Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa
File:                     49a679dd-b6ba-4b54-beeb-b3e83302b998.roa (raw, json)
Hash identifier:          FA2Z60h8W/MTL6CJKN/E6XaZICO+8bBHLYSZv3htw8s=
Subject key identifier:   EB:57:0A:73:DA:9E:E8:B7:FD:FC:49:DC:84:60:99:40:1B:A3:F3:D4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0370AB52B916006795FD9C0915CC1245605AA9FD
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa
Signing time:             Tue 25 Jun 2024 00:00:00 +0000
ROA not before:           Tue 25 Jun 2024 00:00:00 +0000
ROA not after:            Tue 30 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:70:ab:52:b9:16:00:67:95:fd:9c:09:15:cc:12:45:60:5a:a9:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 25 00:00:00 2024 GMT
            Not After : Jul 30 23:59:59 2024 GMT
        Subject: serialNumber=e565bdc4a5385dc3fddee35313ac0ffd7d33759e4fc43d8ff01ba389522e41b4, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a2:5f:d1:d3:39:b4:d2:b7:d8:da:aa:e8:4e:
                    42:b9:67:b1:b2:4a:de:7c:71:9b:5e:c4:74:45:a2:
                    ed:fe:db:e0:9a:26:5d:53:d7:ea:b2:11:32:2c:31:
                    ec:04:cd:7d:c7:8f:13:ac:8c:84:88:59:64:58:dd:
                    d3:95:d8:6b:b7:c5:f8:09:10:ff:ea:ec:a5:e3:8e:
                    3a:37:a7:96:09:98:3f:02:a4:1d:0d:e7:13:c8:42:
                    6f:ca:41:47:2c:8b:64:e6:60:3f:3e:bf:5d:ff:3a:
                    b2:32:b8:d6:75:d7:b3:d4:1d:d7:71:8a:b7:d8:3e:
                    77:20:0a:1b:75:7f:81:98:df:d8:cd:c1:d5:92:2c:
                    a0:85:58:32:61:65:82:a5:e9:c0:34:5c:45:d6:21:
                    61:a5:33:19:64:30:87:b7:3b:f5:82:9a:ff:80:66:
                    8a:29:f4:36:dc:a4:b2:99:3e:36:a3:45:4c:85:8a:
                    fe:da:98:d9:88:81:08:17:1a:ff:5a:ef:f1:fe:0e:
                    7b:04:d5:85:09:47:73:3e:fc:cf:77:75:f6:d3:88:
                    da:f0:96:98:f9:d0:a3:de:88:2e:b5:ad:9e:e1:9a:
                    ac:8d:52:84:68:05:26:00:21:70:8f:e5:3c:d1:c3:
                    58:ce:a5:0a:88:04:a6:99:7a:cf:96:56:2a:84:db:
                    65:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:57:0A:73:DA:9E:E8:B7:FD:FC:49:DC:84:60:99:40:1B:A3:F3:D4
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49a679dd-b6ba-4b54-beeb-b3e83302b998.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:36:d1:dc:bb:b1:48:25:23:68:9d:1b:d0:50:17:c1:9e:4c:
         af:29:04:46:83:b3:18:ad:74:91:64:3d:a8:73:80:a0:61:8d:
         a5:85:b2:ad:02:e0:2c:cc:d2:61:53:8c:3f:62:7f:3f:29:f8:
         8e:14:86:e3:bb:ca:2d:dc:ad:11:c8:91:f2:fa:f3:25:e6:63:
         8c:a7:29:00:d4:33:75:9f:03:3b:25:4c:a3:13:93:f3:a9:ee:
         1d:da:1e:79:d1:c3:89:12:05:6e:0c:9b:c1:c0:32:3c:84:c3:
         bb:3b:6d:e7:ac:63:3e:87:8c:7d:8f:fc:0c:fc:55:18:ec:32:
         d2:15:1a:5a:48:15:8e:f6:5f:36:73:f6:f1:84:cf:17:cc:8b:
         4c:c3:d9:7a:25:32:eb:aa:55:7b:75:80:75:a7:22:d9:72:44:
         1f:fa:1c:54:dd:3e:6b:16:0b:0b:9c:63:aa:6a:d2:1f:e9:e3:
         cc:5b:f0:b2:cc:04:9a:1f:cf:ec:ff:ac:4c:53:63:96:c4:f0:
         3e:c4:0e:d8:d9:64:5e:9f:3e:b8:88:c2:1b:1d:8c:f8:3b:b5:
         38:df:21:bf:11:bc:3b:40:f3:ef:4b:a0:b7:e2:c6:4b:73:af:
         f9:52:79:2c:27:fc:9b:0d:d0:5f:d4:62:ff:63:f9:b8:84:61:
         61:b3:ab:8c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUA3CrUrkWAGeV/ZwJFcwSRWBaqf0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyNTAwMDAwMFoX
DTI0MDczMDIzNTk1OVowejFJMEcGA1UEBRNAZTU2NWJkYzRhNTM4NWRjM2ZkZGVl
MzUzMTNhYzBmZmQ3ZDMzNzU5ZTRmYzQzZDhmZjAxYmEzODk1MjJlNDFiNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqJf0dM5tNK32Nqq6E5CuWexskre
fHGbXsR0RaLt/tvgmiZdU9fqshEyLDHsBM19x48TrIyEiFlkWN3Tldhrt8X4CRD/
6uyl4446N6eWCZg/AqQdDecTyEJvykFHLItk5mA/Pr9d/zqyMrjWddez1B3XcYq3
2D53IAobdX+BmN/YzcHVkiyghVgyYWWCpenANFxF1iFhpTMZZDCHtzv1gpr/gGaK
KfQ23KSymT42o0VMhYr+2pjZiIEIFxr/Wu/x/g57BNWFCUdzPvzPd3X204ja8JaY
+dCj3oguta2e4ZqsjVKEaAUmACFwj+U80cNYzqUKiASmmXrPllYqhNtlsQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOtXCnPanui3/fxJ3IRgmUAbo/PUMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQ5YTY3OWRkLWI2YmEtNGI1NC1iZWViLWIzZTgzMzAyYjk5OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8QgwDQYJKoZIhvcNAQELBQADggEBAMM20dy7sUglI2idG9BQ
F8GeTK8pBEaDsxitdJFkPahzgKBhjaWFsq0C4CzM0mFTjD9ifz8p+I4UhuO7yi3c
rRHIkfL68yXmY4ynKQDUM3WfAzslTKMTk/Op7h3aHnnRw4kSBW4Mm8HAMjyEw7s7
beesYz6HjH2P/Az8VRjsMtIVGlpIFY72XzZz9vGEzxfMi0zD2XolMuuqVXt1gHWn
ItlyRB/6HFTdPmsWCwucY6pq0h/p48xb8LLMBJofz+z/rExTY5bE8D7EDtjZZF6f
PriIwhsdjPg7tTjfIb8RvDtA8+9LoLfixktzr/lSeSwn/JsN0F/UYv9j+biEYWGz
q4w=
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:49 2024 by rpki-client on console-fra.rpki-client.org