Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/edb40068-fd10-40a0-8d8f-84f481389d4b.roa
File:                     edb40068-fd10-40a0-8d8f-84f481389d4b.roa (raw, json)
Hash identifier:          Bonm7i8KnuUUTUoVm9MVigt8rwJpSI+ceFfxC5tOf4I=
Subject key identifier:   05:52:21:EE:94:63:D9:84:2A:99:52:97:7A:26:37:B7:61:3B:FF:96
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5B2E80719D25D07361A19E95592B95EC3E4B0FA4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/edb40068-fd10-40a0-8d8f-84f481389d4b.roa
Signing time:             Fri 01 Aug 2025 00:00:18 +0000
ROA not before:           Fri 01 Aug 2025 00:00:18 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:2e:80:71:9d:25:d0:73:61:a1:9e:95:59:2b:95:ec:3e:4b:0f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Aug  1 00:00:18 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=4925ea981d524bad4dbbcc89ad15d11df1e5eb44473cb052704d297d4a20667e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5d:f4:84:c2:58:72:f4:b7:8b:a6:2f:e8:c7:
                    46:66:fe:c8:08:db:22:9a:3d:f7:7b:d5:e3:4c:f6:
                    d9:c6:08:26:67:e5:36:51:5e:af:5d:f2:ea:8d:62:
                    ad:67:8a:ca:b6:58:56:25:c5:05:43:1c:d6:59:33:
                    20:5f:7e:fd:0c:f6:34:e3:51:f3:2e:55:38:21:83:
                    25:b7:19:3a:4c:75:27:68:b3:ab:d0:21:7d:35:00:
                    84:fb:46:fe:03:54:0d:c9:07:9a:e3:60:de:ac:a9:
                    f7:f2:9b:76:7d:9a:f8:d9:69:63:23:b0:0d:dc:9b:
                    4e:f9:28:1b:0d:3c:d8:74:e0:90:5c:ac:37:0c:d9:
                    ed:b0:53:07:48:31:a8:d0:92:12:f1:36:9d:34:4a:
                    55:d5:5f:14:34:6b:d6:5b:d3:48:90:7f:26:1e:59:
                    8e:8b:f6:96:d6:22:02:e5:3b:1c:c5:9b:71:47:3e:
                    68:e1:cc:ed:0d:54:45:dd:22:7c:50:92:3a:53:f1:
                    8a:e3:5d:79:ae:72:fa:78:cd:e2:f1:2e:da:0e:2d:
                    7f:7f:ba:3a:7e:06:bc:5c:27:1a:1e:67:03:99:00:
                    78:c6:6c:8a:ac:a6:19:3d:62:21:50:e6:79:0d:1d:
                    d6:44:d0:cf:09:97:e2:66:f2:38:5e:00:3a:78:2a:
                    42:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:52:21:EE:94:63:D9:84:2A:99:52:97:7A:26:37:B7:61:3B:FF:96
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/edb40068-fd10-40a0-8d8f-84f481389d4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c6:05:8c:05:3e:bf:23:7c:ce:4d:a4:5a:bb:7f:de:a8:eb:f3:
         2e:dd:9a:03:ca:99:dc:6a:46:1c:96:cc:31:ed:65:14:08:52:
         7d:34:79:c4:bc:1b:4c:b2:a3:f9:0c:72:a7:1d:f0:02:73:35:
         62:f3:bb:55:60:97:f9:0c:5a:1f:61:b3:26:c1:1c:67:73:96:
         ba:6f:30:ee:d3:e5:0d:e3:2a:ef:54:f0:e0:ce:44:a9:f9:54:
         17:e0:8d:51:2c:a2:6c:90:0b:3d:1e:e3:9b:17:4e:bf:46:14:
         29:55:90:05:bd:c5:eb:9a:d3:14:c6:48:4f:5a:c8:71:4c:f6:
         ed:76:62:85:cb:10:2b:17:9a:0b:0f:2a:c0:d1:cc:b1:06:d0:
         1d:3a:37:71:28:6b:bf:72:b8:23:af:90:be:c0:d2:fa:21:a7:
         cb:55:61:c4:86:e0:6c:75:1a:0c:25:cb:62:1f:27:70:ea:df:
         d5:00:81:d1:8f:ed:92:18:68:b9:8d:b2:bc:cb:e8:0b:13:1f:
         2c:4e:83:7d:b5:11:a5:b0:96:96:38:8a:63:04:15:08:c9:88:
         05:0a:f5:fb:17:d8:6f:b0:b8:8f:5e:63:08:37:d3:39:db:a5:
         5e:c6:53:41:8a:c3:70:e9:70:a3:ad:9e:15:0f:50:74:11:37:
         f2:87:9f:34
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUWy6AcZ0l0HNhoZ6VWSuV7D5LD6QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDgwMTAwMDAxOFoX
DTI1MDkwNTIzNTk1OVowejFJMEcGA1UEBRNANDkyNWVhOTgxZDUyNGJhZDRkYmJj
Yzg5YWQxNWQxMWRmMWU1ZWI0NDQ3M2NiMDUyNzA0ZDI5N2Q0YTIwNjY3ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAll30hMJYcvS3i6Yv6MdGZv7ICNsi
mj33e9XjTPbZxggmZ+U2UV6vXfLqjWKtZ4rKtlhWJcUFQxzWWTMgX379DPY041Hz
LlU4IYMltxk6THUnaLOr0CF9NQCE+0b+A1QNyQea42DerKn38pt2fZr42WljI7AN
3JtO+SgbDTzYdOCQXKw3DNntsFMHSDGo0JIS8TadNEpV1V8UNGvWW9NIkH8mHlmO
i/aW1iIC5TscxZtxRz5o4cztDVRF3SJ8UJI6U/GK4115rnL6eM3i8S7aDi1/f7o6
fga8XCcaHmcDmQB4xmyKrKYZPWIhUOZ5DR3WRNDPCZfiZvI4XgA6eCpCXwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAVSIe6UY9mEKplSl3omN7dhO/+WMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2VkYjQwMDY4LWZkMTAtNDBhMC04ZDhmLTg0ZjQ4MTM4OWQ0Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauYAwDQYJKoZIhvcNAQELBQADggEBAMYFjAU+vyN8zk2kWrt/
3qjr8y7dmgPKmdxqRhyWzDHtZRQIUn00ecS8G0yyo/kMcqcd8AJzNWLzu1Vgl/kM
Wh9hsybBHGdzlrpvMO7T5Q3jKu9U8ODORKn5VBfgjVEsomyQCz0e45sXTr9GFClV
kAW9xeua0xTGSE9ayHFM9u12YoXLECsXmgsPKsDRzLEG0B06N3Eoa79yuCOvkL7A
0vohp8tVYcSG4Gx1Ggwly2IfJ3Dq39UAgdGP7ZIYaLmNsrzL6AsTHyxOg321EaWw
lpY4imMEFQjJiAUK9fsX2G+wuI9eYwg30znbpV7GU0GKw3DpcKOtnhUPUHQRN/KH
nzQ=
-----END CERTIFICATE-----
Generated at Mon Aug 4 15:26:22 2025 by rpki-client