Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/34315c91-143e-48d8-b654-b8332ff1ee53.roa
File:                     34315c91-143e-48d8-b654-b8332ff1ee53.roa (raw, json)
Hash identifier:          krehSYd/0lwcu5JVqo7JlaC6Zg63J8RkYSNVm32WK88=
Subject key identifier:   8B:C2:1C:B8:1D:7F:E1:80:2F:FD:80:1A:85:97:4A:4C:F7:BF:9F:18
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5FB7DACCA017A44933138661DF89ADF801CD4655
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/34315c91-143e-48d8-b654-b8332ff1ee53.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab8:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:b7:da:cc:a0:17:a4:49:33:13:86:61:df:89:ad:f8:01:cd:46:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=eb8f826ffb84679de035aed30ee7992f85ee4cc753af8f4c9f9287e82ccc4c9b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:39:de:d4:ab:24:d5:09:13:0d:ab:70:f3:71:
                    e0:6b:36:e6:9e:53:41:ab:1d:6b:f7:a0:f5:d9:2a:
                    fb:62:0a:cd:dd:d5:fe:d0:2c:4e:c7:a9:fa:20:af:
                    6c:ec:4a:7c:53:62:e3:0d:1d:a9:47:9f:4e:58:84:
                    f1:09:30:78:cd:40:60:df:76:a6:d3:13:ad:fb:2f:
                    24:cf:c3:52:0e:87:1e:98:38:46:69:cf:8f:67:1d:
                    87:5d:c8:72:ae:fa:46:13:96:b0:2f:88:05:a8:63:
                    33:f8:cc:e7:7d:d9:23:26:0c:16:45:27:9a:fa:30:
                    2f:f6:4f:93:a2:13:e7:c6:82:73:fc:61:b8:ca:20:
                    e9:31:6f:f7:8f:5c:60:6e:fe:8c:b7:3c:13:25:82:
                    93:bb:ee:58:c0:31:fc:ab:e8:e0:ab:d7:15:bc:f0:
                    ab:ba:c7:69:e3:a8:d0:39:ed:d0:46:72:95:bd:f4:
                    94:17:f4:8d:38:f3:8c:af:10:e8:23:2a:c7:25:da:
                    b1:16:49:2c:f5:c1:12:6d:42:bf:8c:b1:a1:99:33:
                    e6:df:9b:5a:14:0f:42:5b:32:d8:45:e4:89:8a:06:
                    5e:c3:1f:f3:cc:7b:b3:9e:7b:90:2b:5b:51:86:5d:
                    b3:8d:fa:cd:48:66:5d:3a:dd:7e:78:ca:94:e4:26:
                    3a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C2:1C:B8:1D:7F:E1:80:2F:FD:80:1A:85:97:4A:4C:F7:BF:9F:18
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/34315c91-143e-48d8-b654-b8332ff1ee53.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab8:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         bf:4e:6e:86:ea:64:58:b1:d4:36:dd:18:37:6e:54:55:f0:d1:
         fb:e3:28:6a:e3:a3:fa:6d:1e:c5:5a:ed:31:7a:52:93:24:39:
         58:f2:86:a1:30:00:f8:18:f5:7b:48:3c:b4:2e:5b:42:f2:f1:
         b1:4f:d9:7d:4c:3d:a1:3b:d2:39:f7:90:88:64:14:af:a3:26:
         74:1f:0f:b8:e4:c6:2d:5c:28:f3:96:5a:58:b8:db:01:96:50:
         f8:b3:fd:bc:af:fe:3c:b9:78:b2:d1:44:a0:34:90:4a:42:02:
         64:4f:6e:5d:f5:f5:bc:c9:bb:e9:8c:16:65:b3:7b:a9:97:1a:
         a6:0f:76:cf:68:0e:d1:37:e1:ca:72:6b:58:97:e8:7c:2f:4b:
         e3:20:0f:d3:01:66:58:d7:ad:f4:74:08:02:1a:f8:a7:e8:2d:
         b1:2c:73:98:44:51:92:8d:d3:f0:f3:1b:2e:65:47:f0:87:1f:
         5a:ff:dc:f0:23:e4:10:91:1d:e8:ad:b8:51:85:f8:8b:da:c5:
         82:34:b7:ad:db:a8:38:b4:f1:b7:be:33:1b:88:87:ac:0e:3f:
         26:da:1b:78:8f:19:a8:c9:70:c1:ea:59:d7:f9:c0:76:ad:fb:
         03:e1:dd:cc:55:e4:72:1c:cc:c1:6f:7f:d3:cc:76:e3:f8:02:
         aa:79:54:0d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUX7fazKAXpEkzE4Zh34mt+AHNRlUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNAZWI4ZjgyNmZmYjg0Njc5ZGUwMzVh
ZWQzMGVlNzk5MmY4NWVlNGNjNzUzYWY4ZjRjOWY5Mjg3ZTgyY2NjNGM5YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjne1Ksk1QkTDatw83HgazbmnlNB
qx1r96D12Sr7YgrN3dX+0CxOx6n6IK9s7Ep8U2LjDR2pR59OWITxCTB4zUBg33am
0xOt+y8kz8NSDocemDhGac+PZx2HXchyrvpGE5awL4gFqGMz+MznfdkjJgwWRSea
+jAv9k+TohPnxoJz/GG4yiDpMW/3j1xgbv6MtzwTJYKTu+5YwDH8q+jgq9cVvPCr
usdp46jQOe3QRnKVvfSUF/SNOPOMrxDoIyrHJdqxFkks9cESbUK/jLGhmTPm35ta
FA9CWzLYReSJigZewx/zzHuznnuQK1tRhl2zjfrNSGZdOt1+eMqU5CY6xQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIvCHLgdf+GAL/2AGoWXSkz3v58YMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM0MzE1YzkxLTE0M2UtNDhkOC1iNjU0LWI4MzMyZmYxZWU1My5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauKAwDQYJKoZIhvcNAQELBQADggEBAL9ObobqZFix1DbdGDdu
VFXw0fvjKGrjo/ptHsVa7TF6UpMkOVjyhqEwAPgY9XtIPLQuW0Ly8bFP2X1MPaE7
0jn3kIhkFK+jJnQfD7jkxi1cKPOWWli42wGWUPiz/byv/jy5eLLRRKA0kEpCAmRP
bl319bzJu+mMFmWze6mXGqYPds9oDtE34cpya1iX6HwvS+MgD9MBZljXrfR0CAIa
+KfoLbEsc5hEUZKN0/DzGy5lR/CHH1r/3PAj5BCRHeituFGF+IvaxYI0t63bqDi0
8be+MxuIh6wOPybaG3iPGajJcMHqWdf5wHat+wPh3cxV5HIczMFvf9PMduP4Aqp5
VA0=
-----END CERTIFICATE-----
Generated at Mon Jun 24 01:28:13 2024 by rpki-client on console-ams.rpki-client.org