Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/26852de8-0947-45cf-8a8d-dd2044b222d0.roa
File:                     26852de8-0947-45cf-8a8d-dd2044b222d0.roa (raw, json)
Hash identifier:          NLg5gs5BN8XzwbWN6MS9+wUEPUFljlc+NjNDJc5wX08=
Subject key identifier:   39:8A:3E:FC:24:58:1C:11:57:AE:8A:8B:05:14:B3:E7:27:A8:10:1F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       286EAA510AFB5CDFBAC8E8B9CDEEFA5B303FF586
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/26852de8-0947-45cf-8a8d-dd2044b222d0.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf0:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:6e:aa:51:0a:fb:5c:df:ba:c8:e8:b9:cd:ee:fa:5b:30:3f:f5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=26d7c40ef76b8cd28a352c150a86ea3e8c00ec24185981387a66d791e7bd98c5, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d5:06:d2:f0:cf:5a:dc:08:49:ac:05:3a:a3:
                    1d:66:b8:da:25:46:d2:28:c1:6d:cd:9e:4e:e6:2d:
                    b8:41:be:ed:c6:15:16:62:f1:d1:9e:b4:0b:38:75:
                    d0:40:2b:3e:68:18:04:93:ad:2a:ce:62:55:ee:5e:
                    5c:49:dd:ba:30:68:bb:b1:1b:0f:ba:62:25:4e:36:
                    97:48:59:4d:6b:c1:1c:db:39:f9:cd:a5:87:b1:6d:
                    a0:22:bf:3b:1e:19:d0:99:90:31:45:87:40:b6:b7:
                    21:da:1c:1b:f0:a2:b8:47:82:c9:a0:27:88:dd:60:
                    42:e9:e6:c1:61:96:7f:62:99:e6:c9:42:64:cf:57:
                    46:10:cc:b0:b2:e6:15:e7:bf:39:1b:d4:a3:73:5e:
                    29:8f:2b:79:81:4c:26:17:6b:42:d7:8f:99:2c:7c:
                    21:18:de:8f:fe:c8:ce:d2:d1:82:0d:83:e2:de:a1:
                    88:8f:f0:da:f9:9a:c4:7f:f9:f8:05:cb:10:a4:59:
                    77:56:59:34:83:93:e6:cd:b1:eb:73:15:e6:c8:0a:
                    2c:8c:7d:2e:d6:11:61:33:d9:89:ea:92:38:19:60:
                    f9:e6:53:70:f6:c1:12:ba:a7:6c:d9:b2:e9:b0:8e:
                    17:e0:99:2f:cd:4e:c1:33:b2:58:c0:40:8a:92:f5:
                    d7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:8A:3E:FC:24:58:1C:11:57:AE:8A:8B:05:14:B3:E7:27:A8:10:1F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/26852de8-0947-45cf-8a8d-dd2044b222d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf0:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         bb:26:b6:96:89:57:90:50:11:08:7d:9e:33:c2:a5:8c:ff:af:
         8b:52:8d:33:22:fe:6e:56:c9:69:b0:bf:65:ea:c6:7d:3b:32:
         80:02:50:e6:cf:2a:41:69:7e:f2:dd:e9:75:30:ec:3b:44:2f:
         7d:07:56:cb:12:76:db:7f:d5:01:41:01:93:aa:f3:22:94:03:
         02:00:4f:c0:2f:c5:29:d9:90:11:e7:5a:ad:36:12:a0:e1:cd:
         be:c5:c5:66:5d:24:0a:37:2c:d8:0d:aa:99:74:38:f2:71:1e:
         77:d8:bf:70:59:c5:37:d1:fd:18:52:ef:cb:da:dc:e8:61:00:
         b9:1b:f8:73:4c:a6:ca:4d:f2:22:79:50:09:aa:c7:43:ac:d6:
         3f:74:1b:01:92:5a:9d:d2:7c:99:a5:c0:f7:ed:fa:17:67:06:
         16:b1:23:fc:13:47:e2:c7:5e:5c:44:2f:bf:5f:47:81:13:4f:
         d9:1b:8d:6f:34:10:40:78:58:db:c2:c8:f0:00:2c:12:71:fc:
         26:2f:1b:13:43:f2:a7:48:77:7b:a2:43:cf:5c:a6:71:10:2a:
         88:8e:45:84:fb:c5:47:bb:0c:c7:3b:65:e9:a0:f7:0f:22:3a:
         24:bf:e5:cf:2f:8d:ba:f4:a1:0b:2d:1d:eb:dd:23:01:1c:51:
         71:79:2b:7a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUKG6qUQr7XN+6yOi5ze76WzA/9YYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAMjZkN2M0MGVmNzZiOGNkMjhhMzUy
YzE1MGE4NmVhM2U4YzAwZWMyNDE4NTk4MTM4N2E2NmQ3OTFlN2JkOThjNTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNUG0vDPWtwISawFOqMdZrjaJUbS
KMFtzZ5O5i24Qb7txhUWYvHRnrQLOHXQQCs+aBgEk60qzmJV7l5cSd26MGi7sRsP
umIlTjaXSFlNa8Ec2zn5zaWHsW2gIr87HhnQmZAxRYdAtrch2hwb8KK4R4LJoCeI
3WBC6ebBYZZ/YpnmyUJkz1dGEMywsuYV5785G9Sjc14pjyt5gUwmF2tC14+ZLHwh
GN6P/sjO0tGCDYPi3qGIj/Da+ZrEf/n4BcsQpFl3Vlk0g5PmzbHrcxXmyAosjH0u
1hFhM9mJ6pI4GWD55lNw9sESuqds2bLpsI4X4JkvzU7BM7JYwECKkvXXZwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDmKPvwkWBwRV66KiwUUs+cnqBAfMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI2ODUyZGU4LTA5NDctNDVjZi04YThkLWRkMjA0NGIyMjJkMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8LAwDQYJKoZIhvcNAQELBQADggEBALsmtpaJV5BQEQh9njPC
pYz/r4tSjTMi/m5WyWmwv2Xqxn07MoACUObPKkFpfvLd6XUw7DtEL30HVssSdtt/
1QFBAZOq8yKUAwIAT8AvxSnZkBHnWq02EqDhzb7FxWZdJAo3LNgNqpl0OPJxHnfY
v3BZxTfR/RhS78va3OhhALkb+HNMpspN8iJ5UAmqx0Os1j90GwGSWp3SfJmlwPft
+hdnBhaxI/wTR+LHXlxEL79fR4ETT9kbjW80EEB4WNvCyPAALBJx/CYvGxND8qdI
d3uiQ89cpnEQKoiORYT7xUe7DMc7Zemg9w8iOiS/5c8vjbr0oQstHevdIwEcUXF5
K3o=
-----END CERTIFICATE-----
Generated at Thu Jul 18 02:11:47 2024 by rpki-client on console-fra.rpki-client.org