Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa
File:                     117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa (raw, json)
Hash identifier:          HEZwYbTXqzKp0wNStt9Y03Ihwh74u6lXBsmkDp1Mb1I=
Subject key identifier:   14:49:67:3C:4E:64:76:20:8C:64:BB:D9:3F:EF:29:6F:62:F4:82:D1
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3BDB5EBB6D6595477D8B15117A24C9BE8310681D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:db:5e:bb:6d:65:95:47:7d:8b:15:11:7a:24:c9:be:83:10:68:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=284141a89f964e4e0356519b05be508cfb8fe3df057f6c7cdc3f3772e2784757, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:af:ee:0d:c5:be:3e:f1:49:c9:f0:10:33:b1:
                    dc:6d:67:c1:64:79:27:74:bb:30:3f:e1:83:2e:26:
                    00:91:74:18:52:ea:ba:ad:ea:c7:b2:fa:d4:39:b4:
                    b9:d1:f3:36:37:81:17:f4:0d:93:31:1e:64:b3:2a:
                    41:82:6e:77:a5:5d:a8:ca:cb:f9:61:5d:b7:5a:6a:
                    eb:cf:39:aa:1f:08:0e:22:26:bc:e8:13:5f:dc:dd:
                    c8:01:a1:d8:b3:f4:ca:85:5b:91:8f:91:94:02:07:
                    f1:e2:0f:e0:e0:0e:55:76:8b:47:19:b0:00:3b:6d:
                    39:c7:bf:8d:97:13:24:f6:49:b1:c0:11:9c:08:11:
                    c7:7a:6a:24:5d:c3:81:22:e8:35:03:2b:f1:63:f0:
                    38:6f:47:51:31:73:96:16:bc:66:9d:05:3f:f8:df:
                    67:af:a8:fe:1f:71:25:d9:c2:34:55:bd:44:7b:64:
                    5a:c5:cd:f0:ea:c7:a6:d5:3d:56:f0:b7:a4:86:63:
                    b5:44:fd:2e:64:3f:f3:92:91:eb:6b:18:85:47:33:
                    c5:68:be:d0:3a:91:9f:78:15:d2:e1:03:d7:18:9f:
                    26:44:36:fc:96:85:83:eb:6e:6d:75:ea:52:d7:45:
                    07:06:48:87:d6:43:5b:d8:e2:45:09:a4:35:f5:d2:
                    30:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:49:67:3C:4E:64:76:20:8C:64:BB:D9:3F:EF:29:6F:62:F4:82:D1
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/117722c6-e4ab-4a2f-a2ae-11a9762a1547.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:04:ba:45:7f:24:fc:37:3c:c5:64:42:68:e3:bb:18:f0:02:
         58:4f:18:84:f2:1b:df:f5:10:5f:ed:2f:72:10:06:d2:76:e2:
         83:f7:a6:c8:f3:0f:4f:ef:8e:4e:28:0a:4e:6e:70:e4:80:1d:
         dd:ef:49:e8:30:5f:05:1d:a0:44:a1:1b:d7:9b:93:c7:79:b1:
         d6:4a:8e:20:e6:13:f0:5e:80:cc:a7:8a:b1:56:e2:f2:f5:39:
         ee:5f:b9:dd:d6:10:04:42:1e:f7:31:f4:b1:9c:4b:73:c6:4d:
         4d:eb:6f:c0:b3:92:43:e9:f5:6a:10:34:c0:a6:9c:75:97:2f:
         86:f7:5e:f4:18:94:a8:0a:c2:f1:a8:dc:0b:4b:6f:e4:e9:ed:
         6b:b2:b9:67:b8:ab:f5:68:aa:07:12:51:06:c9:5d:80:77:ac:
         ad:ef:05:99:5b:cd:8e:aa:9e:d8:02:dd:52:ce:c2:02:e4:06:
         e9:65:23:2a:96:6f:e2:a8:26:f4:14:eb:18:55:d7:e4:2c:6e:
         38:30:d3:c7:6f:bb:f1:82:f6:4a:cc:43:4c:b6:06:31:13:38:
         2f:c5:b1:ab:94:bf:ea:9a:12:56:19:5b:c8:8c:00:0e:39:47:
         68:04:74:ef:6d:9c:a2:e7:dd:bb:54:4a:3a:92:81:48:34:b2:
         08:e5:bd:67
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUO9teu21llUd9ixUReiTJvoMQaB0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAMjg0MTQxYTg5Zjk2NGU0ZTAzNTY1
MTliMDViZTUwOGNmYjhmZTNkZjA1N2Y2YzdjZGMzZjM3NzJlMjc4NDc1NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta/uDcW+PvFJyfAQM7HcbWfBZHkn
dLswP+GDLiYAkXQYUuq6rerHsvrUObS50fM2N4EX9A2TMR5ksypBgm53pV2oysv5
YV23WmrrzzmqHwgOIia86BNf3N3IAaHYs/TKhVuRj5GUAgfx4g/g4A5VdotHGbAA
O205x7+NlxMk9kmxwBGcCBHHemokXcOBIug1AyvxY/A4b0dRMXOWFrxmnQU/+N9n
r6j+H3El2cI0Vb1Ee2Raxc3w6sem1T1W8LekhmO1RP0uZD/zkpHraxiFRzPFaL7Q
OpGfeBXS4QPXGJ8mRDb8loWD625tdepS10UHBkiH1kNb2OJFCaQ19dIwJwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBRJZzxOZHYgjGS72T/vKW9i9ILRMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzExNzcyMmM2LWU0YWItNGEyZi1hMmFlLTExYTk3NjJhMTU0Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYYAwDQYJKoZIhvcNAQELBQADggEBACQEukV/JPw3PMVkQmjj
uxjwAlhPGITyG9/1EF/tL3IQBtJ24oP3psjzD0/vjk4oCk5ucOSAHd3vSegwXwUd
oEShG9ebk8d5sdZKjiDmE/BegMynirFW4vL1Oe5fud3WEARCHvcx9LGcS3PGTU3r
b8CzkkPp9WoQNMCmnHWXL4b3XvQYlKgKwvGo3AtLb+Tp7WuyuWe4q/VoqgcSUQbJ
XYB3rK3vBZlbzY6qntgC3VLOwgLkBullIyqWb+KoJvQU6xhV1+Qsbjgw08dvu/GC
9krMQ0y2BjETOC/FsauUv+qaElYZW8iMAA45R2gEdO9tnKLn3btUSjqSgUg0sgjl
vWc=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:56:53 2024 by rpki-client on console-ams.rpki-client.org