Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0e4314c2-e58e-41d0-8f41-07c28566af35.roa
File:                     0e4314c2-e58e-41d0-8f41-07c28566af35.roa (raw, json)
Hash identifier:          a9O01q0wHv6SrReOlEaXrUXNF00ONvkS/Zhp6qGVPdA=
Subject key identifier:   33:65:0D:17:1C:29:7B:91:84:CE:46:E6:13:3B:70:95:9C:A8:EF:FD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       65AE37C0A71920EF281F4066E711C342A7991D01
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0e4314c2-e58e-41d0-8f41-07c28566af35.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:c800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ae:37:c0:a7:19:20:ef:28:1f:40:66:e7:11:c3:42:a7:99:1d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=f7ea671023731cc0ba310b757101f022172978a94399c7384c697fe752ef02a0, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cf:37:2f:7c:d9:57:c2:5d:04:98:65:bb:cf:
                    7b:69:f3:e2:35:3c:20:a6:03:32:42:33:4e:ef:b0:
                    c6:67:cd:19:12:23:ec:ed:dc:ed:2a:1d:b3:50:2b:
                    f0:7d:cd:2b:fa:aa:a1:13:42:b8:f6:dd:cd:a6:c8:
                    76:1e:f9:5f:55:69:f4:a6:0a:02:94:a0:7c:43:63:
                    eb:e2:14:ca:f4:9b:29:12:d6:35:6c:5c:e4:f8:85:
                    10:74:c2:7f:02:4f:ee:03:41:c4:e3:e7:a0:a3:e9:
                    5b:24:42:db:9d:a6:21:65:14:3b:3a:84:3d:05:19:
                    f5:8d:04:91:ba:0d:b2:d7:b2:2f:40:13:db:9a:2a:
                    a1:f3:85:96:0e:5c:dc:f5:91:67:3a:50:3c:48:4a:
                    0f:a8:f1:69:54:41:f6:cc:1f:0c:a0:ca:2a:5e:35:
                    89:d3:9b:2d:a3:ce:08:e3:50:14:85:aa:6e:ba:09:
                    89:d6:6a:bb:41:60:74:72:6e:da:da:78:39:91:7a:
                    25:ef:49:57:cb:ad:b3:e2:d9:ff:f5:01:f5:b1:cc:
                    f2:89:99:15:61:4a:76:a0:b7:df:31:f8:28:81:cc:
                    cc:52:0b:a2:6d:7a:be:3c:be:de:e9:19:50:a7:ab:
                    4e:5f:f5:25:07:6c:33:11:50:69:63:bd:2c:5b:c0:
                    66:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:65:0D:17:1C:29:7B:91:84:CE:46:E6:13:3B:70:95:9C:A8:EF:FD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0e4314c2-e58e-41d0-8f41-07c28566af35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         29:24:b3:42:d5:7a:b9:2d:77:c3:b4:d8:95:56:0a:d6:e8:55:
         49:35:ef:0e:c7:07:a2:9f:c3:0b:a0:46:e6:5c:95:df:a5:71:
         30:e4:8a:01:fd:34:ab:49:10:f3:10:65:2c:54:11:df:10:7a:
         41:5a:b4:cf:11:df:05:b4:7b:1d:eb:99:f7:ab:b1:1d:56:e5:
         46:65:c8:b7:c6:ea:f9:00:ee:c6:e4:b9:af:cd:3f:8e:c0:c4:
         5c:76:63:40:f1:2e:d8:34:04:fa:92:ce:3c:99:ee:48:87:f1:
         03:cb:51:64:23:59:90:43:53:fe:76:c8:89:0f:8e:f8:9d:4d:
         1e:a4:6e:b6:00:fd:6e:1f:12:94:a2:ee:c5:fc:fe:2c:bd:de:
         ca:d1:13:e6:0c:72:3d:0a:98:f3:d1:6a:6c:b2:cd:5a:97:1d:
         c9:ba:5b:d6:6c:cd:c5:9d:ba:e3:50:50:ff:a8:b2:9c:4a:c7:
         ed:92:3d:80:ee:b6:92:85:59:ca:ec:d4:de:7b:19:96:44:26:
         67:c9:cb:f1:f7:f0:95:8d:25:92:d0:ee:9c:62:d6:cc:e1:a3:
         de:a1:ee:d3:bd:a6:0d:30:c2:2a:06:c1:91:95:f9:8c:46:9d:
         5b:e2:95:3c:60:3c:cc:b5:0c:74:4f:45:7d:a4:34:c0:70:4b:
         10:49:fd:81
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZa43wKcZIO8oH0Bm5xHDQqeZHQEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNAZjdlYTY3MTAyMzczMWNjMGJhMzEw
Yjc1NzEwMWYwMjIxNzI5NzhhOTQzOTljNzM4NGM2OTdmZTc1MmVmMDJhMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr883L3zZV8JdBJhlu897afPiNTwg
pgMyQjNO77DGZ80ZEiPs7dztKh2zUCvwfc0r+qqhE0K49t3Npsh2HvlfVWn0pgoC
lKB8Q2Pr4hTK9JspEtY1bFzk+IUQdMJ/Ak/uA0HE4+ego+lbJELbnaYhZRQ7OoQ9
BRn1jQSRug2y17IvQBPbmiqh84WWDlzc9ZFnOlA8SEoPqPFpVEH2zB8MoMoqXjWJ
05sto84I41AUhapuugmJ1mq7QWB0cm7a2ng5kXol70lXy62z4tn/9QH1sczyiZkV
YUp2oLffMfgogczMUguibXq+PL7e6RlQp6tOX/UlB2wzEVBpY70sW8BmxQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDNlDRccKXuRhM5G5hM7cJWcqO/9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBlNDMxNGMyLWU1OGUtNDFkMC04ZjQxLTA3YzI4NTY2YWYzNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/8gwDQYJKoZIhvcNAQELBQADggEBACkks0LVerktd8O02JVW
CtboVUk17w7HB6KfwwugRuZcld+lcTDkigH9NKtJEPMQZSxUEd8QekFatM8R3wW0
ex3rmfersR1W5UZlyLfG6vkA7sbkua/NP47AxFx2Y0DxLtg0BPqSzjyZ7kiH8QPL
UWQjWZBDU/52yIkPjvidTR6kbrYA/W4fEpSi7sX8/iy93srRE+YMcj0KmPPRamyy
zVqXHcm6W9ZszcWduuNQUP+ospxKx+2SPYDutpKFWcrs1N57GZZEJmfJy/H38JWN
JZLQ7pxi1szho96h7tO9pg0wwioGwZGV+YxGnVvilTxgPMy1DHRPRX2kNMBwSxBJ
/YE=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:01:50 2024 by rpki-client on console-fra.rpki-client.org