Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25baa77a-b09f-47d1-b869-2a366621789a.roa
File:                     25baa77a-b09f-47d1-b869-2a366621789a.roa (raw, json)
Hash identifier:          39J8MwVa+ZaDeSDcxXxE+FPlBFjYf9142fZR45pDDP0=
Subject key identifier:   C5:2A:3A:75:88:E9:3D:E7:DC:E5:1D:52:E5:17:81:77:49:1C:A0:34
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5DFE4F032F0DD0FA1788CBD6BC2E6E1B0C2CD758
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25baa77a-b09f-47d1-b869-2a366621789a.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 25 Jun 2024 00:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:fe:4f:03:2f:0d:d0:fa:17:88:cb:d6:bc:2e:6e:1b:0c:2c:d7:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=74a80cb02fde910f5782fdeaaa22e2e6553173128bc782b282143304d8e88c26, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:85:19:a4:e6:a5:fc:ae:67:d7:5b:39:3f:b9:
                    65:ff:a4:f7:74:bd:10:b5:77:84:15:9d:cd:84:ae:
                    f5:57:28:bb:92:98:8c:7d:8b:80:8b:e1:24:b5:f6:
                    d3:ad:4b:86:ba:cb:3b:49:f4:ae:dd:3e:50:00:fb:
                    77:28:c9:d5:a0:4d:55:16:c3:a5:97:14:9d:97:7d:
                    c6:b6:7b:d6:b2:48:1e:3d:62:a9:97:03:48:b3:b0:
                    d1:4e:33:b9:0c:be:15:17:a9:cb:3a:f9:72:f3:fd:
                    1d:2f:36:58:90:e8:52:01:21:56:48:9d:32:3b:63:
                    c1:fa:3d:7f:44:43:4f:73:4b:4c:0c:6b:b2:6a:17:
                    3f:9c:a7:32:d1:d5:b6:41:90:7c:f6:e3:33:9a:9a:
                    47:11:26:6c:80:bd:4e:bf:9e:b4:e1:a6:04:2b:87:
                    93:12:b3:48:d1:ff:2d:9f:1f:67:af:f5:7c:1f:c2:
                    f8:41:27:93:e2:cc:67:ae:c8:a8:b2:f8:18:0c:ad:
                    d1:de:9f:ea:5d:90:ec:e3:97:6b:40:81:76:28:ae:
                    a0:c7:df:9b:85:db:c6:7b:68:d5:b2:5c:99:38:63:
                    7e:b8:03:f0:1d:ce:11:fb:ad:f8:8c:69:22:82:eb:
                    1d:28:07:5e:dc:f6:82:c2:e1:0f:94:e4:6c:9a:b3:
                    2e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2A:3A:75:88:E9:3D:E7:DC:E5:1D:52:E5:17:81:77:49:1C:A0:34
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/25baa77a-b09f-47d1-b869-2a366621789a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c0:c2:4a:9e:2c:3e:42:17:9f:11:f8:ec:bb:18:4b:3f:2b:0f:
         e7:1e:04:04:29:4d:c4:b3:bb:8e:e2:33:39:d1:98:d8:28:b5:
         21:03:c2:cf:8a:a7:0f:99:ef:df:4c:91:a7:8b:bf:be:a6:9e:
         23:4a:25:f8:e9:21:5e:eb:db:3f:67:84:b8:b4:98:cb:6d:4a:
         b5:5d:ca:30:98:9c:bc:73:4c:d3:43:ef:58:72:8c:a4:93:82:
         b0:7a:50:c6:c8:e8:45:ee:8b:ed:c5:9d:0c:74:11:4f:7b:9a:
         50:1d:b7:87:1f:27:14:b7:ba:e1:99:d0:2f:65:0e:51:c0:63:
         d5:7b:ac:12:cc:e5:b2:44:1c:08:11:6f:c2:93:cc:f1:6e:b7:
         af:68:a7:5f:71:91:47:aa:9e:1e:db:56:30:41:c8:07:24:da:
         c2:21:cc:0c:30:f1:ca:f4:ac:8e:2c:e7:ca:07:53:21:9c:3a:
         91:7b:6f:07:57:b3:c3:9d:3e:85:8c:ea:af:3f:4c:8d:a1:be:
         43:a3:ab:2a:43:93:0d:22:f7:60:af:3c:4e:a3:c0:e5:80:07:
         5a:98:cf:43:c7:08:6d:87:64:87:33:c2:ee:a3:4b:2b:1c:09:
         e6:74:ab:9b:c9:ed:2d:cf:d3:30:ca:f5:3d:72:23:f0:75:bf:
         21:20:33:87
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUXf5PAy8N0PoXiMvWvC5uGwws11gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNANzRhODBjYjAyZmRlOTEwZjU3ODJm
ZGVhYWEyMmUyZTY1NTMxNzMxMjhiYzc4MmIyODIxNDMzMDRkOGU4OGMyNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoUZpOal/K5n11s5P7ll/6T3dL0Q
tXeEFZ3NhK71Vyi7kpiMfYuAi+EktfbTrUuGuss7SfSu3T5QAPt3KMnVoE1VFsOl
lxSdl33GtnvWskgePWKplwNIs7DRTjO5DL4VF6nLOvly8/0dLzZYkOhSASFWSJ0y
O2PB+j1/RENPc0tMDGuyahc/nKcy0dW2QZB89uMzmppHESZsgL1Ov5604aYEK4eT
ErNI0f8tnx9nr/V8H8L4QSeT4sxnrsiosvgYDK3R3p/qXZDs45drQIF2KK6gx9+b
hdvGe2jVslyZOGN+uAPwHc4R+634jGkigusdKAde3PaCwuEPlORsmrMudQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMUqOnWI6T3n3OUdUuUXgXdJHKA0MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI1YmFhNzdhLWIwOWYtNDdkMS1iODY5LTJhMzY2NjIxNzg5YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/EAwDQYJKoZIhvcNAQELBQADggEBAMDCSp4sPkIXnxH47LsY
Sz8rD+ceBAQpTcSzu47iMznRmNgotSEDws+Kpw+Z799MkaeLv76mniNKJfjpIV7r
2z9nhLi0mMttSrVdyjCYnLxzTNND71hyjKSTgrB6UMbI6EXui+3FnQx0EU97mlAd
t4cfJxS3uuGZ0C9lDlHAY9V7rBLM5bJEHAgRb8KTzPFut69op19xkUeqnh7bVjBB
yAck2sIhzAww8cr0rI4s58oHUyGcOpF7bwdXs8OdPoWM6q8/TI2hvkOjqypDkw0i
92CvPE6jwOWAB1qYz0PHCG2HZIczwu6jSyscCeZ0q5vJ7S3P0zDK9T1yI/B1vyEg
M4c=
-----END CERTIFICATE-----
Generated at Fri Jun 21 01:45:38 2024 by rpki-client on console-ams.rpki-client.org