Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/390b07ec-5dbd-4f87-81ae-9ed85c7be280.roa
File:                     390b07ec-5dbd-4f87-81ae-9ed85c7be280.roa (raw, json)
Hash identifier:          vp3GcED7ii/jsFJmD6lEnyDtcQMSHe4maECOvZkzOcc=
Subject key identifier:   3A:7A:6C:EE:9F:56:F8:CA:02:F2:99:67:11:D4:8F:79:49:B0:F5:52
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       143CC014FCA9838DCCD9115142018FFB4974AA46
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/390b07ec-5dbd-4f87-81ae-9ed85c7be280.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:3c:c0:14:fc:a9:83:8d:cc:d9:11:51:42:01:8f:fb:49:74:aa:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=aeb190a3e1cbb6d4d7c1c6aa703338cc9f2e34561ff6669452d1b469a3d1b80d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c1:a3:45:31:32:c2:db:c0:bf:b6:9a:fc:c4:
                    6c:45:d3:71:47:28:94:51:c6:6b:ef:c2:fb:d7:72:
                    4f:bb:f5:f2:3e:eb:da:ba:1a:4b:81:65:65:50:45:
                    8e:e0:5b:6f:99:8f:05:3e:cc:78:7b:bf:0e:d6:c7:
                    1d:aa:cf:a5:1b:8c:b7:c2:a0:c8:af:a9:61:31:dd:
                    9e:7e:c6:fe:9a:0c:9b:12:3e:3b:1a:e5:95:1b:da:
                    12:ad:e0:35:11:c0:0c:a9:2b:40:1e:a7:35:bd:c5:
                    98:b8:74:b7:e8:90:8c:4a:76:5a:a5:fb:11:64:62:
                    4d:20:b3:43:93:d3:38:ea:59:1a:32:fb:f4:59:d8:
                    c0:b5:1b:11:20:7b:17:86:82:21:e8:24:ac:d7:df:
                    62:f1:65:33:11:94:c4:9c:59:85:d0:90:d5:27:78:
                    c3:03:59:ee:17:c0:28:13:3e:5b:07:08:88:9d:f2:
                    82:28:07:9c:b4:44:d4:39:51:1c:4b:31:6a:f7:ab:
                    09:e8:0d:d9:c9:96:89:ab:7b:a2:13:89:7c:65:64:
                    3f:52:01:0e:be:c8:29:4e:9f:05:0c:f8:86:67:a6:
                    ff:4f:a7:57:ee:7c:99:6a:75:de:29:e7:f4:98:b6:
                    77:e4:5c:04:89:78:3d:d1:09:73:d4:a7:76:95:2d:
                    5c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7A:6C:EE:9F:56:F8:CA:02:F2:99:67:11:D4:8F:79:49:B0:F5:52
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/390b07ec-5dbd-4f87-81ae-9ed85c7be280.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7a:3e:a4:3a:7c:5b:89:a7:3e:18:4e:e2:44:b5:86:bc:7b:dd:
         8c:e7:1d:88:15:68:24:da:3e:52:a3:51:74:77:1c:40:34:38:
         65:58:72:ff:28:e9:0c:c8:3f:cb:57:51:e7:21:b5:8a:7a:a8:
         01:f7:7a:c3:52:bf:68:a8:ac:3e:a2:4a:db:0c:7b:35:63:75:
         c1:53:06:e8:70:e8:5a:4e:c4:fc:b7:80:55:18:28:3b:95:19:
         5d:c5:93:53:4c:d0:82:60:e8:62:cd:02:cf:01:7d:73:da:95:
         e8:4d:da:15:87:3b:d0:ad:61:da:6c:df:86:aa:de:e0:d7:18:
         3d:4e:1f:63:ca:27:73:02:cc:a3:6b:98:5a:3f:06:78:9c:12:
         56:e6:ba:a4:88:96:c6:28:95:f7:75:c3:fa:ee:35:66:aa:71:
         96:4c:6b:4c:0e:f5:bf:f1:ac:71:a7:44:97:75:f4:fa:58:d6:
         79:a6:69:1c:5a:d4:66:f1:64:43:b4:79:45:e2:bd:07:db:8c:
         ee:b8:83:23:b0:c9:7c:88:c2:3b:04:e9:ec:ab:3f:cf:e8:24:
         e8:7d:c4:9e:8f:f6:db:75:c3:8d:a3:8f:70:6c:2e:87:66:5d:
         65:d5:fe:57:78:ab:c5:c6:17:08:c6:a2:e6:d7:24:58:43:21:
         75:55:7a:38
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFDzAFPypg43M2RFRQgGP+0l0qkYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAYWViMTkwYTNlMWNiYjZkNGQ3YzFj
NmFhNzAzMzM4Y2M5ZjJlMzQ1NjFmZjY2Njk0NTJkMWI0NjlhM2QxYjgwZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcGjRTEywtvAv7aa/MRsRdNxRyiU
UcZr78L713JPu/XyPuvauhpLgWVlUEWO4FtvmY8FPsx4e78O1scdqs+lG4y3wqDI
r6lhMd2efsb+mgybEj47GuWVG9oSreA1EcAMqStAHqc1vcWYuHS36JCMSnZapfsR
ZGJNILNDk9M46lkaMvv0WdjAtRsRIHsXhoIh6CSs199i8WUzEZTEnFmF0JDVJ3jD
A1nuF8AoEz5bBwiInfKCKAectETUOVEcSzFq96sJ6A3ZyZaJq3uiE4l8ZWQ/UgEO
vsgpTp8FDPiGZ6b/T6dX7nyZanXeKef0mLZ35FwEiXg90Qlz1Kd2lS1cjwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDp6bO6fVvjKAvKZZxHUj3lJsPVSMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM5MGIwN2VjLTVkYmQtNGY4Ny04MWFlLTllZDg1YzdiZTI4MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+yAwDQYJKoZIhvcNAQELBQADggEBAHo+pDp8W4mnPhhO4kS1
hrx73YznHYgVaCTaPlKjUXR3HEA0OGVYcv8o6QzIP8tXUechtYp6qAH3esNSv2io
rD6iStsMezVjdcFTBuhw6FpOxPy3gFUYKDuVGV3Fk1NM0IJg6GLNAs8BfXPalehN
2hWHO9CtYdps34aq3uDXGD1OH2PKJ3MCzKNrmFo/BnicElbmuqSIlsYolfd1w/ru
NWaqcZZMa0wO9b/xrHGnRJd19PpY1nmmaRxa1GbxZEO0eUXivQfbjO64gyOwyXyI
wjsE6eyrP8/oJOh9xJ6P9tt1w42jj3BsLodmXWXV/ld4q8XGFwjGoubXJFhDIXVV
ejg=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:56:53 2024 by rpki-client on console-ams.rpki-client.org