Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1df0543c-4352-44e4-aa97-4a21236b6215.roa
File:                     1df0543c-4352-44e4-aa97-4a21236b6215.roa (raw, json)
Hash identifier:          6kF2ChhH/jgI/zi6GKNHaYFjd2MMql5Y14d4Tn/t+v0=
Subject key identifier:   59:21:64:C4:2B:96:69:E9:EF:21:85:FF:A5:6B:89:71:A4:F2:C4:6E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       23E641F327B70088A8C9195F3A88E20458666E2E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1df0543c-4352-44e4-aa97-4a21236b6215.roa
Signing time:             Sat 16 Mar 2024 00:00:00 +0000
ROA not before:           Sat 16 Mar 2024 00:00:00 +0000
ROA not after:            Sat 20 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:e6:41:f3:27:b7:00:88:a8:c9:19:5f:3a:88:e2:04:58:66:6e:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 16 00:00:00 2024 GMT
            Not After : Apr 20 23:59:59 2024 GMT
        Subject: serialNumber=db102a7c4b8a0b37c58cc119c21231e2b61c1ed9fa4e77ca67baddf8d8857cf0, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:07:08:9f:59:73:52:cd:6d:f1:04:46:f6:ea:
                    6e:84:ab:f9:8e:66:b7:7a:6f:30:ed:30:96:8a:36:
                    fa:ec:bc:f1:67:3d:d1:83:0a:32:aa:9b:cd:ba:1a:
                    6b:97:bb:81:14:98:b5:c2:b8:3b:ae:13:d9:27:8a:
                    34:8a:32:d5:8e:e9:1d:e1:d3:f8:e8:19:af:f1:54:
                    1c:01:3d:65:39:e3:7c:5d:26:46:65:24:fe:3a:b3:
                    fc:ab:a5:a7:7e:09:67:4e:4f:aa:13:ab:e6:9b:34:
                    8c:8b:62:53:2d:a2:46:5a:de:0d:99:97:20:32:f5:
                    24:e6:54:74:0b:74:43:16:37:63:ec:17:8f:36:84:
                    ef:89:5c:c6:8b:bb:0b:7d:f4:ae:45:4e:48:8a:dd:
                    66:df:47:26:55:87:d3:3e:ee:ad:ab:9f:b1:e5:0c:
                    fe:95:27:7a:ab:51:e0:b5:71:85:d3:3e:fa:50:71:
                    3e:ec:79:87:8c:01:a1:1d:67:a1:da:82:0d:44:4c:
                    66:25:39:8c:03:6f:3c:6e:7f:91:67:dd:14:3d:c0:
                    d1:1d:dd:54:08:06:1d:8a:fc:b5:2f:f6:74:c6:3e:
                    e8:bf:8b:23:49:55:cd:82:16:1e:6f:5e:26:44:76:
                    b9:24:dc:5e:c3:15:57:a3:a4:92:32:8c:e8:13:9d:
                    15:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:21:64:C4:2B:96:69:E9:EF:21:85:FF:A5:6B:89:71:A4:F2:C4:6E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1df0543c-4352-44e4-aa97-4a21236b6215.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         69:5e:4f:e6:38:98:05:7b:6a:4f:d4:37:62:25:4c:2a:00:30:
         a4:be:a3:d7:ef:39:a3:b1:b8:24:4d:eb:81:dd:f3:b2:7c:9d:
         65:3b:e2:e8:5c:7b:b1:bc:0a:19:00:56:fc:b2:d1:93:95:bf:
         01:ad:a5:2c:3f:41:7a:ea:b8:06:d2:a2:f8:1b:36:81:08:d9:
         09:b6:e0:f7:57:7f:63:d1:73:00:d9:31:51:dc:ac:79:40:0a:
         e9:1c:5b:79:ce:c6:fc:9d:01:70:64:c6:18:32:43:26:6a:22:
         8a:40:96:18:d5:66:1b:3f:d5:7d:8b:80:c0:6e:73:29:64:e5:
         5d:b1:b3:51:df:6c:71:4c:5d:69:ac:97:48:a3:4a:0b:f8:98:
         7d:aa:5e:73:02:5b:eb:0a:ff:a4:fd:43:00:23:03:1d:a7:80:
         23:a3:9d:66:59:7b:9b:4c:45:16:77:fa:a8:c0:d9:3c:28:3c:
         4a:9f:8c:78:a0:13:13:3e:7c:cc:5c:6f:a8:9b:11:ab:aa:9d:
         28:55:88:2f:11:6e:59:3b:59:76:b1:bd:98:6e:55:0d:db:84:
         67:88:0e:a6:6c:84:7b:42:0d:fa:be:2c:a3:4d:a3:18:fa:bb:
         51:44:ea:74:7f:7c:92:b5:da:19:9a:0a:3e:fc:5e:9f:61:40:
         d9:ce:fe:ed
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUI+ZB8ye3AIioyRlfOojiBFhmbi4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDMxNjAwMDAwMFoX
DTI0MDQyMDIzNTk1OVowejFJMEcGA1UEBRNAZGIxMDJhN2M0YjhhMGIzN2M1OGNj
MTE5YzIxMjMxZTJiNjFjMWVkOWZhNGU3N2NhNjdiYWRkZjhkODg1N2NmMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQcIn1lzUs1t8QRG9upuhKv5jma3
em8w7TCWijb67LzxZz3RgwoyqpvNuhprl7uBFJi1wrg7rhPZJ4o0ijLVjukd4dP4
6Bmv8VQcAT1lOeN8XSZGZST+OrP8q6WnfglnTk+qE6vmmzSMi2JTLaJGWt4NmZcg
MvUk5lR0C3RDFjdj7BePNoTviVzGi7sLffSuRU5Iit1m30cmVYfTPu6tq5+x5Qz+
lSd6q1HgtXGF0z76UHE+7HmHjAGhHWeh2oINRExmJTmMA288bn+RZ90UPcDRHd1U
CAYdivy1L/Z0xj7ov4sjSVXNghYeb14mRHa5JNxewxVXo6SSMozoE50VxwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFkhZMQrlmnp7yGF/6VriXGk8sRuMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzFkZjA1NDNjLTQzNTItNDRlNC1hYTk3LTRhMjEyMzZiNjIxNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYIAwDQYJKoZIhvcNAQELBQADggEBAGleT+Y4mAV7ak/UN2Il
TCoAMKS+o9fvOaOxuCRN64Hd87J8nWU74uhce7G8ChkAVvyy0ZOVvwGtpSw/QXrq
uAbSovgbNoEI2Qm24PdXf2PRcwDZMVHcrHlACukcW3nOxvydAXBkxhgyQyZqIopA
lhjVZhs/1X2LgMBucylk5V2xs1HfbHFMXWmsl0ijSgv4mH2qXnMCW+sK/6T9QwAj
Ax2ngCOjnWZZe5tMRRZ3+qjA2TwoPEqfjHigExM+fMxcb6ibEauqnShViC8Rblk7
WXaxvZhuVQ3bhGeIDqZshHtCDfq+LKNNoxj6u1FE6nR/fJK12hmaCj78Xp9hQNnO
/u0=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:16:50 2024 by rpki-client on console-ams.rpki-client.org