Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0dbf2a86-54aa-456e-9647-5bcff133ae51.roa
File:                     0dbf2a86-54aa-456e-9647-5bcff133ae51.roa (raw, json)
Hash identifier:          V4D583v0UcTPNOo8RYq0H3XjbR+ltxKYtODbSa6PWYk=
Subject key identifier:   CB:16:D5:F7:5B:8B:B5:0E:3B:21:65:C1:BF:A6:ED:BB:A3:8E:73:2F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       31E4A14AA3269C8B84643C756A440490435AC8B6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0dbf2a86-54aa-456e-9647-5bcff133ae51.roa
Signing time:             Sat 22 Jun 2024 00:00:00 +0000
ROA not before:           Sat 22 Jun 2024 00:00:00 +0000
ROA not after:            Sat 27 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:e4:a1:4a:a3:26:9c:8b:84:64:3c:75:6a:44:04:90:43:5a:c8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 22 00:00:00 2024 GMT
            Not After : Jul 27 23:59:59 2024 GMT
        Subject: serialNumber=88ca8cf11017ab0d28ab47c953413b72280e0198dc2a04548d5998d058d90aa5, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1d:ec:c9:93:37:b2:c5:18:52:ff:0e:9b:2a:
                    5b:f0:07:4d:7f:99:54:fc:a4:38:c3:44:18:83:48:
                    78:70:fc:fd:5c:8a:2e:dd:16:c7:43:5f:40:6f:6b:
                    46:b4:b7:c3:81:23:5d:e0:22:ae:58:96:0a:6a:c0:
                    de:22:8e:10:1b:f8:71:17:7d:4a:bc:88:7d:9b:4a:
                    7c:71:97:16:30:d5:0f:db:79:9e:69:47:b0:ac:f6:
                    c3:f0:c4:a7:6c:a2:84:5f:da:2a:43:c9:88:6d:ad:
                    6e:71:9e:46:5f:9c:40:11:41:b0:c6:e9:0e:ee:36:
                    1f:bc:09:e4:28:a5:ca:8a:32:ac:3f:9a:e9:5e:7a:
                    9d:6b:d9:30:6d:6e:2f:5e:fa:87:d3:ef:30:91:f6:
                    6d:6a:f5:5b:da:4f:0b:84:a5:68:01:bf:cd:ff:a7:
                    b6:a8:eb:04:e2:09:c4:08:a5:7f:44:49:c5:dc:8d:
                    e5:41:d5:08:1c:f7:38:a2:3a:73:b5:03:b9:88:00:
                    82:76:a0:28:b7:d7:ef:2a:d9:4e:63:bc:fe:97:69:
                    56:50:b3:15:a5:71:9b:4c:45:19:e0:97:5e:02:8f:
                    d8:a9:04:03:41:0a:71:88:8c:da:73:a8:38:e2:93:
                    09:ee:63:2a:fa:2b:e0:6a:f5:84:07:c3:2e:0a:44:
                    7e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:16:D5:F7:5B:8B:B5:0E:3B:21:65:C1:BF:A6:ED:BB:A3:8E:73:2F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0dbf2a86-54aa-456e-9647-5bcff133ae51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c7:48:e1:e8:2e:e9:f1:5d:df:3b:7a:da:98:fa:f9:c7:a0:7f:
         00:c9:91:f7:c3:1c:99:8f:73:81:62:0d:e5:c4:40:92:b2:44:
         ad:a9:a4:69:95:6b:d2:35:d1:57:bd:b2:cf:ec:eb:74:fd:0a:
         5d:2b:dd:5a:a3:b6:ac:aa:9f:8c:2f:e4:bd:f4:82:c2:da:c6:
         ff:68:61:5e:7b:21:43:e0:0b:99:c0:89:88:5a:21:46:f7:44:
         77:31:ae:f5:f2:e8:f8:f4:d8:a3:4b:78:5e:e3:b3:1d:16:80:
         ca:1d:d9:b2:20:23:09:da:45:32:39:8d:12:2f:94:7c:14:23:
         ce:26:42:2a:9f:0c:bc:d9:7a:d2:a8:76:9c:05:31:3a:18:ec:
         c5:da:be:94:85:6b:ea:9a:e0:05:85:42:21:f2:df:b7:1a:86:
         96:8c:08:63:0a:53:86:2d:f3:09:5b:98:13:3a:5c:51:0c:5a:
         84:10:86:db:e2:31:1e:36:c8:8c:0f:f5:c3:a2:76:66:73:0b:
         1e:1f:13:5c:b2:19:ce:45:af:77:89:2d:18:c7:90:d3:df:90:
         6f:77:cf:51:93:f2:bf:95:9c:b8:e7:81:c9:d3:bb:8b:55:a8:
         d1:dc:d0:22:83:0f:c4:63:98:b1:3a:a6:ac:00:66:84:cb:55:
         af:6a:59:ab
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMeShSqMmnIuEZDx1akQEkENayLYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMjAwMDAwMFoX
DTI0MDcyNzIzNTk1OVowejFJMEcGA1UEBRNAODhjYThjZjExMDE3YWIwZDI4YWI0
N2M5NTM0MTNiNzIyODBlMDE5OGRjMmEwNDU0OGQ1OTk4ZDA1OGQ5MGFhNTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2B3syZM3ssUYUv8Omypb8AdNf5lU
/KQ4w0QYg0h4cPz9XIou3RbHQ19Ab2tGtLfDgSNd4CKuWJYKasDeIo4QG/hxF31K
vIh9m0p8cZcWMNUP23meaUewrPbD8MSnbKKEX9oqQ8mIba1ucZ5GX5xAEUGwxukO
7jYfvAnkKKXKijKsP5rpXnqda9kwbW4vXvqH0+8wkfZtavVb2k8LhKVoAb/N/6e2
qOsE4gnECKV/REnF3I3lQdUIHPc4ojpztQO5iACCdqAot9fvKtlOY7z+l2lWULMV
pXGbTEUZ4JdeAo/YqQQDQQpxiIzac6g44pMJ7mMq+ivgavWEB8MuCkR+TQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMsW1fdbi7UOOyFlwb+m7bujjnMvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBkYmYyYTg2LTU0YWEtNDU2ZS05NjQ3LTViY2ZmMTMzYWU1MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9OAwDQYJKoZIhvcNAQELBQADggEBAMdI4egu6fFd3zt62pj6
+cegfwDJkffDHJmPc4FiDeXEQJKyRK2ppGmVa9I10Ve9ss/s63T9Cl0r3Vqjtqyq
n4wv5L30gsLaxv9oYV57IUPgC5nAiYhaIUb3RHcxrvXy6Pj02KNLeF7jsx0WgMod
2bIgIwnaRTI5jRIvlHwUI84mQiqfDLzZetKodpwFMToY7MXavpSFa+qa4AWFQiHy
37cahpaMCGMKU4Yt8wlbmBM6XFEMWoQQhtviMR42yIwP9cOidmZzCx4fE1yyGc5F
r3eJLRjHkNPfkG93z1GT8r+VnLjngcnTu4tVqNHc0CKDD8RjmLE6pqwAZoTLVa9q
Was=
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:49 2024 by rpki-client on console-fra.rpki-client.org