Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/faf03c26-86cc-4b80-a160-2861ff66c03b.roa
File:                     faf03c26-86cc-4b80-a160-2861ff66c03b.roa (raw, json)
Hash identifier:          a1F8JKn/GJZFxgrO1f5imz3qngQRf4eUf3VZ+EiISZo=
Subject key identifier:   4A:64:EB:9F:E9:82:C3:6A:AB:6E:68:EE:16:08:CB:DA:9B:F9:75:75
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2F9A67F9C7807EA00B063936AC20C6E10489E34D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/faf03c26-86cc-4b80-a160-2861ff66c03b.roa
Signing time:             Sat 11 Oct 2025 00:00:37 +0000
ROA not before:           Sat 11 Oct 2025 00:00:37 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:c0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:9a:67:f9:c7:80:7e:a0:0b:06:39:36:ac:20:c6:e1:04:89:e3:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 11 00:00:37 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=c83364bc89425632440de3d4fadfbd302200246d1cfbf93a88239ecad3471844, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:61:3e:2e:b4:63:4c:de:26:0a:a4:06:c0:a6:
                    d0:f2:56:e7:39:7a:25:e3:84:72:da:89:69:90:ca:
                    5a:d8:dd:30:f5:03:5b:ca:b1:8f:e9:85:8a:25:e7:
                    34:98:f5:7a:05:54:3d:52:1a:fb:6d:73:41:c8:73:
                    ae:31:8b:bc:89:a6:81:a6:f5:58:e8:7c:fa:40:83:
                    2c:de:dc:c6:7e:15:c0:a7:36:c4:25:b4:92:ef:51:
                    69:7f:40:cd:64:32:8e:55:ff:6d:e3:44:24:71:c5:
                    1f:f7:b6:52:03:e6:45:1a:dd:87:2e:10:da:b0:cc:
                    b9:51:68:4e:e2:73:88:fa:26:00:40:01:c7:25:6d:
                    59:50:99:93:60:26:54:c9:c1:92:0e:a4:1d:dd:df:
                    8f:a8:e2:19:ec:ef:91:af:3b:dc:0b:7e:33:20:37:
                    9b:52:26:92:fb:8d:5d:d6:35:09:88:4e:4f:51:e3:
                    aa:54:d6:2c:6b:f3:6f:67:7b:96:98:ac:76:2c:32:
                    20:45:f4:4f:0b:88:3c:6b:8f:0b:d6:3e:88:f6:31:
                    c6:9d:4b:25:e3:73:88:cd:7a:03:a4:e8:b0:c7:80:
                    da:16:d4:8c:b2:ac:b1:3c:e1:24:6e:1f:7e:f4:14:
                    4d:2c:e8:94:e7:e4:43:84:2c:db:24:47:c6:8e:c7:
                    11:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:64:EB:9F:E9:82:C3:6A:AB:6E:68:EE:16:08:CB:DA:9B:F9:75:75
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/faf03c26-86cc-4b80-a160-2861ff66c03b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:c0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:74:63:3a:12:f6:7c:1c:3b:e1:65:51:0e:5f:d3:fd:d9:8d:
         b4:7a:bc:98:99:fc:41:ab:e2:23:49:a5:04:68:8c:72:ae:20:
         df:bd:7b:ca:a9:a8:1c:af:d3:e1:6b:71:33:ac:df:48:a7:14:
         da:8b:72:92:3d:d1:84:54:5e:3d:2c:24:c7:73:c4:43:17:59:
         85:03:41:c1:17:0c:02:1f:6a:fd:07:bf:74:26:14:8b:12:36:
         9e:8e:74:2b:87:5d:b7:97:1c:64:d5:6d:8d:4b:4d:59:f3:a3:
         3e:3c:93:f7:7c:2f:2a:ed:b2:cf:78:c4:f6:14:f1:2b:f5:ce:
         45:3a:1e:9f:63:67:43:0d:d0:be:c2:0c:0b:dd:b2:60:34:fa:
         7f:66:ce:0b:52:2f:59:f2:d6:af:0c:ce:be:b0:24:5a:b2:9f:
         c5:e9:1c:25:12:95:5a:0d:f3:a6:e5:9c:d7:e3:83:ea:8c:79:
         6e:b6:68:61:12:d3:47:77:2a:d3:6d:09:8b:15:4b:10:cc:c8:
         bd:66:f7:9b:9b:2a:89:99:69:1c:5e:76:10:7a:76:dc:e7:12:
         e9:10:73:c4:de:52:51:e9:2b:e8:92:b6:a2:65:69:f7:82:ac:
         3e:41:a9:4f:9c:b5:e2:33:b1:95:27:41:7e:c1:59:74:1c:19:
         06:43:c0:ba
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUL5pn+ceAfqALBjk2rCDG4QSJ400wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTAxMTAwMDAzN1oX
DTI1MTExNTIzNTk1OVowejFJMEcGA1UEBRNAYzgzMzY0YmM4OTQyNTYzMjQ0MGRl
M2Q0ZmFkZmJkMzAyMjAwMjQ2ZDFjZmJmOTNhODgyMzllY2FkMzQ3MTg0NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymE+LrRjTN4mCqQGwKbQ8lbnOXol
44Ry2olpkMpa2N0w9QNbyrGP6YWKJec0mPV6BVQ9Uhr7bXNByHOuMYu8iaaBpvVY
6Hz6QIMs3tzGfhXApzbEJbSS71Fpf0DNZDKOVf9t40QkccUf97ZSA+ZFGt2HLhDa
sMy5UWhO4nOI+iYAQAHHJW1ZUJmTYCZUycGSDqQd3d+PqOIZ7O+RrzvcC34zIDeb
UiaS+41d1jUJiE5PUeOqVNYsa/NvZ3uWmKx2LDIgRfRPC4g8a48L1j6I9jHGnUsl
43OIzXoDpOiwx4DaFtSMsqyxPOEkbh9+9BRNLOiU5+RDhCzbJEfGjscREwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEpk65/pgsNqq25o7hYIy9qb+XV1MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZhZjAzYzI2LTg2Y2MtNGI4MC1hMTYwLTI4NjFmZjY2YzAzYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbaYcDAMA0GCSqGSIb3DQEBCwUAA4IBAQB1dGM6EvZ8HDvhZVEO
X9P92Y20eryYmfxBq+IjSaUEaIxyriDfvXvKqagcr9Pha3EzrN9IpxTai3KSPdGE
VF49LCTHc8RDF1mFA0HBFwwCH2r9B790JhSLEjaejnQrh123lxxk1W2NS01Z86M+
PJP3fC8q7bLPeMT2FPEr9c5FOh6fY2dDDdC+wgwL3bJgNPp/Zs4LUi9Z8tavDM6+
sCRasp/F6RwlEpVaDfOm5ZzX44PqjHlutmhhEtNHdyrTbQmLFUsQzMi9ZvebmyqJ
mWkcXnYQenbc5xLpEHPE3lJR6SvokraiZWn3gqw+QalPnLXiM7GVJ0F+wVl0HBkG
Q8C6
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:56:56 2025 by rpki-client