Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1b37db1b-9168-4013-90fd-5f16557b73d7.roa
File:                     1b37db1b-9168-4013-90fd-5f16557b73d7.roa (raw, json)
Hash identifier:          gEdnZjC0HMzdzybEfqjleSe+KPK4PO3rnJ+rEUsu8Ng=
Subject key identifier:   97:20:19:86:36:9A:6C:C8:15:7E:0C:60:07:F6:B6:76:52:29:2A:79
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4726394C00827037B89F0FDE841A16AD8591D1D4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1b37db1b-9168-4013-90fd-5f16557b73d7.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf5:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:26:39:4c:00:82:70:37:b8:9f:0f:de:84:1a:16:ad:85:91:d1:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=f0db85a70de4addd116c59c18f8722d352d88d443f6e5c45bec31eaad2999f9f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b7:6e:0d:c0:7b:95:d7:5d:6f:7d:68:b0:ec:
                    60:4d:4c:e7:7e:20:4a:85:6f:9d:34:83:1a:d3:8c:
                    fa:fe:37:05:2a:0a:42:73:6b:8e:f7:d8:94:ee:8d:
                    43:66:40:14:ac:8b:49:23:83:bf:96:cc:cc:32:7c:
                    0e:d3:2e:62:6c:29:dc:08:3e:31:b1:e7:fe:1b:68:
                    4d:b2:01:bc:22:5f:65:ef:1a:92:0b:61:ef:d2:45:
                    e3:87:90:be:f7:21:8e:03:63:68:4f:fa:38:70:ca:
                    04:c9:a3:3b:2d:9c:06:0b:95:7e:0d:83:10:45:b0:
                    7f:58:24:81:62:ce:9f:79:c8:81:d1:2e:fb:b4:5e:
                    ba:de:dd:11:6b:b4:bd:87:81:eb:2c:76:a8:d8:93:
                    e8:5d:40:be:dc:ab:47:75:9b:7e:05:f1:81:78:40:
                    c2:1c:b7:8d:45:d9:b8:f6:44:e5:90:c1:28:9f:11:
                    59:e0:b8:ea:49:f5:ae:5f:d0:13:5c:ba:0e:ae:1c:
                    20:b1:39:2e:57:e9:3d:ab:09:2d:69:81:04:14:c4:
                    d1:5c:67:58:fd:cf:3e:c3:d0:7e:e0:53:70:7a:c4:
                    27:78:f8:04:3e:9d:87:56:17:28:99:dd:c7:f4:1e:
                    a8:00:ec:02:67:97:e9:d2:71:97:e7:90:55:c0:29:
                    15:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:20:19:86:36:9A:6C:C8:15:7E:0C:60:07:F6:B6:76:52:29:2A:79
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1b37db1b-9168-4013-90fd-5f16557b73d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf5:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         53:dc:a8:e2:0d:16:b9:11:df:00:b9:14:8b:d4:47:22:b7:1a:
         7d:8e:c6:7e:9e:e4:1d:b7:cc:89:33:38:f0:a7:81:c4:1b:ec:
         0b:9a:fd:02:a8:5c:ff:c3:de:76:80:ce:62:d7:ca:5b:06:11:
         b3:ff:3c:60:1b:e0:be:68:02:78:9d:c1:79:cd:bc:63:69:48:
         c1:9b:28:f9:38:5d:88:0e:dc:e4:7a:15:06:d6:7d:44:13:a4:
         b0:bc:76:c6:f9:43:17:08:ea:c6:13:43:b0:df:19:dd:83:1d:
         00:80:b7:67:ab:d0:64:2b:7d:b5:3d:e8:db:0a:47:db:b1:0f:
         c1:e6:6a:2b:d9:c8:b5:17:e7:61:38:70:8f:ad:ec:d7:45:ef:
         75:0b:a8:f4:8f:7c:d3:81:b1:c0:b0:10:b0:7b:d2:1a:f6:f9:
         8a:48:f7:ae:b3:6e:ff:31:fa:44:a2:85:f6:8c:a7:9e:cd:26:
         41:55:8c:16:bd:47:c1:82:e6:e9:c4:f3:ad:99:63:67:73:83:
         f8:c6:39:14:ef:12:c2:73:2a:f3:95:c7:44:df:71:3b:30:a4:
         59:cd:30:73:02:19:a3:74:a5:b2:a9:ba:d0:82:96:73:c0:b7:
         94:fc:89:b4:d7:2c:d3:4c:1d:e7:b7:ea:fe:55:19:0f:83:23:
         e2:2c:99:3e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIURyY5TACCcDe4nw/ehBoWrYWR0dQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNAZjBkYjg1YTcwZGU0YWRkZDExNmM1
OWMxOGY4NzIyZDM1MmQ4OGQ0NDNmNmU1YzQ1YmVjMzFlYWFkMjk5OWY5ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbduDcB7ldddb31osOxgTUznfiBK
hW+dNIMa04z6/jcFKgpCc2uO99iU7o1DZkAUrItJI4O/lszMMnwO0y5ibCncCD4x
sef+G2hNsgG8Il9l7xqSC2Hv0kXjh5C+9yGOA2NoT/o4cMoEyaM7LZwGC5V+DYMQ
RbB/WCSBYs6feciB0S77tF663t0Ra7S9h4HrLHao2JPoXUC+3KtHdZt+BfGBeEDC
HLeNRdm49kTlkMEonxFZ4LjqSfWuX9ATXLoOrhwgsTkuV+k9qwktaYEEFMTRXGdY
/c8+w9B+4FNwesQnePgEPp2HVhcomd3H9B6oAOwCZ5fp0nGX55BVwCkVMwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJcgGYY2mmzIFX4MYAf2tnZSKSp5MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzFiMzdkYjFiLTkxNjgtNDAxMy05MGZkLTVmMTY1NTdiNzNkNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9RAwDQYJKoZIhvcNAQELBQADggEBAFPcqOINFrkR3wC5FIvU
RyK3Gn2Oxn6e5B23zIkzOPCngcQb7Aua/QKoXP/D3naAzmLXylsGEbP/PGAb4L5o
AnidwXnNvGNpSMGbKPk4XYgO3OR6FQbWfUQTpLC8dsb5QxcI6sYTQ7DfGd2DHQCA
t2er0GQrfbU96NsKR9uxD8HmaivZyLUX52E4cI+t7NdF73ULqPSPfNOBscCwELB7
0hr2+YpI966zbv8x+kSihfaMp57NJkFVjBa9R8GC5unE862ZY2dzg/jGORTvEsJz
KvOVx0TfcTswpFnNMHMCGaN0pbKputCClnPAt5T8ibTXLNNMHee36v5VGQ+DI+Is
mT4=
-----END CERTIFICATE-----
Generated at Tue Jun 25 00:53:09 2024 by rpki-client on console-ams.rpki-client.org