Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/025e96a4-3d7c-410e-9052-27b26f5f569c.roa
File:                     025e96a4-3d7c-410e-9052-27b26f5f569c.roa (raw, json)
Hash identifier:          XIiB0VP8JMC42g4Oz8HbRXWo2fGodZ0vTZFN1NJ4Kyg=
Subject key identifier:   48:20:C1:64:B2:92:C5:A9:54:83:4C:EA:DE:73:BA:76:A8:AD:91:42
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7EFB8E8F41C741B4B3BEE5445B4449AB66B9D3E0
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/025e96a4-3d7c-410e-9052-27b26f5f569c.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:fb:8e:8f:41:c7:41:b4:b3:be:e5:44:5b:44:49:ab:66:b9:d3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=4b290d24d0d2094fef371d7754121c7dfb24445a0af14f710cf830462b58a24c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:39:ab:51:7a:04:1c:9c:e5:04:e9:48:78:25:
                    a9:ca:42:a9:4d:da:d4:b7:7d:4a:a1:a4:68:d5:81:
                    b8:4c:6f:7f:29:82:27:5d:5a:7f:f9:78:01:f4:6e:
                    ac:cf:27:3d:45:f1:8d:ad:68:c1:3f:36:4f:be:cd:
                    a4:2a:fe:4a:ba:d4:4b:80:ab:0a:49:49:6a:bf:58:
                    e4:7f:02:de:df:0f:35:9d:1f:e1:ac:a9:55:20:f7:
                    87:97:7b:cc:ba:73:ef:1b:37:b7:02:98:9a:fe:01:
                    a0:5a:ef:b5:9c:74:e0:0a:71:bb:65:e1:87:a6:02:
                    e6:a3:f6:ec:d4:ab:6b:4e:50:9a:4a:ad:55:8d:77:
                    03:2c:71:e3:57:01:8d:fb:7f:a2:8e:a3:fa:c0:47:
                    37:7a:a0:24:24:7c:09:e2:46:83:cc:e7:64:3b:a3:
                    d4:94:16:99:80:52:f5:88:be:1f:8f:7f:aa:e2:1c:
                    cb:21:1a:3f:25:8c:08:61:7e:2d:c7:25:40:c9:78:
                    d4:2d:61:98:2d:0d:0a:0b:6f:87:9a:61:f1:8d:ab:
                    ae:2a:a2:94:8f:cb:f1:be:e7:26:71:40:2c:9f:a8:
                    9b:c4:0a:fe:ac:a9:ef:34:0b:6b:ce:b0:84:78:b7:
                    e0:1b:b5:1e:5b:e2:f1:d8:54:79:a8:f2:49:87:ff:
                    29:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:20:C1:64:B2:92:C5:A9:54:83:4C:EA:DE:73:BA:76:A8:AD:91:42
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/025e96a4-3d7c-410e-9052-27b26f5f569c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:05:39:95:c6:94:c4:df:3d:1b:53:4a:61:f3:6b:46:3a:b9:
         3b:d6:42:a8:01:90:ca:6f:aa:0d:0a:63:80:92:6a:24:79:ec:
         9d:a6:d8:8d:01:7e:9d:bf:ac:cb:ab:2c:f3:dc:a3:6c:95:76:
         87:7f:87:af:3f:11:49:3a:0c:84:7b:85:2d:cb:56:68:6c:4e:
         c1:2f:bc:a2:9a:38:12:51:74:24:05:9e:e9:d4:42:e7:a4:f9:
         72:28:5a:28:14:87:d1:84:d7:61:52:1c:72:a9:b6:4f:24:32:
         e6:ff:5c:5a:1d:db:ca:96:1f:cf:74:3c:1c:8c:20:fa:d0:04:
         0b:a9:fb:d7:09:5a:e8:2f:2d:00:9a:82:04:03:4b:41:2a:a3:
         a5:2e:ab:c0:2e:77:b3:87:66:cb:8a:34:ac:a4:88:23:af:37:
         2f:ce:0d:87:04:4f:0e:c9:e9:5d:e3:2f:7f:2f:15:25:d6:a5:
         0b:97:f1:bd:10:e3:70:b9:72:2a:4c:88:11:f1:b9:bc:6a:45:
         b7:8a:7b:42:4a:16:24:6a:d4:32:57:8a:54:10:2c:0c:d7:2b:
         24:c5:60:a9:df:4a:ef:1d:16:59:ba:6f:28:8d:fe:34:a4:b5:
         8e:7a:a9:3c:73:16:4d:fc:9d:cb:6a:c4:0f:4c:27:ab:ff:9b:
         ac:ca:a5:45
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUfvuOj0HHQbSzvuVEW0RJq2a50+AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNANGIyOTBkMjRkMGQyMDk0ZmVmMzcx
ZDc3NTQxMjFjN2RmYjI0NDQ1YTBhZjE0ZjcxMGNmODMwNDYyYjU4YTI0YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTmrUXoEHJzlBOlIeCWpykKpTdrU
t31KoaRo1YG4TG9/KYInXVp/+XgB9G6szyc9RfGNrWjBPzZPvs2kKv5KutRLgKsK
SUlqv1jkfwLe3w81nR/hrKlVIPeHl3vMunPvGze3Apia/gGgWu+1nHTgCnG7ZeGH
pgLmo/bs1KtrTlCaSq1VjXcDLHHjVwGN+3+ijqP6wEc3eqAkJHwJ4kaDzOdkO6PU
lBaZgFL1iL4fj3+q4hzLIRo/JYwIYX4txyVAyXjULWGYLQ0KC2+HmmHxjauuKqKU
j8vxvucmcUAsn6ibxAr+rKnvNAtrzrCEeLfgG7UeW+Lx2FR5qPJJh/8p+wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEggwWSyksWpVINM6t5zunaorZFCMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAyNWU5NmE0LTNkN2MtNDEwZS05MDUyLTI3YjI2ZjVmNTY5Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/2AwDQYJKoZIhvcNAQELBQADggEBACEFOZXGlMTfPRtTSmHz
a0Y6uTvWQqgBkMpvqg0KY4CSaiR57J2m2I0Bfp2/rMurLPPco2yVdod/h68/EUk6
DIR7hS3LVmhsTsEvvKKaOBJRdCQFnunUQuek+XIoWigUh9GE12FSHHKptk8kMub/
XFod28qWH890PByMIPrQBAup+9cJWugvLQCaggQDS0Eqo6Uuq8Aud7OHZsuKNKyk
iCOvNy/ODYcETw7J6V3jL38vFSXWpQuX8b0Q43C5cipMiBHxubxqRbeKe0JKFiRq
1DJXilQQLAzXKyTFYKnfSu8dFlm6byiN/jSktY56qTxzFk38nctqxA9MJ6v/m6zK
pUU=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:55 2024 by rpki-client on console-fra.rpki-client.org