Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/13f5f01a-ab8f-4788-ba91-6bc86de44e18.roa
File:                     13f5f01a-ab8f-4788-ba91-6bc86de44e18.roa (raw, json)
Hash identifier:          26hWiBXBVCpPeTmLSpXFqNHjc6l4XLAlymiRV6lDcIQ=
Subject key identifier:   17:88:35:A7:BA:14:DE:B6:29:FA:37:7B:EC:EE:42:88:38:F2:21:D3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6337025E47D30C10F98591C69B2A181C035CCFF9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/13f5f01a-ab8f-4788-ba91-6bc86de44e18.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafe:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 25 Jun 2024 00:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:37:02:5e:47:d3:0c:10:f9:85:91:c6:9b:2a:18:1c:03:5c:cf:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=b14bc022bb8cc336ca5d2ee6563ce4d14eef6303d3e721d946ac8dedfadad0ba, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0e:39:bc:c7:c9:3d:c4:29:9b:67:02:a6:47:
                    3a:ba:55:74:7a:2b:a6:e7:db:62:2c:86:d5:27:cd:
                    46:05:8f:4f:ca:d3:bf:27:6d:b5:b3:99:52:d4:ff:
                    54:23:3c:f6:15:f5:47:54:18:d1:b0:16:22:32:38:
                    fa:c3:e4:38:85:29:9f:03:84:36:ae:c9:84:d1:bd:
                    32:3f:2b:36:38:57:9f:f7:95:35:65:81:45:3d:03:
                    2e:19:de:c0:e6:5e:40:ce:c1:69:ca:71:12:9f:bb:
                    3e:8a:f2:92:6c:68:f5:98:1d:62:7a:96:4b:ef:e0:
                    13:c4:63:d1:33:3a:c9:df:2a:5c:f4:e9:1c:18:fb:
                    2c:b6:6a:ac:99:11:26:8f:53:b4:11:17:30:89:53:
                    70:43:a6:7a:b1:a0:d6:7b:21:06:ac:07:0b:4d:09:
                    a8:90:ff:6c:56:7e:6b:e2:b6:d0:6a:cd:a7:fc:85:
                    dd:57:24:f4:c5:e2:63:fb:35:45:cb:4c:53:ab:5a:
                    7c:ba:f0:62:e7:99:81:46:91:9c:ac:cd:83:b6:5e:
                    b2:0b:f6:e6:32:b8:52:5e:2a:9c:33:27:46:34:be:
                    c7:21:01:22:b7:26:aa:98:04:8b:b9:0a:39:f8:de:
                    4e:72:d9:37:9a:5f:fa:af:83:82:3d:34:6c:05:e1:
                    d3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:88:35:A7:BA:14:DE:B6:29:FA:37:7B:EC:EE:42:88:38:F2:21:D3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/13f5f01a-ab8f-4788-ba91-6bc86de44e18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafe:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         30:9b:44:16:d4:a0:bb:47:01:eb:5e:f0:8d:de:c9:52:1b:a3:
         95:d7:e0:99:b8:aa:a1:68:55:2a:95:de:e8:c7:35:87:a7:0a:
         ed:27:d4:51:19:54:0f:92:17:fb:7e:e7:b3:81:72:78:0d:6e:
         15:88:be:0b:64:11:6d:54:79:9a:9e:8e:80:e4:1f:e6:4b:7f:
         b3:b3:0f:bd:8b:02:1d:f0:00:b0:e1:0a:dc:fa:6b:8e:36:10:
         99:bd:06:24:1e:8a:8d:52:da:cd:6a:bc:b4:bf:6c:fe:e8:19:
         1a:f6:d8:3d:64:b1:7a:a9:26:cc:94:ed:88:11:d3:f5:b7:be:
         c1:fa:02:e5:c4:dc:dc:b6:6a:a1:ec:54:91:81:a9:e9:9e:c8:
         fa:c2:b2:5c:88:ed:bf:90:44:a5:6e:aa:54:80:d5:2c:bd:e3:
         6e:81:60:2f:e6:b6:4f:a7:c9:9c:38:44:b5:21:59:f1:e3:b4:
         5b:49:eb:4b:6b:bc:9c:a7:ad:97:c0:ae:1d:6c:f3:73:90:f1:
         09:5c:81:91:72:f2:3d:56:52:74:3e:d1:b3:21:55:2b:d5:1f:
         7b:d7:f0:19:bf:f5:e7:a8:f1:1b:8c:9c:a8:ae:51:b5:1d:71:
         b7:c9:41:72:67:8c:6f:24:c5:f7:32:26:c6:d4:b1:4b:83:c4:
         e3:a1:f9:93
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUYzcCXkfTDBD5hZHGmyoYHANcz/kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAYjE0YmMwMjJiYjhjYzMzNmNhNWQy
ZWU2NTYzY2U0ZDE0ZWVmNjMwM2QzZTcyMWQ5NDZhYzhkZWRmYWRhZDBiYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiw45vMfJPcQpm2cCpkc6ulV0eium
59tiLIbVJ81GBY9PytO/J221s5lS1P9UIzz2FfVHVBjRsBYiMjj6w+Q4hSmfA4Q2
rsmE0b0yPys2OFef95U1ZYFFPQMuGd7A5l5AzsFpynESn7s+ivKSbGj1mB1iepZL
7+ATxGPRMzrJ3ypc9OkcGPsstmqsmREmj1O0ERcwiVNwQ6Z6saDWeyEGrAcLTQmo
kP9sVn5r4rbQas2n/IXdVyT0xeJj+zVFy0xTq1p8uvBi55mBRpGcrM2Dtl6yC/bm
MrhSXiqcMydGNL7HIQEityaqmASLuQo5+N5Octk3ml/6r4OCPTRsBeHTHwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBeINae6FN62Kfo3e+zuQog48iHTMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzEzZjVmMDFhLWFiOGYtNDc4OC1iYTkxLTZiYzg2ZGU0NGUxOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/pAwDQYJKoZIhvcNAQELBQADggEBADCbRBbUoLtHAete8I3e
yVIbo5XX4Jm4qqFoVSqV3ujHNYenCu0n1FEZVA+SF/t+57OBcngNbhWIvgtkEW1U
eZqejoDkH+ZLf7OzD72LAh3wALDhCtz6a442EJm9BiQeio1S2s1qvLS/bP7oGRr2
2D1ksXqpJsyU7YgR0/W3vsH6AuXE3Ny2aqHsVJGBqemeyPrCslyI7b+QRKVuqlSA
1Sy9426BYC/mtk+nyZw4RLUhWfHjtFtJ60trvJynrZfArh1s83OQ8QlcgZFy8j1W
UnQ+0bMhVSvVH3vX8Bm/9eeo8RuMnKiuUbUdcbfJQXJnjG8kxfcyJsbUsUuDxOOh
+ZM=
-----END CERTIFICATE-----
Generated at Fri Jun 21 01:18:44 2024 by rpki-client on console-fra.rpki-client.org