d9:
         0c:e8:14:10:ec:55:12:84:11:be:c2:a2:7b:47:88:f9:e3:bd:
         10:10:b0:84:83:fe:80:71:31:9a:53:54:14:11:85:56:d5:a0:
         ca:b2:31:4d
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUIgamL3NmGTB7EnGADPMNAw7EqtMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMzE1MTAyNVoX
DTI1MTExNzIzNTk1OVowejFJMEcGA1UEBRNAZTg0NjJkOTYwMDgxODc4MjIzOWE2
NzJjNWMyODIwYTQyOTdhZjAyZWFkMzA1ZWQ5ZDlhZjZkNGNjYTgwOWJiMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllSwdWuJRzdRB61qSlJOrBS77qKb
fxgos5lUkNfyIKGMGBKmb8+eA13BPSSbPw04wGBucgDT1k2dZXPETt6Qvox4MmlX
CebdAP5EVNbuEdLx53WxEMSK/2spgwXMRjwSoIX9/ktALUeOuFmn8TOsH9MeDNgp
hPBsx22zYHcIPJzgTb+altWMweMKz6hQ4f798IDaJJ2orh1UlflnfMyHWUQSVn3R
HPCE/SdrAvVerL3W6xmvKpqgxiMejLvJHCEv0Fd2QAjuw2cGUd3j3mKXIW8i8WZ6
HxWFr0/61eiAjenUcjmLXzlAR5yff7BAirkAM/JchTMbmIUiaIuNGq0ZiQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFL2pTZ1qkyi9l8LghRqlikseQXNqMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RhOTE3ZDhhLTVmODctNGI2MC05YTc0LWEzYTM4MGU4ZGU4OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba/8AgMA0GCSqGSIb3DQEBCwUAA4IBAQA56QxBe0an17eEKsKc
mVKy0thYc2lzlPLDwr4k7Nm+cMYTpfumzAl3YPFWHepLKMigQWxMZuvMqVB0oFep
sXD+UtVkTm5FY5S+XLXNzp8Ar4TQwfADzMXOossHvnukUh6Wp/pPHPcUGg/nMfS/
DNtTP/noNsomN4eCaDsQH4XQQNfTLCQIfaU97HVBv8+5jbgbHGhxV+dyYxe/48uM
Nu4yq50TLoRn0K01oHWKLgNsTUYXLLMmFRlzE/R28v0mTaKfjSQ3Gb1eyK2ItrXl
7um+NzCWwWeSvtkM6BQQ7FUShBG+wqJ7R4j5470QELCEg/6AcTGaU1QUEYVW1aDK
sjFN
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:29:06 2025 by rpki-client