Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0edb47a4-e59a-40a8-8e61-744230716a79.roa
File:                     0edb47a4-e59a-40a8-8e61-744230716a79.roa (raw, json)
Hash identifier:          K/Fu8q6imdtR04VGDj5cWyragoy6b39k2TiBzxckTo4=
Subject key identifier:   E0:1D:6A:D2:CB:2E:9F:36:B9:E2:E6:42:75:F8:57:F2:F3:60:E8:58
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6478E032460CC9F20E4D32760C4622322166BF19
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0edb47a4-e59a-40a8-8e61-744230716a79.roa
Signing time:             Mon 24 Jun 2024 00:00:00 +0000
ROA not before:           Mon 24 Jun 2024 00:00:00 +0000
ROA not after:            Mon 29 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:78:e0:32:46:0c:c9:f2:0e:4d:32:76:0c:46:22:32:21:66:bf:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 24 00:00:00 2024 GMT
            Not After : Jul 29 23:59:59 2024 GMT
        Subject: serialNumber=726379319476fc4df85448b04a265df43a45945865aba7880765f628afb35b27, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:05:08:2d:02:f4:46:16:53:68:4e:98:1b:60:
                    a7:09:fa:4f:6e:34:01:27:a7:c2:2c:1b:cc:3f:2a:
                    c4:0c:7e:dc:da:4f:16:c4:28:e2:12:44:3e:99:75:
                    af:b9:26:51:24:26:e6:1f:cd:fe:1d:37:e9:ad:71:
                    4c:4c:f0:87:0a:dd:ca:8f:46:b2:0c:11:ce:51:da:
                    c0:a1:df:b3:dd:04:55:db:69:72:45:90:f6:52:c2:
                    27:5b:f5:f9:7b:3e:e1:1b:56:a6:de:9c:11:85:16:
                    e0:f4:ed:93:78:94:18:26:ed:7c:a5:5c:47:ee:e1:
                    b1:96:ad:11:a5:1c:fa:4f:96:89:3a:56:a7:99:61:
                    ed:49:1d:be:d7:49:05:c5:33:f1:5b:30:b3:1e:e7:
                    ad:52:c3:6a:72:88:70:37:67:1e:66:6b:6a:da:57:
                    b7:ab:da:df:21:0b:13:2b:6c:14:ab:13:13:53:a6:
                    f1:49:3a:c1:cd:05:ed:97:d0:09:29:f8:77:a1:8d:
                    b0:a6:c2:58:ae:b5:88:6c:43:80:56:4a:fa:d9:c6:
                    14:e4:23:97:65:32:05:c4:bb:49:5c:22:00:f1:09:
                    bb:2e:3f:97:2a:8f:5e:9f:42:25:41:57:29:7f:e6:
                    61:5a:48:51:5c:ba:2f:08:93:28:56:30:1e:fd:af:
                    b5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1D:6A:D2:CB:2E:9F:36:B9:E2:E6:42:75:F8:57:F2:F3:60:E8:58
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0edb47a4-e59a-40a8-8e61-744230716a79.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:78:6e:23:9f:d2:9c:e6:85:2e:69:36:bd:d3:ad:bb:49:1e:
         00:a7:59:1e:d4:f9:ef:45:84:58:68:8d:35:02:bd:59:4d:60:
         08:af:5f:e6:a5:89:b5:db:c1:42:84:c2:0a:e5:63:f9:d2:b8:
         1e:8c:7b:b5:f8:0b:c8:20:47:64:12:c2:50:87:56:31:71:ea:
         fb:af:dc:eb:9a:e2:26:cb:43:a7:d0:fd:09:fd:52:95:b2:a5:
         18:1b:00:8f:78:9c:2c:16:df:17:b3:c9:4f:71:29:55:44:13:
         8b:f0:80:33:7a:09:f9:56:21:e3:a5:4d:e8:87:87:3a:15:7a:
         4f:a1:89:da:f7:d6:1a:35:0c:21:44:8b:34:9f:75:ab:69:7d:
         a1:4b:a2:d4:00:75:ca:b5:b3:27:15:23:42:c5:df:dc:27:ad:
         c9:39:4d:a6:23:e5:6e:72:c3:35:e5:4c:cd:80:57:37:52:ce:
         21:c7:ce:de:b6:fc:c4:cf:c4:6f:e1:e2:d4:08:6b:18:62:c6:
         f0:94:03:bf:dd:c9:12:ef:0e:4b:08:15:f7:85:6b:76:c6:21:
         bb:7b:39:4a:ff:4a:c3:5a:66:62:f0:83:e1:b0:d5:77:be:2b:
         5e:fd:1c:86:10:8b:ed:0d:b0:57:96:f0:16:cb:ab:ae:54:01:
         5f:47:02:ad
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZHjgMkYMyfIOTTJ2DEYiMiFmvxkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyNDAwMDAwMFoX
DTI0MDcyOTIzNTk1OVowejFJMEcGA1UEBRNANzI2Mzc5MzE5NDc2ZmM0ZGY4NTQ0
OGIwNGEyNjVkZjQzYTQ1OTQ1ODY1YWJhNzg4MDc2NWY2MjhhZmIzNWIyNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigUILQL0RhZTaE6YG2CnCfpPbjQB
J6fCLBvMPyrEDH7c2k8WxCjiEkQ+mXWvuSZRJCbmH83+HTfprXFMTPCHCt3Kj0ay
DBHOUdrAod+z3QRV22lyRZD2UsInW/X5ez7hG1am3pwRhRbg9O2TeJQYJu18pVxH
7uGxlq0RpRz6T5aJOlanmWHtSR2+10kFxTPxWzCzHuetUsNqcohwN2ceZmtq2le3
q9rfIQsTK2wUqxMTU6bxSTrBzQXtl9AJKfh3oY2wpsJYrrWIbEOAVkr62cYU5COX
ZTIFxLtJXCIA8Qm7Lj+XKo9en0IlQVcpf+ZhWkhRXLovCJMoVjAe/a+1LwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOAdatLLLp82ueLmQnX4V/LzYOhYMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBlZGI0N2E0LWU1OWEtNDBhOC04ZTYxLTc0NDIzMDcxNmE3OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaAAgwDQYJKoZIhvcNAQELBQADggEBAIx4biOf0pzmhS5pNr3T
rbtJHgCnWR7U+e9FhFhojTUCvVlNYAivX+alibXbwUKEwgrlY/nSuB6Me7X4C8gg
R2QSwlCHVjFx6vuv3Oua4ibLQ6fQ/Qn9UpWypRgbAI94nCwW3xezyU9xKVVEE4vw
gDN6CflWIeOlTeiHhzoVek+hidr31ho1DCFEizSfdatpfaFLotQAdcq1sycVI0LF
39wnrck5TaYj5W5ywzXlTM2AVzdSziHHzt62/MTPxG/h4tQIaxhixvCUA7/dyRLv
DksIFfeFa3bGIbt7OUr/SsNaZmLwg+Gw1Xe+K179HIYQi+0NsFeW8BbLq65UAV9H
Aq0=
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:49 2024 by rpki-client on console-fra.rpki-client.org