Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49c96710-1e67-4b08-aeed-9db02b3e6469.roa
File:                     49c96710-1e67-4b08-aeed-9db02b3e6469.roa (raw, json)
Hash identifier:          x7kdyDdsbnrNeSXPySgP35llcF8amJG3VUUllfoMI+A=
Subject key identifier:   BE:F5:C1:56:11:15:DE:04:DD:56:61:6E:2E:9F:B8:C0:90:40:41:60
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       174C3789D6C8963CF50603FE5A79CD3D566402DC
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49c96710-1e67-4b08-aeed-9db02b3e6469.roa
Signing time:             Fri 14 Jun 2024 00:00:00 +0000
ROA not before:           Fri 14 Jun 2024 00:00:00 +0000
ROA not after:            Fri 19 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf5:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4c:37:89:d6:c8:96:3c:f5:06:03:fe:5a:79:cd:3d:56:64:02:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 14 00:00:00 2024 GMT
            Not After : Jul 19 23:59:59 2024 GMT
        Subject: serialNumber=c82567ea042e43113d269cf7c64f62a6a45b51eb085791e8f87089b715e8d203, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7f:ca:90:0c:dc:c2:4a:83:46:a7:a3:e1:d5:
                    a4:3f:ee:10:a2:c3:b4:20:67:ae:57:98:3c:be:b8:
                    dd:09:b6:33:9c:66:f1:af:ab:a9:e8:e1:8c:40:40:
                    45:a1:e2:90:db:28:a7:e3:08:4a:45:3c:e5:25:1f:
                    80:6d:e6:a6:19:58:1c:bd:43:d5:9d:ea:28:93:58:
                    bf:d0:5b:ab:50:b0:f9:27:b0:47:f3:b8:8c:ac:42:
                    99:03:9c:00:b3:f3:b8:19:e6:fd:32:28:0e:35:ab:
                    38:2c:5b:d4:e9:c3:be:86:57:d9:d9:3f:f3:10:fd:
                    bc:46:ef:95:66:5b:a8:a0:67:63:e9:bf:13:65:01:
                    6e:90:92:bd:09:15:93:c7:1b:52:33:4f:c9:5b:3f:
                    da:a2:eb:8d:24:ab:0c:91:1b:f7:b6:25:25:75:67:
                    aa:05:b1:19:45:fa:0e:b4:2f:29:63:17:a8:48:d7:
                    de:a3:ac:b8:30:1c:ab:b8:f8:43:70:33:f1:35:b7:
                    03:95:a6:77:68:ab:3d:02:f6:94:35:b0:3d:35:14:
                    3f:1b:17:5a:8e:6d:92:74:f5:98:cd:7a:cd:79:15:
                    35:39:6e:e7:86:0d:2b:4d:c1:b3:56:34:a4:98:11:
                    6a:db:29:36:e6:20:c7:e3:10:41:f6:d0:1b:33:09:
                    0b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F5:C1:56:11:15:DE:04:DD:56:61:6E:2E:9F:B8:C0:90:40:41:60
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/49c96710-1e67-4b08-aeed-9db02b3e6469.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf5:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         00:d9:9b:13:2b:8f:f8:9e:ed:67:d6:81:8f:e0:d7:6f:f9:20:
         35:cd:90:98:be:4d:b1:e7:38:fd:80:82:58:1d:09:33:02:5d:
         54:66:1e:5b:00:dd:e9:cb:da:4b:f9:6f:ce:71:41:e6:2e:39:
         dd:cf:ae:c0:79:e3:2d:1b:24:03:c9:0b:0c:60:77:ad:6c:c3:
         b3:ea:53:eb:0d:31:3a:c6:e4:ec:7c:d3:db:18:12:cd:c9:fb:
         b8:17:55:7e:62:12:72:c2:9a:ad:eb:37:78:77:65:50:a8:05:
         a5:82:33:24:da:7b:05:ee:71:4e:a2:1e:e6:66:db:43:a2:16:
         b5:16:a5:50:45:2f:08:72:10:fc:e0:08:71:80:be:ed:5e:3a:
         bb:c0:a9:b0:dd:bf:8b:9b:d0:78:72:b9:be:f3:82:aa:87:80:
         77:8d:54:18:c3:29:a1:da:63:c9:9b:b4:af:8f:fc:23:aa:e4:
         e5:bf:f4:10:91:82:9c:1f:c3:b8:16:9b:b3:50:ce:a2:6c:35:
         91:8a:1b:04:ea:c3:f0:71:3e:d6:05:0c:73:af:62:2f:3b:eb:
         94:f4:6b:92:8d:e4:ab:30:08:a0:5b:17:56:0c:96:6c:71:2f:
         c3:b3:9b:6b:c2:f4:c8:b9:eb:2b:68:84:2b:a2:f3:3c:3b:90:
         71:81:15:46
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUF0w3idbIljz1BgP+WnnNPVZkAtwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxNDAwMDAwMFoX
DTI0MDcxOTIzNTk1OVowejFJMEcGA1UEBRNAYzgyNTY3ZWEwNDJlNDMxMTNkMjY5
Y2Y3YzY0ZjYyYTZhNDViNTFlYjA4NTc5MWU4Zjg3MDg5YjcxNWU4ZDIwMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH/KkAzcwkqDRqej4dWkP+4QosO0
IGeuV5g8vrjdCbYznGbxr6up6OGMQEBFoeKQ2yin4whKRTzlJR+AbeamGVgcvUPV
neook1i/0FurULD5J7BH87iMrEKZA5wAs/O4Geb9MigONas4LFvU6cO+hlfZ2T/z
EP28Ru+VZluooGdj6b8TZQFukJK9CRWTxxtSM0/JWz/aouuNJKsMkRv3tiUldWeq
BbEZRfoOtC8pYxeoSNfeo6y4MByruPhDcDPxNbcDlaZ3aKs9AvaUNbA9NRQ/Gxda
jm2SdPWYzXrNeRU1OW7nhg0rTcGzVjSkmBFq2yk25iDH4xBB9tAbMwkLjwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL71wVYRFd4E3VZhbi6fuMCQQEFgMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQ5Yzk2NzEwLTFlNjctNGIwOC1hZWVkLTlkYjAyYjNlNjQ2OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9eAwDQYJKoZIhvcNAQELBQADggEBAADZmxMrj/ie7WfWgY/g
12/5IDXNkJi+TbHnOP2AglgdCTMCXVRmHlsA3enL2kv5b85xQeYuOd3PrsB54y0b
JAPJCwxgd61sw7PqU+sNMTrG5Ox809sYEs3J+7gXVX5iEnLCmq3rN3h3ZVCoBaWC
MyTaewXucU6iHuZm20OiFrUWpVBFLwhyEPzgCHGAvu1eOrvAqbDdv4ub0Hhyub7z
gqqHgHeNVBjDKaHaY8mbtK+P/COq5OW/9BCRgpwfw7gWm7NQzqJsNZGKGwTqw/Bx
PtYFDHOvYi8765T0a5KN5KswCKBbF1YMlmxxL8Ozm2vC9Mi56ytohCui8zw7kHGB
FUY=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:01:50 2024 by rpki-client on console-fra.rpki-client.org