Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/032b0799-1c5e-4782-8d2f-81c63132c7d2.roa
File:                     032b0799-1c5e-4782-8d2f-81c63132c7d2.roa (raw, json)
Hash identifier:          CDZoIRXvi9r3gniMfiHX892DTJReJtIaJtwZ9ZZ6ZSA=
Subject key identifier:   CD:DA:53:CF:4E:21:F2:72:84:0C:B2:69:59:22:4C:B0:C9:F6:EB:CC
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3D2823212615094B0A4C623CA3A6B2238240C213
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/032b0799-1c5e-4782-8d2f-81c63132c7d2.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da2c:8000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 00:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:28:23:21:26:15:09:4b:0a:4c:62:3c:a3:a6:b2:23:82:40:c2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=72b3fb317730655a3149a0bfe912a4e419e031dd1b7eb00f9b51515f00c740e3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:36:f6:09:72:9b:94:a9:50:ef:e1:16:5c:4d:
                    eb:07:96:7a:e9:a6:e5:bc:5c:d9:3a:96:56:4f:6f:
                    e6:dc:c5:59:c7:e4:2d:3c:3e:8b:b1:ae:08:a0:07:
                    9f:9a:ce:db:be:ec:a1:42:cd:7b:32:a5:da:fd:9f:
                    ea:11:1b:7f:0b:bd:4c:42:11:ed:26:65:8d:75:64:
                    22:bb:af:a9:20:c6:4a:24:b7:d5:b8:0c:4f:1e:81:
                    79:87:c3:d0:07:b4:bc:7b:2b:ff:15:16:a9:dc:f9:
                    48:9c:48:08:82:ec:a2:f9:e1:c5:52:93:e5:d9:a5:
                    f7:f2:90:37:72:7a:1f:00:25:0e:04:ec:68:f4:d8:
                    cf:53:95:f5:61:b7:1e:41:b2:14:75:68:7c:aa:ce:
                    e9:9a:4f:eb:5a:06:d1:24:40:c8:a3:e0:29:88:ce:
                    bc:ac:00:94:de:89:8b:bf:14:1b:c8:c9:ca:e5:ba:
                    61:d8:d2:c2:9d:ed:00:26:cc:15:b2:dd:a8:bd:2d:
                    9d:30:5b:b3:10:f0:e9:2e:57:30:29:f2:58:27:9c:
                    b5:dc:cc:7e:a0:50:5c:f7:85:63:d6:d8:99:c2:38:
                    40:22:b2:0a:7d:d5:81:a7:5d:67:6e:2f:e8:d5:fd:
                    b5:49:ac:01:ee:05:b6:26:d2:47:5a:76:7f:6f:c1:
                    60:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DA:53:CF:4E:21:F2:72:84:0C:B2:69:59:22:4C:B0:C9:F6:EB:CC
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/032b0799-1c5e-4782-8d2f-81c63132c7d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da2c:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         c4:3a:d7:5a:13:f4:7d:12:08:65:dd:38:b7:05:87:7d:e4:c0:
         0a:e0:76:cf:1b:d4:9c:81:80:93:3e:3a:54:c5:e8:1a:0d:de:
         83:42:ca:46:3f:ea:de:2f:63:ad:95:d5:5a:24:03:b9:1e:60:
         04:7b:b7:0c:f9:9f:4e:d6:17:fc:e4:1e:30:1c:29:ea:51:73:
         c7:d7:9b:03:17:82:f4:03:f3:57:cc:64:da:e6:9d:93:35:c4:
         6d:b6:80:ca:ca:51:f4:c0:4e:b6:b2:c5:5f:ba:a6:e9:1f:df:
         6e:3e:b7:9c:f8:b0:80:d5:d3:49:53:f4:a7:15:96:09:05:04:
         be:a2:70:41:e8:05:ca:20:76:61:0f:54:f6:ce:56:5f:be:85:
         7d:25:4a:f9:f6:f2:90:9f:74:88:a9:98:39:26:5f:f5:09:c4:
         9b:f6:59:07:e5:54:3e:87:55:2e:a1:54:df:1a:16:67:6b:65:
         dc:85:88:27:9f:f0:91:09:bd:a5:4e:fd:1b:90:74:be:9f:ab:
         72:5e:c4:42:f3:7f:be:29:5e:50:2a:4d:d5:47:f8:92:a6:4f:
         39:43:ee:0f:17:89:39:e9:ad:b0:91:9e:5e:56:3e:ad:c9:55:
         36:e3:1c:f9:94:e2:84:56:1a:74:87:5d:2f:03:55:af:00:eb:
         ce:fa:5b:c1
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUPSgjISYVCUsKTGI8o6ayI4JAwhMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNANzJiM2ZiMzE3NzMwNjU1YTMxNDlh
MGJmZTkxMmE0ZTQxOWUwMzFkZDFiN2ViMDBmOWI1MTUxNWYwMGM3NDBlMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Db2CXKblKlQ7+EWXE3rB5Z66abl
vFzZOpZWT2/m3MVZx+QtPD6Lsa4IoAefms7bvuyhQs17MqXa/Z/qERt/C71MQhHt
JmWNdWQiu6+pIMZKJLfVuAxPHoF5h8PQB7S8eyv/FRap3PlInEgIguyi+eHFUpPl
2aX38pA3cnofACUOBOxo9NjPU5X1YbceQbIUdWh8qs7pmk/rWgbRJEDIo+ApiM68
rACU3omLvxQbyMnK5bph2NLCne0AJswVst2ovS2dMFuzEPDpLlcwKfJYJ5y13Mx+
oFBc94Vj1tiZwjhAIrIKfdWBp11nbi/o1f21SawB7gW2JtJHWnZ/b8FgkQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFM3aU89OIfJyhAyyaVkiTLDJ9uvMMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAzMmIwNzk5LTFjNWUtNDc4Mi04ZDJmLTgxYzYzMTMyYzdkMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaLIAwDQYJKoZIhvcNAQELBQADggEBAMQ611oT9H0SCGXdOLcF
h33kwArgds8b1JyBgJM+OlTF6BoN3oNCykY/6t4vY62V1VokA7keYAR7twz5n07W
F/zkHjAcKepRc8fXmwMXgvQD81fMZNrmnZM1xG22gMrKUfTATrayxV+6pukf324+
t5z4sIDV00lT9KcVlgkFBL6icEHoBcogdmEPVPbOVl++hX0lSvn28pCfdIipmDkm
X/UJxJv2WQflVD6HVS6hVN8aFmdrZdyFiCef8JEJvaVO/RuQdL6fq3JexELzf74p
XlAqTdVH+JKmTzlD7g8XiTnprbCRnl5WPq3JVTbjHPmU4oRWGnSHXS8DVa8A6876
W8E=
-----END CERTIFICATE-----
Generated at Mon Jun 17 15:56:25 2024 by rpki-client on console-fra.rpki-client.org