Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/004c94ec-a64d-4097-910e-831e2f73cc5b.roa
File:                     004c94ec-a64d-4097-910e-831e2f73cc5b.roa (raw, json)
Hash identifier:          FhMbf1YADPMXUPnQx85bdyQ/EZU10XP7mYz6cUBQPiA=
Subject key identifier:   B4:E6:2A:93:AC:4B:D0:D9:AD:FE:5D:19:01:2F:8D:CD:D0:C4:C4:B4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       055963375EE9F0F2E7B627130EA924A22CB99977
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/004c94ec-a64d-4097-910e-831e2f73cc5b.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf9:c800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:59:63:37:5e:e9:f0:f2:e7:b6:27:13:0e:a9:24:a2:2c:b9:99:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=5dfe8059b3d1b4296e0ad19d379077597be9e9180ac3255a089eb21abe43cc6e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:08:7c:fc:f5:ba:54:de:dc:8a:c0:4b:64:54:
                    5e:0f:23:e6:88:4f:cc:cf:c4:63:1c:ce:43:77:98:
                    2f:c7:4d:24:6d:01:91:14:c5:d9:ac:60:90:db:23:
                    43:89:54:4d:22:e8:cc:51:c1:77:13:fb:8d:0b:53:
                    3f:84:d0:18:60:55:ec:56:f1:e7:50:c9:5a:27:a8:
                    99:ee:5e:0b:12:3e:c7:01:81:af:e4:70:7f:6a:f7:
                    3a:e0:fe:03:df:bc:79:9a:b7:3d:02:ca:26:53:15:
                    6f:ba:e3:44:a4:c8:b4:63:e9:76:c5:b9:31:73:e5:
                    4a:5c:1c:4a:a0:92:9c:f2:ed:12:ea:a9:98:ea:e2:
                    6d:8a:14:b9:ce:36:42:8e:a0:c4:fe:56:6e:e2:4d:
                    58:a5:dc:b1:6b:0a:7b:e6:e2:f1:15:64:94:e4:41:
                    11:8a:ce:72:ab:f8:8a:2d:ea:0d:4d:10:5f:ad:fd:
                    a0:4a:40:2b:c3:a1:00:43:7c:81:37:65:be:65:74:
                    99:0c:18:02:ec:94:5f:4e:e5:da:f9:aa:cd:17:78:
                    d3:21:48:fd:aa:08:1a:1f:7c:8f:70:2a:63:80:eb:
                    ad:a7:f2:dc:f0:31:ca:6a:c5:e1:77:60:ca:97:5d:
                    b6:6b:b1:08:98:d0:bd:03:85:e4:bf:b4:3b:12:f1:
                    c8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E6:2A:93:AC:4B:D0:D9:AD:FE:5D:19:01:2F:8D:CD:D0:C4:C4:B4
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/004c94ec-a64d-4097-910e-831e2f73cc5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf9:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         80:cf:73:14:55:8d:85:21:2a:89:7d:1e:d8:c2:71:7c:67:b6:
         22:70:18:a5:63:04:f8:68:ef:6a:64:0e:18:2d:a4:3f:64:82:
         b3:6f:17:47:39:2a:1c:22:f1:41:a0:10:29:f2:c9:34:11:b4:
         43:be:8a:2b:29:e8:94:d5:67:5e:e1:a9:f3:97:a4:fe:0a:65:
         08:ad:e6:d7:2d:bd:80:96:b0:9c:95:57:c8:82:17:f6:b8:29:
         4e:8a:65:ff:39:77:a4:4a:56:8e:09:97:a2:81:24:6a:17:a9:
         fe:41:9b:03:25:b7:e3:87:12:d4:74:cb:77:7a:d6:82:44:24:
         78:bf:32:35:29:55:ea:48:96:1c:b0:02:e2:6a:1e:e8:ea:dc:
         51:64:12:4f:70:3f:87:e4:54:0a:43:9f:8f:bc:6b:20:77:b1:
         46:e9:27:68:32:93:5a:87:9a:dd:6d:14:06:f1:14:83:b5:e8:
         b0:a2:7e:ef:aa:e5:d1:04:01:38:ec:30:ac:7c:b8:2c:af:c8:
         51:a5:6f:72:58:57:c7:be:cd:0f:55:68:9f:8a:75:97:de:ac:
         ae:3a:12:a5:c4:fe:02:f4:53:46:da:aa:6a:bd:33:7e:6d:c0:
         a4:b2:0b:86:14:17:e2:7b:34:49:7a:e6:58:dd:88:68:d4:f3:
         c7:a3:29:55
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUBVljN17p8PLnticTDqkkoiy5mXcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNANWRmZTgwNTliM2QxYjQyOTZlMGFk
MTlkMzc5MDc3NTk3YmU5ZTkxODBhYzMyNTVhMDg5ZWIyMWFiZTQzY2M2ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAh8/PW6VN7cisBLZFReDyPmiE/M
z8RjHM5Dd5gvx00kbQGRFMXZrGCQ2yNDiVRNIujMUcF3E/uNC1M/hNAYYFXsVvHn
UMlaJ6iZ7l4LEj7HAYGv5HB/avc64P4D37x5mrc9AsomUxVvuuNEpMi0Y+l2xbkx
c+VKXBxKoJKc8u0S6qmY6uJtihS5zjZCjqDE/lZu4k1Ypdyxawp75uLxFWSU5EER
is5yq/iKLeoNTRBfrf2gSkArw6EAQ3yBN2W+ZXSZDBgC7JRfTuXa+arNF3jTIUj9
qggaH3yPcCpjgOutp/Lc8DHKasXhd2DKl122a7EImNC9A4Xkv7Q7EvHIfwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLTmKpOsS9DZrf5dGQEvjc3QxMS0MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAwNGM5NGVjLWE2NGQtNDA5Ny05MTBlLTgzMWUyZjczY2M1Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+cgwDQYJKoZIhvcNAQELBQADggEBAIDPcxRVjYUhKol9HtjC
cXxntiJwGKVjBPho72pkDhgtpD9kgrNvF0c5Khwi8UGgECnyyTQRtEO+iisp6JTV
Z17hqfOXpP4KZQit5tctvYCWsJyVV8iCF/a4KU6KZf85d6RKVo4Jl6KBJGoXqf5B
mwMlt+OHEtR0y3d61oJEJHi/MjUpVepIlhywAuJqHujq3FFkEk9wP4fkVApDn4+8
ayB3sUbpJ2gyk1qHmt1tFAbxFIO16LCifu+q5dEEATjsMKx8uCyvyFGlb3JYV8e+
zQ9VaJ+KdZferK46EqXE/gL0U0baqmq9M35twKSyC4YUF+J7NEl65ljdiGjU88ej
KVU=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:05 2024 by rpki-client on console-ams.rpki-client.org