Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0928ea81-291a-4314-85f0-1c171599b137.roa
File:                     0928ea81-291a-4314-85f0-1c171599b137.roa (raw, json)
Hash identifier:          BJob/76YbdGuuByQ8NX1ZY3CvQFELK/5Zx9rQ8wUDYA=
Subject key identifier:   78:02:44:26:41:A7:51:C1:00:75:40:68:B0:E2:36:F7:3A:A6:C6:C7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1E234A9205BB3BCB40498F9A9F7B8B18FA4EECDC
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0928ea81-291a-4314-85f0-1c171599b137.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 25 Jun 2024 00:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:23:4a:92:05:bb:3b:cb:40:49:8f:9a:9f:7b:8b:18:fa:4e:ec:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=7a091766131a1ffa5b87369f5bc357b21ade910c6f0a71b9c4ae64b8bc903acd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f9:9b:34:57:b4:47:52:30:da:8b:23:4b:db:
                    be:74:a0:14:e8:dd:45:94:71:b5:c9:af:91:78:24:
                    a3:59:96:af:04:08:76:3d:c6:d7:0a:36:e1:51:c3:
                    a0:b5:28:d9:04:32:50:81:5b:bb:ad:89:02:37:e9:
                    e7:8e:6f:58:34:50:46:7d:1b:8e:5e:f5:60:67:7d:
                    26:2c:77:85:0e:00:c5:fe:d6:c5:1a:7c:be:64:4c:
                    89:88:64:b3:12:6c:a2:ba:e6:94:aa:69:87:b4:05:
                    57:3c:f1:2c:b5:2b:b9:3d:39:32:8b:94:64:eb:a7:
                    f1:e2:02:f1:7f:5c:6c:e3:11:e7:e2:12:cd:70:f1:
                    62:03:2a:f0:f9:06:e2:70:74:01:41:b0:9a:f6:3f:
                    02:74:93:ba:ef:02:92:56:de:d0:2f:d7:e1:d3:93:
                    0b:31:b3:be:46:55:d8:bd:dd:a9:e3:1a:75:c5:2c:
                    04:61:3c:fe:ba:e8:23:71:95:ae:e7:0a:54:6c:3e:
                    1d:c4:7f:df:84:d4:9b:6d:4a:88:a7:fb:0f:26:90:
                    7f:a7:78:28:f2:5d:ae:b2:ee:10:be:6a:ac:c4:76:
                    6d:f3:2f:70:a3:8a:ad:97:e4:0f:43:24:58:fd:d1:
                    fc:0f:08:1e:d6:c1:29:db:78:a0:1c:6b:cc:30:32:
                    53:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:02:44:26:41:A7:51:C1:00:75:40:68:B0:E2:36:F7:3A:A6:C6:C7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0928ea81-291a-4314-85f0-1c171599b137.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:f7:3a:55:c5:3a:ba:87:ef:0d:12:7f:27:74:55:e2:77:58:
         8a:70:1e:e1:57:ca:0c:5a:e3:66:95:6d:d5:d1:07:72:24:2e:
         a6:1f:ae:e3:e4:69:f2:a6:bf:ff:74:3c:82:06:97:65:0f:9f:
         4f:e3:4d:23:f6:c0:57:69:cf:a7:d7:0a:da:1f:c7:e1:f2:02:
         9c:9f:a0:80:20:72:90:b3:2b:04:b5:fa:38:f7:a9:ae:1e:91:
         59:bc:df:c8:3e:0a:64:bd:f7:c4:1a:d6:52:0d:91:5a:13:7b:
         fd:39:0a:e9:ba:72:a3:68:1f:6f:a6:76:af:42:84:fb:9f:ba:
         33:b9:08:18:0f:67:0c:3b:4b:1a:f3:94:7a:72:6a:c3:e3:72:
         4e:18:72:c1:fa:35:e5:ce:95:f5:ce:82:fa:11:e8:71:fc:8d:
         2c:23:78:b9:1d:e3:98:55:b5:14:ab:24:8a:ae:c9:04:24:4d:
         99:b1:c2:ff:3c:18:75:ae:67:94:11:ea:4a:fe:bb:96:ca:a8:
         64:3e:53:27:ed:6d:01:58:78:ed:6b:0d:19:c5:b3:ae:78:c7:
         10:46:41:84:51:62:7f:f7:18:36:ed:fb:60:32:c8:de:0f:0e:
         c8:cd:6d:c0:38:05:06:90:14:0d:bd:d5:f3:c2:58:8a:d2:f6:
         f6:ca:b5:c8
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUHiNKkgW7O8tASY+an3uLGPpO7NwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAN2EwOTE3NjYxMzFhMWZmYTViODcz
NjlmNWJjMzU3YjIxYWRlOTEwYzZmMGE3MWI5YzRhZTY0YjhiYzkwM2FjZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvmbNFe0R1Iw2osjS9u+dKAU6N1F
lHG1ya+ReCSjWZavBAh2PcbXCjbhUcOgtSjZBDJQgVu7rYkCN+nnjm9YNFBGfRuO
XvVgZ30mLHeFDgDF/tbFGny+ZEyJiGSzEmyiuuaUqmmHtAVXPPEstSu5PTkyi5Rk
66fx4gLxf1xs4xHn4hLNcPFiAyrw+QbicHQBQbCa9j8CdJO67wKSVt7QL9fh05ML
MbO+RlXYvd2p4xp1xSwEYTz+uugjcZWu5wpUbD4dxH/fhNSbbUqIp/sPJpB/p3go
8l2usu4QvmqsxHZt8y9wo4qtl+QPQyRY/dH8Dwge1sEp23igHGvMMDJTnwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHgCRCZBp1HBAHVAaLDiNvc6psbHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA5MjhlYTgxLTI5MWEtNDMxNC04NWYwLTFjMTcxNTk5YjEzNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaAEAwDQYJKoZIhvcNAQELBQADggEBADL3OlXFOrqH7w0Sfyd0
VeJ3WIpwHuFXygxa42aVbdXRB3IkLqYfruPkafKmv/90PIIGl2UPn0/jTSP2wFdp
z6fXCtofx+HyApyfoIAgcpCzKwS1+jj3qa4ekVm838g+CmS998Qa1lINkVoTe/05
Cum6cqNoH2+mdq9ChPufujO5CBgPZww7SxrzlHpyasPjck4YcsH6NeXOlfXOgvoR
6HH8jSwjeLkd45hVtRSrJIquyQQkTZmxwv88GHWuZ5QR6kr+u5bKqGQ+UyftbQFY
eO1rDRnFs654xxBGQYRRYn/3GDbt+2AyyN4PDsjNbcA4BQaQFA291fPCWIrS9vbK
tcg=
-----END CERTIFICATE-----
Generated at Fri Jun 21 01:45:38 2024 by rpki-client on console-ams.rpki-client.org