Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f308a076-0e58-4b45-b7b0-474f5484be2e.roa
File:                     f308a076-0e58-4b45-b7b0-474f5484be2e.roa (raw, json)
Hash identifier:          5s0oQp5SUuixZBHgyMwHkibuCwQt2qxOE3o5MsMbCx4=
Subject key identifier:   F7:46:C3:88:C7:8A:19:4E:1D:C5:E0:59:E0:FF:DA:C3:EB:C4:DA:D2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6FF68F1F78244EFE20914B9097AF6B06611EF525
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f308a076-0e58-4b45-b7b0-474f5484be2e.roa
Signing time:             Tue 14 Oct 2025 00:00:12 +0000
ROA not before:           Tue 14 Oct 2025 00:00:12 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daec:1000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:f6:8f:1f:78:24:4e:fe:20:91:4b:90:97:af:6b:06:61:1e:f5:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 14 00:00:12 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=9c2b6154a82078e541bb497c7ae048b0b91ea51c687d92d5fb46a6544f4bd536, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:f0:ca:15:51:f9:44:db:7f:ce:6c:3b:8d:2a:
                    b9:b1:ad:59:a6:57:9c:8d:dd:c5:b1:73:b1:38:ab:
                    a2:63:39:fa:7b:94:f3:2f:83:61:fd:df:e6:7c:5a:
                    b6:bb:a4:66:b2:1d:f7:8a:00:93:54:05:98:57:65:
                    fd:6a:de:1a:e3:04:bc:9d:06:69:55:c3:94:2b:f0:
                    43:ed:2e:49:f7:9d:51:1e:d1:fc:24:24:ae:48:50:
                    91:8f:21:e5:96:9c:a8:8f:b0:09:1b:00:40:eb:9d:
                    9a:85:5d:cc:2a:e4:fe:00:bc:37:2d:6b:b2:13:2f:
                    06:ad:07:43:57:41:81:c7:3b:5e:7a:27:de:a9:f7:
                    da:46:a3:a5:f6:b8:fe:d9:79:26:cf:35:f7:90:b4:
                    90:69:59:10:b1:5a:9a:af:2d:83:eb:ac:a3:58:11:
                    e7:a5:b7:08:70:c4:88:ea:71:8a:77:a6:15:e7:32:
                    82:d4:e1:b4:c7:6f:a6:7f:44:a9:b8:85:34:36:b0:
                    67:62:28:06:e8:60:0b:f3:02:df:0f:96:cb:c5:1f:
                    3c:62:d5:d0:3c:4c:8e:f2:b0:65:dc:37:a9:46:6f:
                    b3:33:a9:bb:69:40:1d:c2:4c:e0:b0:73:dd:79:0d:
                    12:61:5e:b1:c6:da:a6:3b:5f:c7:a0:ae:d1:e6:78:
                    fd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:46:C3:88:C7:8A:19:4E:1D:C5:E0:59:E0:FF:DA:C3:EB:C4:DA:D2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f308a076-0e58-4b45-b7b0-474f5484be2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daec:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:52:14:9f:0d:70:68:77:18:ed:05:51:18:50:02:ca:a2:7f:
         cc:62:8f:af:c4:0e:3a:99:dd:45:b7:da:b0:30:5b:29:71:64:
         9c:76:40:65:e1:65:c3:a4:4f:0a:0c:4a:af:4e:06:bf:7d:d6:
         d2:7a:dc:44:6d:f8:e8:d5:ab:40:17:57:9f:d1:d0:0e:84:82:
         6a:0a:ff:c0:45:f7:21:9b:27:be:fa:47:01:25:1f:3c:67:ba:
         99:bd:c0:1f:b2:c3:f6:5c:c5:8c:10:c4:b4:a1:66:1b:db:25:
         ab:74:52:c0:e4:3d:9d:e3:fb:15:7d:e8:ae:d8:ff:18:af:6a:
         ed:b5:70:3f:58:28:98:d0:93:f3:49:d0:ba:d6:54:bc:30:73:
         b1:a0:17:df:1f:8e:d6:09:b2:5f:a5:3f:ca:a5:86:77:d1:b5:
         38:36:04:77:00:87:a6:89:65:19:01:f7:66:9d:81:19:5c:0e:
         d3:3f:98:ee:cd:1a:47:34:f4:9b:2d:7d:ff:9c:c4:b7:bb:8e:
         8e:77:68:4c:ae:6c:fe:30:0f:e2:4e:5d:3a:45:30:d9:64:b6:
         4d:f1:9a:69:32:ad:6f:b5:a3:dc:cc:c6:10:8d:77:3e:c0:c4:
         49:4c:c5:31:6a:fe:84:3f:18:eb:3e:48:2d:54:3f:09:3e:07:
         9b:3d:8e:53
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUb/aPH3gkTv4gkUuQl69rBmEe9SUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxNDAwMDAxMloX
DTI1MTExODIzNTk1OVowejFJMEcGA1UEBRNAOWMyYjYxNTRhODIwNzhlNTQxYmI0
OTdjN2FlMDQ4YjBiOTFlYTUxYzY4N2Q5MmQ1ZmI0NmE2NTQ0ZjRiZDUzNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5vDKFVH5RNt/zmw7jSq5sa1Zplec
jd3FsXOxOKuiYzn6e5TzL4Nh/d/mfFq2u6Rmsh33igCTVAWYV2X9at4a4wS8nQZp
VcOUK/BD7S5J951RHtH8JCSuSFCRjyHllpyoj7AJGwBA652ahV3MKuT+ALw3LWuy
Ey8GrQdDV0GBxzteeifeqffaRqOl9rj+2XkmzzX3kLSQaVkQsVqary2D66yjWBHn
pbcIcMSI6nGKd6YV5zKC1OG0x2+mf0SpuIU0NrBnYigG6GAL8wLfD5bLxR88YtXQ
PEyO8rBl3DepRm+zM6m7aUAdwkzgsHPdeQ0SYV6xxtqmO1/HoK7R5nj9/wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPdGw4jHihlOHcXgWeD/2sPrxNrSMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2YzMDhhMDc2LTBlNTgtNGI0NS1iN2IwLTQ3NGY1NDg0YmUyZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba7BAAMA0GCSqGSIb3DQEBCwUAA4IBAQCmUhSfDXBodxjtBVEY
UALKon/MYo+vxA46md1Ft9qwMFspcWScdkBl4WXDpE8KDEqvTga/fdbSetxEbfjo
1atAF1ef0dAOhIJqCv/ARfchmye++kcBJR88Z7qZvcAfssP2XMWMEMS0oWYb2yWr
dFLA5D2d4/sVfeiu2P8Yr2rttXA/WCiY0JPzSdC61lS8MHOxoBffH47WCbJfpT/K
pYZ30bU4NgR3AIemiWUZAfdmnYEZXA7TP5juzRpHNPSbLX3/nMS3u46Od2hMrmz+
MA/iTl06RTDZZLZN8ZppMq1vtaPczMYQjXc+wMRJTMUxav6EPxjrPkgtVD8JPgeb
PY5T
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:53:01 2025 by rpki-client