Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1df0543c-4352-44e4-aa97-4a21236b6215.roa
File:                     1df0543c-4352-44e4-aa97-4a21236b6215.roa (raw, json)
Hash identifier:          hDFMHlIWTqWPfDo42MIPCvt1MUTemX+ci3CvG8zd2XM=
Subject key identifier:   BF:05:58:1E:E2:47:0D:67:5F:1E:A8:82:15:69:90:54:51:3B:B9:BD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1CA6889D7572A58E4B2E56D79E87C240165322AB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1df0543c-4352-44e4-aa97-4a21236b6215.roa
Signing time:             Tue 25 Jun 2024 00:00:00 +0000
ROA not before:           Tue 25 Jun 2024 00:00:00 +0000
ROA not after:            Tue 30 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:a6:88:9d:75:72:a5:8e:4b:2e:56:d7:9e:87:c2:40:16:53:22:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 25 00:00:00 2024 GMT
            Not After : Jul 30 23:59:59 2024 GMT
        Subject: serialNumber=bf61e0d6648c064b14e7e80c1177d7eac3aef2db45e68180dce13fe67dadad1c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:82:7f:2f:91:89:ce:8e:97:11:75:80:3c:a7:
                    f1:02:5a:f6:2a:11:a7:87:0b:d5:a3:58:a0:84:22:
                    86:a2:ee:5a:8a:db:57:c1:e7:78:67:ba:9c:3c:0d:
                    2a:4c:95:16:d4:50:e9:44:8a:9a:89:7c:91:60:bb:
                    36:98:cb:ef:47:52:9d:a2:a9:9a:49:ea:b3:8f:9e:
                    cb:d3:a4:b9:28:8b:39:a8:03:9f:c9:ee:69:8a:c1:
                    f4:73:2d:ec:eb:f6:53:c6:46:cf:1a:c6:48:87:a2:
                    24:5f:39:dc:2b:7b:cb:f8:08:2a:d5:cb:03:91:cd:
                    23:cc:95:c8:90:38:ec:9d:e1:f0:77:f6:60:16:6e:
                    c1:d9:1d:a7:8a:3a:e7:81:30:c4:a7:17:21:b6:f3:
                    6b:90:f4:05:13:56:69:e4:95:84:d9:e2:b5:a2:7b:
                    aa:d3:98:94:b2:08:cb:08:a3:7d:1b:83:cf:02:ce:
                    44:05:ed:af:7b:d7:f5:d0:e1:69:53:07:80:ca:8d:
                    0e:31:32:aa:3f:2c:71:48:e9:54:47:39:97:59:74:
                    83:5a:64:5e:f1:3a:a2:be:06:51:45:82:63:84:5c:
                    9c:49:27:95:02:ee:ea:04:94:d5:1a:cf:08:85:fa:
                    48:36:23:5e:54:30:7f:c9:d2:45:7d:75:73:22:8a:
                    31:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:05:58:1E:E2:47:0D:67:5F:1E:A8:82:15:69:90:54:51:3B:B9:BD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1df0543c-4352-44e4-aa97-4a21236b6215.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:2e:bd:34:e3:d7:95:0e:b0:89:cc:81:60:3d:f7:ee:3c:0e:
         e5:7c:1a:86:50:83:58:56:67:d3:7e:39:76:89:a6:05:51:78:
         04:b8:38:8a:87:ba:0d:84:7f:e1:2b:34:2a:32:b5:bb:2f:e2:
         e5:e0:3d:3d:79:14:41:90:ca:6f:7c:1e:48:31:6c:55:3e:5e:
         55:23:63:03:c1:2e:19:ed:46:3f:0a:5d:92:68:8f:62:9c:3d:
         19:86:4b:8e:bb:58:b1:fd:ef:31:f4:9a:06:43:8d:bc:d7:d8:
         57:19:35:58:00:e5:c5:d7:59:3b:f5:47:b9:50:c6:c4:0b:bf:
         35:08:6e:8a:26:1d:06:4f:05:22:d0:7d:fc:df:88:11:0a:7d:
         e4:56:e9:43:dc:43:c0:15:e0:86:23:21:4f:75:63:34:59:22:
         8d:42:f1:57:2c:de:48:77:1e:4e:51:60:72:ab:ca:03:3f:23:
         1b:00:c4:e2:ce:ea:b9:93:e2:23:3a:22:b6:36:4b:67:57:2f:
         3e:0b:8e:ed:19:2a:a5:3a:86:54:88:85:e1:53:1a:02:ca:2f:
         0a:5f:87:f5:cd:5c:eb:a5:63:94:bd:31:86:39:1c:b8:4f:6d:
         e8:b7:83:04:95:d4:70:6d:41:9f:6b:3a:aa:05:bc:53:2f:c8:
         b0:a5:2d:44
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUHKaInXVypY5LLlbXnofCQBZTIqswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyNTAwMDAwMFoX
DTI0MDczMDIzNTk1OVowejFJMEcGA1UEBRNAYmY2MWUwZDY2NDhjMDY0YjE0ZTdl
ODBjMTE3N2Q3ZWFjM2FlZjJkYjQ1ZTY4MTgwZGNlMTNmZTY3ZGFkYWQxYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IJ/L5GJzo6XEXWAPKfxAlr2KhGn
hwvVo1ighCKGou5aittXwed4Z7qcPA0qTJUW1FDpRIqaiXyRYLs2mMvvR1Kdoqma
Seqzj57L06S5KIs5qAOfye5pisH0cy3s6/ZTxkbPGsZIh6IkXzncK3vL+Agq1csD
kc0jzJXIkDjsneHwd/ZgFm7B2R2nijrngTDEpxchtvNrkPQFE1Zp5JWE2eK1onuq
05iUsgjLCKN9G4PPAs5EBe2ve9f10OFpUweAyo0OMTKqPyxxSOlURzmXWXSDWmRe
8TqivgZRRYJjhFycSSeVAu7qBJTVGs8IhfpINiNeVDB/ydJFfXVzIooxNQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL8FWB7iRw1nXx6oghVpkFRRO7m9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzFkZjA1NDNjLTQzNTItNDRlNC1hYTk3LTRhMjEyMzZiNjIxNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYIAwDQYJKoZIhvcNAQELBQADggEBAMMuvTTj15UOsInMgWA9
9+48DuV8GoZQg1hWZ9N+OXaJpgVReAS4OIqHug2Ef+ErNCoytbsv4uXgPT15FEGQ
ym98HkgxbFU+XlUjYwPBLhntRj8KXZJoj2KcPRmGS467WLH97zH0mgZDjbzX2FcZ
NVgA5cXXWTv1R7lQxsQLvzUIboomHQZPBSLQffzfiBEKfeRW6UPcQ8AV4IYjIU91
YzRZIo1C8Vcs3kh3Hk5RYHKrygM/IxsAxOLO6rmT4iM6IrY2S2dXLz4Lju0ZKqU6
hlSIheFTGgLKLwpfh/XNXOulY5S9MYY5HLhPbei3gwSV1HBtQZ9rOqoFvFMvyLCl
LUQ=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:56:53 2024 by rpki-client on console-ams.rpki-client.org