Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d73c0a51-ab7b-4878-bdff-e08b6181edbd.roa
File:                     d73c0a51-ab7b-4878-bdff-e08b6181edbd.roa (raw, json)
Hash identifier:          R5lH66RAWxYaA03CXCos0QKqMBdEBK6FsFtLAaM6+oM=
Subject key identifier:   06:22:8A:36:E4:B0:E8:AB:A1:D3:F9:4B:45:D8:8D:FD:03:9B:05:57
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       302C62AEA25524B738E54325AB3CD1F5CF4D0A0D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d73c0a51-ab7b-4878-bdff-e08b6181edbd.roa
Signing time:             Sat 02 Aug 2025 00:00:47 +0000
ROA not before:           Sat 02 Aug 2025 00:00:47 +0000
ROA not after:            Sat 06 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da20::/28 maxlen: 28
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:2c:62:ae:a2:55:24:b7:38:e5:43:25:ab:3c:d1:f5:cf:4d:0a:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Aug  2 00:00:47 2025 GMT
            Not After : Sep  6 23:59:59 2025 GMT
        Subject: serialNumber=6562e9a3ed55bd7bc284a69c9deda75cd859f359a38c7630f1216fa06f91eac4, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a4:b6:64:f2:26:15:d2:90:e8:22:a5:10:06:
                    99:76:4a:5d:7b:6f:5e:b0:3d:e6:be:41:ff:20:31:
                    34:ef:0f:c4:ba:61:bc:f2:01:6b:ef:ec:86:db:33:
                    d3:f8:88:4c:1a:66:6c:a0:08:b5:35:08:cc:21:77:
                    92:6b:4a:c6:30:9a:df:d9:e6:17:6f:b3:62:5c:f4:
                    86:92:74:fc:62:6a:f8:e9:80:4b:96:ac:91:f4:6e:
                    c1:a5:4a:97:d8:32:06:fd:b7:48:8e:57:e2:e5:23:
                    8e:d2:c5:51:8f:04:38:06:25:db:03:c9:da:b7:8a:
                    ee:fe:eb:68:0d:15:93:fe:c9:f5:48:9f:a1:c8:67:
                    89:b6:0d:9a:96:ff:45:e6:04:9a:04:94:bc:31:f5:
                    cb:f5:44:ab:ed:4c:1b:c4:0e:ac:75:5f:69:9a:2d:
                    b2:1f:0e:7b:ed:e6:cf:36:7d:a7:1e:40:24:07:31:
                    02:23:c1:b4:cd:a2:4f:76:3e:6a:42:c2:74:4e:89:
                    6a:4f:31:0c:e3:9d:1c:7d:f3:e2:d2:94:22:14:f0:
                    dc:dd:3c:4e:ad:4d:ea:ef:f4:ee:1c:a1:f0:7e:cc:
                    09:2a:62:ab:c8:01:5d:04:42:22:e4:4f:6f:cd:86:
                    b1:a8:ac:31:0b:09:86:2a:80:4b:f1:b2:2c:af:e5:
                    8e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:22:8A:36:E4:B0:E8:AB:A1:D3:F9:4B:45:D8:8D:FD:03:9B:05:57
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d73c0a51-ab7b-4878-bdff-e08b6181edbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da20::/28

    Signature Algorithm: sha256WithRSAEncryption
         5e:26:17:ac:ae:ec:03:92:cf:07:c6:5d:45:ad:15:e1:31:0b:
         3c:98:29:78:89:8c:6c:41:9d:de:38:29:ff:be:0f:eb:1a:29:
         9f:89:48:2e:bc:c2:dd:64:57:a0:da:1f:a5:2e:d4:d9:79:02:
         cd:df:10:58:26:04:c7:75:f5:40:54:49:cf:6b:3a:0f:9d:66:
         fc:a2:a3:22:df:84:b4:ec:53:c8:ba:28:af:ff:32:a3:40:76:
         bd:c5:8f:70:db:bb:a6:b5:4d:a4:73:47:a1:53:e4:44:3f:a1:
         a0:a0:c2:f3:55:df:fd:71:65:ca:4f:04:ac:38:f7:7d:94:ff:
         9a:d8:fb:7c:04:86:d6:33:aa:1a:dd:23:62:c6:52:d7:49:d1:
         7e:72:5b:62:ca:f4:d5:f3:74:bd:d1:4f:3e:f2:30:41:da:6b:
         99:8f:7f:9f:7b:79:89:2b:19:fd:ad:eb:7b:29:6f:ca:d1:6d:
         cc:fc:8b:d8:f3:aa:a2:d7:f3:32:09:44:05:c5:07:36:f5:b6:
         87:41:ee:13:79:8c:14:48:16:ce:ca:1f:fb:d2:ae:be:2f:e7:
         bc:cb:07:9c:ed:97:bf:36:e3:29:42:cd:4a:1c:13:6d:c3:f0:
         61:8b:28:16:2d:e9:8b:66:f1:49:5b:ed:6c:a9:ff:94:6f:c6:
         0c:92:2b:46
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUMCxirqJVJLc45UMlqzzR9c9NCg0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDgwMjAwMDA0N1oX
DTI1MDkwNjIzNTk1OVowejFJMEcGA1UEBRNANjU2MmU5YTNlZDU1YmQ3YmMyODRh
NjljOWRlZGE3NWNkODU5ZjM1OWEzOGM3NjMwZjEyMTZmYTA2ZjkxZWFjNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6S2ZPImFdKQ6CKlEAaZdkpde29e
sD3mvkH/IDE07w/EumG88gFr7+yG2zPT+IhMGmZsoAi1NQjMIXeSa0rGMJrf2eYX
b7NiXPSGknT8Ymr46YBLlqyR9G7BpUqX2DIG/bdIjlfi5SOO0sVRjwQ4BiXbA8na
t4ru/utoDRWT/sn1SJ+hyGeJtg2alv9F5gSaBJS8MfXL9USr7UwbxA6sdV9pmi2y
Hw577ebPNn2nHkAkBzECI8G0zaJPdj5qQsJ0TolqTzEM450cffPi0pQiFPDc3TxO
rU3q7/TuHKHwfswJKmKryAFdBEIi5E9vzYaxqKwxCwmGKoBL8bIsr+WObwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAYiijbksOirodP5S0XYjf0DmwVXMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q3M2MwYTUxLWFiN2ItNDg3OC1iZGZmLWUwOGI2MTgxZWRiZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUEJAbaIDANBgkqhkiG9w0BAQsFAAOCAQEAXiYXrK7sA5LPB8ZdRa0V
4TELPJgpeImMbEGd3jgp/74P6xopn4lILrzC3WRXoNofpS7U2XkCzd8QWCYEx3X1
QFRJz2s6D51m/KKjIt+EtOxTyLoor/8yo0B2vcWPcNu7prVNpHNHoVPkRD+hoKDC
81Xf/XFlyk8ErDj3fZT/mtj7fASG1jOqGt0jYsZS10nRfnJbYsr01fN0vdFPPvIw
QdprmY9/n3t5iSsZ/a3reylvytFtzPyL2POqotfzMglEBcUHNvW2h0HuE3mMFEgW
zsof+9Kuvi/nvMsHnO2XvzbjKULNShwTbcPwYYsoFi3pi2bxSVvtbKn/lG/GDJIr
Rg==
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:26:18 2025 by rpki-client