Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5a7061fa-5c37-4494-8c7f-d198ecf9a78a.roa
File:                     5a7061fa-5c37-4494-8c7f-d198ecf9a78a.roa (raw, json)
Hash identifier:          r99wBdhNMJ/ZR/ygkOGdVEjPFnKC2ktXj2V0bwmheII=
Subject key identifier:   A1:72:EE:EE:88:15:A4:78:A4:2D:BC:30:FF:7A:00:F3:54:8A:BA:B9
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       322A97A0162AF4CF81F5346B71931FB919D154ED
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5a7061fa-5c37-4494-8c7f-d198ecf9a78a.roa
Signing time:             Mon 21 Jul 2025 15:11:34 +0000
ROA not before:           Mon 21 Jul 2025 15:11:34 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:c800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:2a:97:a0:16:2a:f4:cf:81:f5:34:6b:71:93:1f:b9:19:d1:54:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 21 15:11:34 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=45ad5426182b1be35bff407597b0d476be2635223a4e4d41de69d52ccae06ff2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:83:45:49:d5:5b:c9:49:f4:31:0a:9d:9f:df:
                    a5:54:5d:5f:8f:1b:5c:e2:a3:bf:fb:f4:82:44:ec:
                    b9:73:7d:a4:99:b6:16:22:ce:aa:84:ca:49:b5:1c:
                    e5:bc:57:05:71:d0:99:12:7e:b5:12:68:14:fa:ae:
                    1f:88:96:98:80:cb:56:55:c7:10:61:20:90:fe:97:
                    22:88:2a:e0:ec:02:04:b7:31:cf:78:d8:f0:b1:0c:
                    d1:63:ef:79:bc:4f:c0:f1:96:57:b0:4f:15:7a:ba:
                    5a:9c:f6:96:62:78:22:dc:12:b4:69:db:b0:9c:d8:
                    a9:04:8e:0b:94:e8:6c:c6:69:39:0d:ec:66:bc:08:
                    84:bc:82:2f:5d:90:fb:ef:d5:65:98:72:36:ec:71:
                    34:60:62:2a:b2:fc:ad:60:d5:ca:6a:bf:61:1b:f7:
                    62:c1:a4:0c:e6:dc:56:9a:42:76:c9:c8:74:9a:77:
                    77:c6:6b:91:58:6f:be:75:3f:8f:7f:7f:80:b0:1a:
                    04:1b:ae:1a:a2:a3:fa:9b:da:35:70:81:ad:fc:b0:
                    e2:47:c3:ae:11:06:78:3a:b1:c4:d5:19:ef:5d:bc:
                    33:e1:de:5a:da:d3:26:3e:07:76:f5:07:9f:1e:34:
                    c7:00:83:91:b8:f2:34:86:16:3f:15:56:07:84:d6:
                    2f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:72:EE:EE:88:15:A4:78:A4:2D:BC:30:FF:7A:00:F3:54:8A:BA:B9
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5a7061fa-5c37-4494-8c7f-d198ecf9a78a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:0d:17:eb:06:6e:2a:8e:21:05:bb:e0:18:f6:bd:1b:18:d8:
         f4:01:14:c8:61:f7:88:0b:fc:81:2e:b8:fd:9f:a7:82:5c:c8:
         23:90:c9:0c:6a:02:1d:f9:39:e2:71:41:61:a8:ff:c5:e7:dd:
         f3:07:f7:be:5c:b8:5f:64:39:66:b3:3a:39:53:99:34:a8:ce:
         89:37:6d:ee:a6:89:a9:8e:21:12:cd:4a:61:28:11:bd:9d:84:
         09:c0:2b:b3:4d:ad:04:c3:59:38:58:c2:93:91:6a:38:46:00:
         89:e8:6b:ad:ed:78:fb:ef:47:5e:84:38:62:f4:83:f4:ba:ad:
         97:3a:d2:d0:37:92:c6:a8:bf:41:47:d8:5e:58:29:94:bb:03:
         63:71:cd:7d:cd:de:6d:3e:51:2f:94:9d:41:cc:fa:51:83:e1:
         bd:d5:65:6b:26:1e:e9:ed:27:7e:48:7f:c2:5e:2b:a8:0b:71:
         e7:1c:af:e5:f0:79:f7:35:59:b6:47:46:db:7c:37:b6:66:85:
         fc:24:84:71:14:1b:f2:1c:66:3e:7e:e9:47:04:b6:e9:09:a7:
         81:83:91:80:77:7b:25:09:f6:4c:3d:54:8b:d5:a3:e2:8c:24:
         58:35:0a:bf:b2:25:d2:8b:3e:16:e1:57:9d:f7:7d:04:86:bb:
         03:75:16:fb
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMiqXoBYq9M+B9TRrcZMfuRnRVO0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDcyMTE1MTEzNFoX
DTI1MDgyNTIzNTk1OVowejFJMEcGA1UEBRNANDVhZDU0MjYxODJiMWJlMzViZmY0
MDc1OTdiMGQ0NzZiZTI2MzUyMjNhNGU0ZDQxZGU2OWQ1MmNjYWUwNmZmMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoNFSdVbyUn0MQqdn9+lVF1fjxtc
4qO/+/SCROy5c32kmbYWIs6qhMpJtRzlvFcFcdCZEn61EmgU+q4fiJaYgMtWVccQ
YSCQ/pciiCrg7AIEtzHPeNjwsQzRY+95vE/A8ZZXsE8VerpanPaWYngi3BK0aduw
nNipBI4LlOhsxmk5DexmvAiEvIIvXZD779VlmHI27HE0YGIqsvytYNXKar9hG/di
waQM5txWmkJ2ych0mnd3xmuRWG++dT+Pf3+AsBoEG64aoqP6m9o1cIGt/LDiR8Ou
EQZ4OrHE1RnvXbwz4d5a2tMmPgd29QefHjTHAIORuPI0hhY/FVYHhNYv0wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKFy7u6IFaR4pC28MP96APNUirq5MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzVhNzA2MWZhLTVjMzctNDQ5NC04YzdmLWQxOThlY2Y5YTc4YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaMgwDQYJKoZIhvcNAQELBQADggEBAHwNF+sGbiqOIQW74Bj2
vRsY2PQBFMhh94gL/IEuuP2fp4JcyCOQyQxqAh35OeJxQWGo/8Xn3fMH975cuF9k
OWazOjlTmTSozok3be6miamOIRLNSmEoEb2dhAnAK7NNrQTDWThYwpORajhGAIno
a63tePvvR16EOGL0g/S6rZc60tA3ksaov0FH2F5YKZS7A2NxzX3N3m0+US+UnUHM
+lGD4b3VZWsmHuntJ35If8JeK6gLceccr+Xwefc1WbZHRtt8N7ZmhfwkhHEUG/Ic
Zj5+6UcEtukJp4GDkYB3eyUJ9kw9VIvVo+KMJFg1Cr+yJdKLPhbhV533fQSGuwN1
Fvs=
-----END CERTIFICATE-----
Generated at Tue Aug 5 17:28:52 2025 by rpki-client