Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0455dd06-6363-446d-beab-2728280200d6.roa
File:                     0455dd06-6363-446d-beab-2728280200d6.roa (raw, json)
Hash identifier:          mwajbLw8kDOxJvflzx9pBSF9cYPNVo+gaYTYiaTmm+o=
Subject key identifier:   7F:F6:18:08:F0:01:BC:7A:E8:34:11:D3:7B:B6:22:30:E8:C8:B1:D5
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3AD6196661EE68FC7228AB0526836854CCDB4BCB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0455dd06-6363-446d-beab-2728280200d6.roa
Signing time:             Mon 21 Jul 2025 15:11:27 +0000
ROA not before:           Mon 21 Jul 2025 15:11:27 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf3:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Aug 2025 00:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:d6:19:66:61:ee:68:fc:72:28:ab:05:26:83:68:54:cc:db:4b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 21 15:11:27 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=3ba53476e8a30199bac187b0b2df9afa8b6c84d3ecdf2c8b19866e3c66e2222b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:14:d2:ff:14:fe:9d:f9:9e:11:cc:86:45:86:
                    d2:b9:93:47:75:f2:8d:53:4b:c7:a3:de:52:57:ec:
                    ee:5f:0f:c5:da:fc:ff:68:db:93:07:a8:05:ce:a2:
                    7b:b4:36:02:43:3c:20:a7:43:d8:52:b8:f9:a2:f0:
                    ca:bb:21:d7:d1:ec:17:d3:18:b2:5d:9f:8d:34:4a:
                    fe:75:44:af:7d:a7:a5:a3:bd:1e:46:f1:5a:df:cc:
                    36:2e:e2:64:3d:c7:36:45:ba:27:14:0d:78:cb:40:
                    f4:d4:13:58:c7:e6:60:d0:17:87:79:54:37:c9:ea:
                    ce:ac:6d:33:4a:98:8b:09:e9:af:dd:22:de:70:42:
                    49:af:03:a3:99:9c:52:b7:88:67:8d:29:f4:48:36:
                    0a:f6:f9:5b:6e:58:07:72:9f:22:9b:38:c1:6a:f1:
                    14:6a:e4:05:20:e1:27:e5:45:8f:e8:bc:47:b7:89:
                    84:e7:64:7e:18:0e:f1:e8:eb:70:90:e9:cc:2a:a9:
                    a3:57:20:9b:61:01:f0:49:21:cc:39:7c:4d:42:ea:
                    ea:8a:71:6f:60:7f:c9:00:d4:42:1f:9a:f8:a3:b3:
                    a9:df:47:e2:a6:22:c2:2a:23:53:26:93:de:74:0d:
                    65:10:0d:0a:9c:bb:e1:0b:ba:6a:54:cb:c0:2e:e8:
                    6b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F6:18:08:F0:01:BC:7A:E8:34:11:D3:7B:B6:22:30:E8:C8:B1:D5
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0455dd06-6363-446d-beab-2728280200d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf3:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:71:55:9e:3e:a0:b0:e8:08:24:f7:de:4b:f8:bb:6d:fd:48:
         b0:cc:7f:86:1b:a8:03:ae:43:73:1f:ca:0d:51:24:f1:1a:6f:
         b7:41:18:e9:54:9a:c3:a6:2c:b0:1f:57:e0:54:d9:33:32:c7:
         20:56:db:b7:07:6a:03:4e:13:95:fe:ea:d7:59:14:12:7c:9c:
         29:98:19:f6:89:76:c3:42:54:61:5a:01:0a:4e:e7:15:33:83:
         41:c3:fa:7c:da:10:a6:53:78:d0:01:37:21:52:d9:6d:9b:f2:
         7c:7c:57:29:71:61:31:78:23:c7:9e:ee:f4:d2:69:a1:e4:2a:
         e4:de:e5:7c:9a:80:97:6d:1a:bc:18:1c:22:3e:f6:74:34:ef:
         a9:b7:d4:70:a6:ab:28:0c:aa:52:18:87:33:df:e0:3c:4a:ab:
         4d:52:8e:6f:0e:b0:7b:57:fa:2b:88:76:20:04:da:09:a2:cc:
         a6:db:3d:23:1c:ba:54:73:fb:28:fb:51:bd:98:5a:88:68:82:
         1f:04:0e:1d:b0:8f:87:23:d3:6d:50:82:ab:7f:8e:33:89:1f:
         b1:3f:bd:d9:1d:d5:6a:ce:8e:9f:84:50:d8:6c:95:ac:52:90:
         61:76:8d:30:dc:3e:ef:cf:f6:a4:9d:30:a0:7c:31:72:76:19:
         6a:fe:a3:d7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUOtYZZmHuaPxyKKsFJoNoVMzbS8swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyMTE1MTEyN1oX
DTI1MDgyNTIzNTk1OVowejFJMEcGA1UEBRNAM2JhNTM0NzZlOGEzMDE5OWJhYzE4
N2IwYjJkZjlhZmE4YjZjODRkM2VjZGYyYzhiMTk4NjZlM2M2NmUyMjIyYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBTS/xT+nfmeEcyGRYbSuZNHdfKN
U0vHo95SV+zuXw/F2vz/aNuTB6gFzqJ7tDYCQzwgp0PYUrj5ovDKuyHX0ewX0xiy
XZ+NNEr+dUSvfaelo70eRvFa38w2LuJkPcc2RbonFA14y0D01BNYx+Zg0BeHeVQ3
yerOrG0zSpiLCemv3SLecEJJrwOjmZxSt4hnjSn0SDYK9vlbblgHcp8imzjBavEU
auQFIOEn5UWP6LxHt4mE52R+GA7x6OtwkOnMKqmjVyCbYQHwSSHMOXxNQurqinFv
YH/JANRCH5r4o7Op30fipiLCKiNTJpPedA1lEA0KnLvhC7pqVMvALuhrWQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFH/2GAjwAbx66DQR03u2IjDoyLHVMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA0NTVkZDA2LTYzNjMtNDQ2ZC1iZWFiLTI3MjgyODAyMDBkNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8+AwDQYJKoZIhvcNAQELBQADggEBABpxVZ4+oLDoCCT33kv4
u239SLDMf4YbqAOuQ3Mfyg1RJPEab7dBGOlUmsOmLLAfV+BU2TMyxyBW27cHagNO
E5X+6tdZFBJ8nCmYGfaJdsNCVGFaAQpO5xUzg0HD+nzaEKZTeNABNyFS2W2b8nx8
VylxYTF4I8ee7vTSaaHkKuTe5XyagJdtGrwYHCI+9nQ076m31HCmqygMqlIYhzPf
4DxKq01Sjm8OsHtX+iuIdiAE2gmizKbbPSMculRz+yj7Ub2YWohogh8EDh2wj4cj
021Qgqt/jjOJH7E/vdkd1WrOjp+EUNhslaxSkGF2jTDcPu/P9qSdMKB8MXJ2GWr+
o9c=
-----END CERTIFICATE-----
Generated at Wed Aug 6 13:06:02 2025 by rpki-client