Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3e9cc6af-bc2c-4dca-8915-0cddf25cc8db.roa
File:                     3e9cc6af-bc2c-4dca-8915-0cddf25cc8db.roa (raw, json)
Hash identifier:          QjHXocBxF88lvMKJQyhBCg+Tdr4U2RrwqIxkR3CFgpY=
Subject key identifier:   30:A8:74:FB:C2:6C:98:8D:84:7A:7A:5E:40:4F:63:7B:76:69:5A:3A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5F9F49506B977421E6452F8DF96A036754456549
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3e9cc6af-bc2c-4dca-8915-0cddf25cc8db.roa
Signing time:             Sat 25 May 2024 00:00:00 +0000
ROA not before:           Sat 25 May 2024 00:00:00 +0000
ROA not after:            Sat 29 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:4800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:9f:49:50:6b:97:74:21:e6:45:2f:8d:f9:6a:03:67:54:45:65:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 25 00:00:00 2024 GMT
            Not After : Jun 29 23:59:59 2024 GMT
        Subject: serialNumber=1ed71f368b566cf2a64440947f834d8ad90e2e7639a0f89dd9c3396ede541587, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2b:87:c8:06:86:b2:ec:ca:b9:72:a3:6d:09:
                    73:28:64:cb:3e:a7:ed:cf:15:2e:aa:28:ed:6d:29:
                    b8:5a:c4:6c:87:f9:2b:bc:c0:20:d2:78:5a:da:18:
                    4c:ed:48:5d:c6:8d:79:c8:13:eb:e4:ab:4c:49:b5:
                    81:f0:3c:f5:2a:4f:1e:03:9a:8e:5b:28:65:61:8f:
                    ca:81:e0:e0:8b:e8:fb:98:92:47:47:40:ad:61:cb:
                    b9:b2:e3:9b:7d:42:59:20:33:78:fb:94:45:79:5e:
                    2b:0a:78:91:10:7a:51:8e:de:cd:58:b2:07:a7:9d:
                    40:82:7e:12:07:15:9d:1d:7d:c1:02:6d:5e:3f:d4:
                    fe:fd:0e:ba:63:31:bf:ae:89:be:95:0a:15:98:99:
                    c2:9f:e6:31:ff:de:c5:ed:fe:a7:f1:90:52:ed:a6:
                    a9:71:c4:ba:17:f0:ce:2b:ed:6d:f1:14:26:93:4b:
                    7a:01:24:fa:71:6b:a6:13:db:0a:18:b4:7d:54:2c:
                    fe:bd:01:d5:60:4e:c5:3f:70:0a:a2:0f:09:43:65:
                    a7:ba:70:5a:fe:b4:8b:83:aa:38:30:cb:f0:23:75:
                    b1:88:37:a0:da:ef:d2:60:6f:42:9d:2e:da:d9:9a:
                    c8:a9:a5:26:b9:77:ec:70:97:9c:7c:f6:c2:f1:a3:
                    26:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A8:74:FB:C2:6C:98:8D:84:7A:7A:5E:40:4F:63:7B:76:69:5A:3A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3e9cc6af-bc2c-4dca-8915-0cddf25cc8db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         44:ef:50:f4:79:9d:75:3d:00:f0:2d:8a:e7:01:9b:b4:b3:a0:
         94:f4:0f:df:c1:24:44:48:ea:dd:f3:22:1e:c8:e1:fc:74:66:
         ed:b7:52:3a:75:c9:ea:4b:ec:2c:66:07:40:4e:67:84:3f:bb:
         c0:34:fc:1a:32:6e:ea:6a:20:c2:72:c5:b7:a4:28:02:ab:bb:
         b9:8a:12:76:21:5b:cb:63:44:15:43:c3:a4:5a:0a:db:b6:77:
         54:75:d9:ce:29:65:39:a7:b8:2b:54:31:3c:c0:1b:74:44:ff:
         66:5b:9c:b7:53:62:f2:4e:0e:08:65:93:34:64:cf:13:d9:c4:
         8d:b4:e2:e0:d1:11:4f:50:f9:89:21:c7:8d:02:60:b4:d4:b5:
         5d:31:8b:a8:c7:05:6e:0d:a2:4d:3e:9d:44:33:dd:15:7d:1b:
         ce:de:72:af:31:7a:2c:79:42:f6:e0:78:26:67:1b:a4:f9:f3:
         a0:10:57:f9:ec:02:ee:a6:35:74:23:80:0e:80:4e:3b:66:70:
         1a:31:c7:47:fd:ba:5b:df:64:d6:be:35:73:bb:11:3b:f3:10:
         0a:14:66:ef:23:10:97:32:33:c6:fd:1b:5b:4f:a6:7b:39:5e:
         57:49:6d:48:ab:e4:38:7d:33:07:a8:c8:53:6e:bd:88:df:b3:
         79:1d:d2:65
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUX59JUGuXdCHmRS+N+WoDZ1RFZUkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNTAwMDAwMFoX
DTI0MDYyOTIzNTk1OVowejFJMEcGA1UEBRNAMWVkNzFmMzY4YjU2NmNmMmE2NDQ0
MDk0N2Y4MzRkOGFkOTBlMmU3NjM5YTBmODlkZDljMzM5NmVkZTU0MTU4NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiuHyAaGsuzKuXKjbQlzKGTLPqft
zxUuqijtbSm4WsRsh/krvMAg0nha2hhM7Uhdxo15yBPr5KtMSbWB8Dz1Kk8eA5qO
WyhlYY/KgeDgi+j7mJJHR0CtYcu5suObfUJZIDN4+5RFeV4rCniREHpRjt7NWLIH
p51Agn4SBxWdHX3BAm1eP9T+/Q66YzG/rom+lQoVmJnCn+Yx/97F7f6n8ZBS7aap
ccS6F/DOK+1t8RQmk0t6AST6cWumE9sKGLR9VCz+vQHVYE7FP3AKog8JQ2WnunBa
/rSLg6o4MMvwI3WxiDeg2u/SYG9CnS7a2ZrIqaUmuXfscJecfPbC8aMm1wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDCodPvCbJiNhHp6XkBPY3t2aVo6MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNlOWNjNmFmLWJjMmMtNGRjYS04OTE1LTBjZGRmMjVjYzhkYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaEgwDQYJKoZIhvcNAQELBQADggEBAETvUPR5nXU9APAtiucB
m7SzoJT0D9/BJERI6t3zIh7I4fx0Zu23Ujp1yepL7CxmB0BOZ4Q/u8A0/Boybupq
IMJyxbekKAKru7mKEnYhW8tjRBVDw6RaCtu2d1R12c4pZTmnuCtUMTzAG3RE/2Zb
nLdTYvJODghlkzRkzxPZxI204uDREU9Q+Ykhx40CYLTUtV0xi6jHBW4Nok0+nUQz
3RV9G87ecq8xeix5QvbgeCZnG6T586AQV/nsAu6mNXQjgA6ATjtmcBoxx0f9ulvf
ZNa+NXO7ETvzEAoUZu8jEJcyM8b9G1tPpns5XldJbUir5Dh9MweoyFNuvYjfs3kd
0mU=
-----END CERTIFICATE-----
Generated at Fri Jun 14 16:48:07 2024 by rpki-client on console-fra.rpki-client.org