Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa
File:                     117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa (raw, json)
Hash identifier:          tqhtr51Kkv/zeZ6vnIf3tAxH+ragv0v6TQqm6n2xQ1E=
Subject key identifier:   21:8E:15:EB:57:BC:66:7B:17:1E:89:2B:F3:59:29:6A:FB:45:2A:38
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3D0539B103F58D50B16270866809A80E4FAE99EE
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Sun 30 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Mar 2023 12:04:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:05:39:b1:03:f5:8d:50:b1:62:70:86:68:09:a8:0e:4f:ae:99:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Apr 30 23:59:59 2023 GMT
        Subject: serialNumber=03c81c16cbeaa54faa71bdf3f0772a0a871ff50f27b56d5e9ab79aae052e6d70, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8a:ed:33:f3:d9:a6:b8:74:1c:1d:1b:70:5b:
                    53:ec:14:a5:5c:d8:40:50:e6:9a:cf:ab:6a:7e:94:
                    2b:f1:38:c2:26:3b:d0:6f:3a:fb:24:b7:d8:2e:c7:
                    eb:d8:cb:7b:16:15:e8:2a:2d:71:91:4c:ed:de:99:
                    de:08:c5:0f:84:a2:19:1e:22:73:52:25:64:04:07:
                    99:0e:4d:4a:65:b1:bc:0a:04:a1:df:fc:00:f3:82:
                    67:0e:4c:33:76:4c:f9:a5:18:92:77:0f:14:bd:f5:
                    b2:84:ae:7f:5a:6c:67:37:8d:d9:b7:b4:85:ef:78:
                    1f:4f:ec:9d:bf:b9:c4:c9:c5:20:42:fd:d9:32:a5:
                    2d:d9:4f:c3:d7:91:c5:bc:0c:b3:c3:4f:0e:19:20:
                    19:d5:68:9d:09:26:e3:34:c8:33:69:39:4d:e7:5a:
                    48:eb:61:a7:b0:73:32:a0:50:92:c9:a7:b0:9e:ae:
                    52:dd:6b:4a:46:f5:68:a8:cc:35:2e:d5:cc:80:b8:
                    27:10:e7:62:b6:61:28:c1:3e:52:6d:5b:44:51:65:
                    5e:ce:74:6a:95:c6:1a:13:75:1a:2b:5f:4b:6b:1b:
                    fd:47:f0:19:c6:33:d5:18:4e:28:f7:e1:ab:bc:6e:
                    f7:8f:2f:50:b0:40:a3:d0:f4:3e:9b:e4:e0:29:fc:
                    60:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                21:8E:15:EB:57:BC:66:7B:17:1E:89:2B:F3:59:29:6A:FB:45:2A:38
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         43:15:dd:96:d6:3a:fa:66:ae:21:7c:ef:a0:dd:53:c0:3f:6a:
         c3:58:af:01:12:4c:6d:1d:24:45:a5:9c:1c:2f:a0:df:85:3d:
         01:3f:56:50:50:e5:e3:13:fb:29:bc:62:62:41:e7:ac:8f:5e:
         1a:a2:06:33:19:c4:7a:f2:5d:25:eb:90:21:f0:85:d9:f7:7d:
         d9:8a:3d:70:7b:d4:8c:67:73:2d:72:67:d8:6b:2a:38:8c:db:
         cc:17:d0:21:93:98:92:7b:fb:a8:a1:c2:69:0d:06:fd:97:b9:
         fa:5c:79:40:59:90:d7:db:50:f5:17:2d:df:4f:ae:a0:07:2d:
         05:aa:9c:da:b1:83:89:76:b0:0e:8d:fd:4a:e4:32:ec:c8:14:
         70:78:fa:e0:40:14:b5:d6:03:92:34:85:99:21:43:43:c8:9c:
         2d:b0:8c:c2:2f:99:e6:cb:f5:04:f3:2b:ab:17:88:90:fd:78:
         f1:55:07:96:62:f4:ab:60:a3:1c:16:17:64:dd:c5:c9:c0:32:
         c7:6b:c2:48:0d:3e:64:9f:0d:53:35:2a:5d:f0:11:ce:13:97:
         97:17:a1:2f:e1:61:82:3d:e7:12:06:f8:98:af:8a:e4:17:26:
         68:f0:4b:4d:dc:fe:7d:5f:b0:03:c4:6f:e0:8e:0c:65:84:bc:
         f0:40:8f:bb
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUPQU5sQP1jVCxYnCGaAmoDk+ume4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMyNjAwMDAwMFoX
DTIzMDQzMDIzNTk1OVowgaUxSTBHBgNVBAUTQDAzYzgxYzE2Y2JlYWE1NGZhYTcx
YmRmM2YwNzcyYTBhODcxZmY1MGYyN2I1NmQ1ZTlhYjc5YWFlMDUyZTZkNzAxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeiu0z89mmuHQcHRtwW1PsFKVc2EBQ5prP
q2p+lCvxOMImO9BvOvskt9gux+vYy3sWFegqLXGRTO3emd4IxQ+EohkeInNSJWQE
B5kOTUplsbwKBKHf/ADzgmcOTDN2TPmlGJJ3DxS99bKErn9abGc3jdm3tIXveB9P
7J2/ucTJxSBC/dkypS3ZT8PXkcW8DLPDTw4ZIBnVaJ0JJuM0yDNpOU3nWkjrYaew
czKgUJLJp7CerlLda0pG9WiozDUu1cyAuCcQ52K2YSjBPlJtW0RRZV7OdGqVxhoT
dRorX0trG/1H8BnGM9UYTij34au8bvePL1CwQKPQ9D6b5OAp/GDvAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUIY4V61e8ZnsXHokr81kpavtFKjgwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvMTE3
NzIyYzYtZTRhYi00YTJmLWEyYWUtMTFhOTc2MmExNTQ3LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtphgDANBgkqhkiG9w0BAQsFAAOCAQEAQxXdltY6+mauIXzvoN1TwD9q
w1ivARJMbR0kRaWcHC+g34U9AT9WUFDl4xP7KbxiYkHnrI9eGqIGMxnEevJdJeuQ
IfCF2fd92Yo9cHvUjGdzLXJn2GsqOIzbzBfQIZOYknv7qKHCaQ0G/Ze5+lx5QFmQ
19tQ9Rct30+uoActBaqc2rGDiXawDo39SuQy7MgUcHj64EAUtdYDkjSFmSFDQ8ic
LbCMwi+Z5sv1BPMrqxeIkP148VUHlmL0q2CjHBYXZN3FycAyx2vCSA0+ZJ8NUzUq
XfARzhOXlxehL+Fhgj3nEgb4mK+K5BcmaPBLTdz+fV+wA8Rv4I4MZYS88ECPuw==
-----END CERTIFICATE-----
Generated at Sun Mar 26 00:25:44 2023 by rpki-client on console-fra.rpki-client.org