Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c46839c-3f15-4f81-8b34-6fe264045216.roa
File:                     4c46839c-3f15-4f81-8b34-6fe264045216.roa (raw, json)
Hash identifier:          nfzlTY+hNfbSVYOfPRqoRF0QtyOPjeBO/9gJDRJUXtc=
Subject key identifier:   60:B2:B9:B4:65:1D:82:00:20:A1:A5:5D:80:6E:76:F9:C4:4B:86:2C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6430C45764ADE0B1E4113646BEE5DF308326C137
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c46839c-3f15-4f81-8b34-6fe264045216.roa
Signing time:             Mon 06 Mar 2023 00:00:00 +0000
ROA not before:           Mon 06 Mar 2023 00:00:00 +0000
ROA not after:            Mon 10 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da70:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 16 Mar 2023 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:30:c4:57:64:ad:e0:b1:e4:11:36:46:be:e5:df:30:83:26:c1:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar  6 00:00:00 2023 GMT
            Not After : Apr 10 23:59:59 2023 GMT
        Subject: serialNumber=9dde63a2b11025a8913dfe817bb57121965eda765f88a0b6902a8ec86853e619, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:80:88:33:40:1c:a5:cf:b1:f1:82:01:1e:08:
                    d8:26:b0:d7:fe:53:e9:31:e4:0c:a3:e9:0f:ff:7b:
                    92:f7:32:ce:35:88:b9:06:cd:32:11:25:51:1d:4f:
                    39:24:57:f8:03:64:e5:87:62:f6:c5:2b:9c:c6:ab:
                    21:5f:67:16:d7:45:34:46:34:70:cf:24:c3:10:26:
                    dc:94:bf:32:9f:5a:dc:4e:d7:72:28:1a:30:2a:5c:
                    55:aa:c2:50:e5:c1:26:3c:94:44:25:51:75:ef:aa:
                    70:99:44:98:72:a4:8f:a7:36:d9:dc:4a:55:6c:da:
                    dc:27:1d:34:78:e3:ea:c9:a5:ab:44:ea:ca:30:13:
                    a2:31:27:6b:07:0c:14:00:90:72:25:24:37:7c:f0:
                    9d:e2:02:20:71:87:a4:1b:14:8b:1f:91:fa:f1:04:
                    97:ef:97:ed:44:ea:cb:26:30:03:07:f2:87:a4:a8:
                    29:6c:41:34:58:26:06:f7:38:83:e0:de:da:08:19:
                    86:31:a3:04:72:c4:6b:ca:5f:0d:cb:05:4e:18:b2:
                    83:6f:bc:05:6f:71:b2:13:a0:29:c1:d0:df:26:35:
                    2d:dd:96:ab:d4:1d:78:d6:c8:a4:66:a5:d7:2d:c3:
                    20:2c:23:7d:08:8b:f1:52:ab:99:f9:00:5f:72:24:
                    96:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                60:B2:B9:B4:65:1D:82:00:20:A1:A5:5D:80:6E:76:F9:C4:4B:86:2C
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4c46839c-3f15-4f81-8b34-6fe264045216.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da70:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         aa:33:46:ad:dd:e9:2b:1e:21:a1:a1:29:bf:6f:b7:a0:99:13:
         e7:92:2d:52:a8:87:0e:19:4e:d2:d8:f4:77:28:73:c9:b7:44:
         f9:ee:a0:14:f3:ff:2f:f8:a9:5c:f2:93:1b:cc:b2:6a:5f:69:
         17:85:15:16:9a:20:f7:95:bd:d2:cc:80:02:d9:fd:cd:74:aa:
         1e:e9:fa:ed:81:36:86:e6:55:90:c1:31:3a:8c:17:52:b4:79:
         f2:cd:ad:cf:c0:f8:5f:ff:80:7e:0c:29:39:b0:0b:cd:6c:61:
         e5:5d:f9:b9:39:5f:a8:f2:8a:19:7d:e7:e8:6d:f8:2e:18:83:
         89:05:6b:a6:c6:6a:6d:a8:a5:e3:05:c7:99:1f:c3:35:ec:38:
         60:a0:92:d3:96:07:3e:a6:11:b1:6f:e7:c1:a5:cc:bd:85:53:
         7d:16:00:26:16:4a:d6:ed:2e:be:3e:48:7f:7a:61:56:74:60:
         25:32:b9:49:57:77:5f:99:35:3e:82:6a:4d:47:34:fe:e7:18:
         78:8e:83:7f:36:65:dd:26:cb:dd:c2:c8:64:c0:37:93:ed:2a:
         91:fb:ec:33:b5:aa:82:e3:a3:14:2e:f1:63:ab:3d:36:e2:72:
         02:90:2e:79:eb:fd:79:aa:28:4a:55:28:2f:95:2d:b2:08:46:
         d4:94:ec:3f
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUZDDEV2St4LHkETZGvuXfMIMmwTcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMwNjAwMDAwMFoX
DTIzMDQxMDIzNTk1OVowgaUxSTBHBgNVBAUTQDlkZGU2M2EyYjExMDI1YTg5MTNk
ZmU4MTdiYjU3MTIxOTY1ZWRhNzY1Zjg4YTBiNjkwMmE4ZWM4Njg1M2U2MTkxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJgIgzQBylz7HxggEeCNgmsNf+U+kx5Ayj
6Q//e5L3Ms41iLkGzTIRJVEdTzkkV/gDZOWHYvbFK5zGqyFfZxbXRTRGNHDPJMMQ
JtyUvzKfWtxO13IoGjAqXFWqwlDlwSY8lEQlUXXvqnCZRJhypI+nNtncSlVs2twn
HTR44+rJpatE6sowE6IxJ2sHDBQAkHIlJDd88J3iAiBxh6QbFIsfkfrxBJfvl+1E
6ssmMAMH8oekqClsQTRYJgb3OIPg3toIGYYxowRyxGvKXw3LBU4YsoNvvAVvcbIT
oCnB0N8mNS3dlqvUHXjWyKRmpdctwyAsI30Ii/FSq5n5AF9yJJanAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUYLK5tGUdggAgoaVdgG52+cRLhiwwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvNGM0
NjgzOWMtM2YxNS00ZjgxLThiMzQtNmZlMjY0MDQ1MjE2LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtpwkDANBgkqhkiG9w0BAQsFAAOCAQEAqjNGrd3pKx4hoaEpv2+3oJkT
55ItUqiHDhlO0tj0dyhzybdE+e6gFPP/L/ipXPKTG8yyal9pF4UVFpog95W90syA
Atn9zXSqHun67YE2huZVkMExOowXUrR58s2tz8D4X/+AfgwpObALzWxh5V35uTlf
qPKKGX3n6G34LhiDiQVrpsZqbail4wXHmR/DNew4YKCS05YHPqYRsW/nwaXMvYVT
fRYAJhZK1u0uvj5If3phVnRgJTK5SVd3X5k1PoJqTUc0/ucYeI6DfzZl3SbL3cLI
ZMA3k+0qkfvsM7WqguOjFC7xY6s9NuJyApAueev9eaooSlUoL5UtsghG1JTsPw==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:42:44 2023 by rpki-client on console-ams.rpki-client.org