Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/524c65cc-d022-4b07-863e-495ad7b730c6.roa
File:                     524c65cc-d022-4b07-863e-495ad7b730c6.roa (raw, json)
Hash identifier:          r/lnUKsTdf+Nv9hMuI6Uy3S5gs8HLZDAJrcxu43Hozs=
Subject key identifier:   AA:7C:88:2B:94:1F:67:5C:2E:CD:C6:E2:E6:43:F8:F3:B4:0E:2C:84
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       54695EF56FCB686EE4B5090FE138D8B33964860E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/524c65cc-d022-4b07-863e-495ad7b730c6.roa
Signing time:             Fri 01 Aug 2025 00:11:13 +0000
ROA not before:           Fri 01 Aug 2025 00:11:13 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:2800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:69:5e:f5:6f:cb:68:6e:e4:b5:09:0f:e1:38:d8:b3:39:64:86:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Aug  1 00:11:13 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=7d157baa26723aa770e05475dee812621c91256312d45e82b08126b865283096, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b9:23:fb:a3:55:e7:a6:03:d2:17:03:10:11:
                    a7:c1:fd:f6:a4:79:cc:17:39:15:55:3a:4b:58:ff:
                    4d:99:88:f1:88:65:89:c7:d5:58:64:a3:f6:8f:bb:
                    ef:45:06:e9:29:20:34:49:1b:29:18:34:a2:dc:30:
                    9d:81:7f:3d:f3:6e:65:65:d8:e2:67:73:cd:d4:15:
                    9a:6a:7d:9b:a2:25:9e:0c:0e:0d:61:01:94:0d:45:
                    d9:1a:ed:ab:f9:d0:81:70:ed:e2:f6:5b:3f:69:68:
                    3a:b7:ed:78:61:d3:1b:b5:8f:48:bf:3e:d8:63:09:
                    02:04:a0:8e:08:51:6a:64:e5:52:a9:11:61:52:3d:
                    05:b5:8d:fb:f9:09:ac:09:3d:c9:35:4d:81:46:5d:
                    ab:b9:8e:6c:5d:e6:c5:4f:27:83:5a:8e:52:08:01:
                    77:16:fc:b8:61:e2:de:0d:c5:71:b1:20:d1:02:ae:
                    a4:2a:88:2a:aa:e5:e6:87:1e:f7:fc:6b:0b:28:5f:
                    84:ee:02:97:88:3a:30:40:cd:43:6d:5a:35:43:e2:
                    bf:3d:aa:ed:2c:d4:6d:d2:db:23:c2:5b:10:7a:70:
                    a8:c4:da:12:1d:85:b0:93:b4:68:3d:25:7c:10:59:
                    07:81:70:9c:59:dc:ac:64:19:64:78:f6:7d:04:57:
                    e1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7C:88:2B:94:1F:67:5C:2E:CD:C6:E2:E6:43:F8:F3:B4:0E:2C:84
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/524c65cc-d022-4b07-863e-495ad7b730c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:0c:83:c0:d8:e8:75:ed:25:1f:d4:16:bb:7b:78:a9:e2:f3:
         39:f1:ff:4d:e7:93:99:2e:6b:62:6d:bb:37:81:a7:52:39:13:
         42:1a:a5:73:49:76:6c:10:85:9a:31:aa:1a:73:b1:ae:06:b2:
         d9:d4:83:4b:ef:56:16:1a:5e:54:48:4e:1e:98:d4:3f:63:b5:
         af:65:bb:61:c2:62:e1:79:22:f1:c4:3e:da:a8:be:c5:34:eb:
         48:46:85:92:27:ff:0a:5e:82:ef:83:47:30:28:e7:58:0d:a6:
         6a:d8:a2:8c:2b:02:d6:0f:3b:37:e4:45:6f:5b:db:63:3c:cc:
         4f:6a:97:f2:f4:7c:ab:7b:e4:4b:6b:6a:5f:b4:21:da:46:3b:
         bc:82:d1:59:1a:9e:26:c2:b3:a4:f5:65:aa:3f:7d:a2:6a:ed:
         d8:4b:a7:cb:f0:62:68:93:73:94:cf:05:c7:09:ad:6f:18:e3:
         cd:5e:67:b8:2c:ed:2b:2d:63:43:db:45:48:57:fb:21:52:4f:
         2b:de:ac:a0:1f:a9:12:de:b8:46:1f:c8:90:b1:e4:b8:69:29:
         14:d4:ff:18:02:3d:4c:1d:c7:f0:34:d1:40:ba:b4:2a:12:5b:
         6c:79:e1:fe:7d:bd:f6:22:30:d4:be:36:7f:f3:37:a0:d5:ce:
         8e:99:c6:8e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUVGle9W/LaG7ktQkP4TjYszlkhg4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDgwMTAwMTExM1oX
DTI1MDkwNTIzNTk1OVowejFJMEcGA1UEBRNAN2QxNTdiYWEyNjcyM2FhNzcwZTA1
NDc1ZGVlODEyNjIxYzkxMjU2MzEyZDQ1ZTgyYjA4MTI2Yjg2NTI4MzA5NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubkj+6NV56YD0hcDEBGnwf32pHnM
FzkVVTpLWP9NmYjxiGWJx9VYZKP2j7vvRQbpKSA0SRspGDSi3DCdgX89825lZdji
Z3PN1BWaan2boiWeDA4NYQGUDUXZGu2r+dCBcO3i9ls/aWg6t+14YdMbtY9Ivz7Y
YwkCBKCOCFFqZOVSqRFhUj0FtY37+QmsCT3JNU2BRl2ruY5sXebFTyeDWo5SCAF3
Fvy4YeLeDcVxsSDRAq6kKogqquXmhx73/GsLKF+E7gKXiDowQM1DbVo1Q+K/Part
LNRt0tsjwlsQenCoxNoSHYWwk7RoPSV8EFkHgXCcWdysZBlkePZ9BFfhgwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKp8iCuUH2dcLs3G4uZD+PO0DiyEMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzUyNGM2NWNjLWQwMjItNGIwNy04NjNlLTQ5NWFkN2I3MzBjNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaCgwDQYJKoZIhvcNAQELBQADggEBAHUMg8DY6HXtJR/UFrt7
eKni8znx/03nk5kua2JtuzeBp1I5E0IapXNJdmwQhZoxqhpzsa4GstnUg0vvVhYa
XlRITh6Y1D9jta9lu2HCYuF5IvHEPtqovsU060hGhZIn/wpegu+DRzAo51gNpmrY
oowrAtYPOzfkRW9b22M8zE9ql/L0fKt75Etral+0IdpGO7yC0VkanibCs6T1Zao/
faJq7dhLp8vwYmiTc5TPBccJrW8Y481eZ7gs7SstY0PbRUhX+yFSTyverKAfqRLe
uEYfyJCx5LhpKRTU/xgCPUwdx/A00UC6tCoSW2x54f59vfYiMNS+Nn/zN6DVzo6Z
xo4=
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:07:42 2025 by rpki-client