Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00b2a2b4-99de-45a2-b5f4-a01609c997f1.roa
File:                     00b2a2b4-99de-45a2-b5f4-a01609c997f1.roa (raw, json)
Hash identifier:          xvp9YwgG8MtGdH4zKYFIjk+iRYvyMXB77+nA6kbKAIU=
Subject key identifier:   C9:A4:68:91:5E:C4:4D:8D:44:11:AB:53:8F:29:F7:37:B3:D2:BB:B3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6F88D3DD9CEE6697C86F579256D278831F6F54D7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00b2a2b4-99de-45a2-b5f4-a01609c997f1.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:7000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:88:d3:dd:9c:ee:66:97:c8:6f:57:92:56:d2:78:83:1f:6f:54:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=c933003575bde988ab2ea9bc82a8889cbd7ee68e68976f5350479a0a16143080, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ff:08:10:0d:7b:6f:15:5f:da:aa:14:64:d2:
                    ec:d5:0d:89:54:29:1a:d3:b1:12:91:cb:4c:a3:f7:
                    da:5a:99:32:a0:27:49:eb:fa:66:56:27:81:36:d2:
                    07:a3:2f:f0:90:ee:4e:86:ed:fa:c7:52:bc:7e:bf:
                    60:6f:b3:42:ad:e6:df:7b:0b:26:8a:0c:a3:86:90:
                    19:34:28:c3:47:7c:f7:b9:fc:bf:86:87:5a:f2:8c:
                    c1:b0:b2:8c:af:96:45:b5:ea:b6:e2:32:d3:7b:cd:
                    37:b6:3e:e0:95:ae:e9:f4:dd:47:83:85:8f:11:54:
                    c0:6e:1b:6c:71:f3:d9:dd:5e:15:c4:34:94:47:6e:
                    04:e1:af:81:a9:d3:4a:10:35:a3:10:86:28:a1:a6:
                    54:0d:bd:06:44:5b:9c:23:40:9f:c8:b4:ed:db:9d:
                    94:41:04:c6:9c:1f:55:b7:86:b3:4d:ad:82:9c:e9:
                    03:9f:d9:d4:1a:67:bd:11:14:d6:b0:ae:f8:f4:a7:
                    b2:4f:04:29:9f:5e:e4:20:31:0b:01:bb:f5:48:33:
                    64:ea:76:02:d6:bb:77:39:00:64:82:6b:82:e2:93:
                    81:7e:db:00:ce:10:4d:60:ed:c8:03:0e:a6:63:fe:
                    7b:fc:1b:69:b5:2b:c3:74:41:77:cf:fa:bf:23:4c:
                    9c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A4:68:91:5E:C4:4D:8D:44:11:AB:53:8F:29:F7:37:B3:D2:BB:B3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00b2a2b4-99de-45a2-b5f4-a01609c997f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:ae:bb:c9:0b:58:55:1e:fa:6c:85:26:f3:b7:98:ce:88:4d:
         8e:f1:47:5d:2f:1b:85:24:94:a2:a0:c3:19:62:65:16:3e:18:
         98:98:a7:0d:42:7d:cb:0e:2c:a2:e3:16:8c:9d:d8:0e:0b:1a:
         c3:b0:a9:bc:60:53:00:ac:ed:09:16:99:e6:ce:05:27:80:52:
         41:76:d6:1d:eb:d3:ab:31:a6:a9:7b:11:a3:8c:62:96:e4:85:
         6b:c3:fb:21:86:b4:99:8c:7c:0f:5a:89:92:aa:e7:70:9a:b2:
         9e:16:32:0d:46:c9:58:79:96:8d:8f:38:8c:a3:a6:fe:e6:5b:
         fd:70:c8:d8:95:35:8b:e0:d6:20:28:2d:b7:14:79:cf:2e:28:
         c8:60:50:a2:23:5b:75:b7:4c:b3:48:b1:04:b3:f4:13:ce:bc:
         60:f6:d8:17:7f:ee:72:c3:57:9f:34:6f:5a:76:38:b9:af:44:
         eb:ea:81:10:8b:11:ba:1c:c1:a1:3e:13:64:4a:4f:4b:36:4b:
         c0:2f:e3:73:0d:82:67:d1:2f:78:be:23:ec:e2:c9:51:d0:a1:
         b8:2d:56:0b:18:24:c8:59:20:fd:db:fd:d6:4a:b4:8c:34:2f:
         d1:8d:ad:78:40:6d:fc:8b:71:98:c8:23:b2:c1:c2:95:81:7d:
         c2:1e:3d:f2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUb4jT3ZzuZpfIb1eSVtJ4gx9vVNcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAYzkzMzAwMzU3NWJkZTk4OGFiMmVh
OWJjODJhODg4OWNiZDdlZTY4ZTY4OTc2ZjUzNTA0NzlhMGExNjE0MzA4MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxP8IEA17bxVf2qoUZNLs1Q2JVCka
07ESkctMo/faWpkyoCdJ6/pmVieBNtIHoy/wkO5Ohu36x1K8fr9gb7NCrebfewsm
igyjhpAZNCjDR3z3ufy/hoda8ozBsLKMr5ZFteq24jLTe803tj7gla7p9N1Hg4WP
EVTAbhtscfPZ3V4VxDSUR24E4a+BqdNKEDWjEIYooaZUDb0GRFucI0CfyLTt252U
QQTGnB9Vt4azTa2CnOkDn9nUGme9ERTWsK749KeyTwQpn17kIDELAbv1SDNk6nYC
1rt3OQBkgmuC4pOBftsAzhBNYO3IAw6mY/57/BtptSvDdEF3z/q/I0ycywIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMmkaJFexE2NRBGrU48p9zez0ruzMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAwYjJhMmI0LTk5ZGUtNDVhMi1iNWY0LWEwMTYwOWM5OTdmMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOHAwDQYJKoZIhvcNAQELBQADggEBAJeuu8kLWFUe+myFJvO3
mM6ITY7xR10vG4UklKKgwxliZRY+GJiYpw1CfcsOLKLjFoyd2A4LGsOwqbxgUwCs
7QkWmebOBSeAUkF21h3r06sxpql7EaOMYpbkhWvD+yGGtJmMfA9aiZKq53Casp4W
Mg1GyVh5lo2POIyjpv7mW/1wyNiVNYvg1iAoLbcUec8uKMhgUKIjW3W3TLNIsQSz
9BPOvGD22Bd/7nLDV580b1p2OLmvROvqgRCLEbocwaE+E2RKT0s2S8Av43MNgmfR
L3i+I+ziyVHQobgtVgsYJMhZIP3b/dZKtIw0L9GNrXhAbfyLcZjII7LBwpWBfcIe
PfI=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:05 2024 by rpki-client on console-ams.rpki-client.org