Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4d0d3d64-afcc-4838-bca0-f7693f145edf.roa
File:                     4d0d3d64-afcc-4838-bca0-f7693f145edf.roa (raw, json)
Hash identifier:          s4Xf61aetfbcXEi6+VoLNP2h3G6q0+YquZOfzJwxhn0=
Subject key identifier:   C3:6B:C8:20:05:3B:D0:41:83:DB:1B:71:76:0B:16:D4:F6:61:E1:87
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       426861F19B61309B98B3B0933AC54D1A0D3394B4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4d0d3d64-afcc-4838-bca0-f7693f145edf.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 19 Jul 2024 23:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:68:61:f1:9b:61:30:9b:98:b3:b0:93:3a:c5:4d:1a:0d:33:94:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=b0fa3d8648f19131ca63188d210844abf1be6aa9d6f4b6ebdc0da84d141f08ba, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b8:98:7e:ef:89:e6:bc:b8:db:a2:b3:bc:34:
                    5e:67:58:be:c7:2e:2b:15:14:14:46:4a:5d:b1:12:
                    9d:c0:e5:16:75:e7:20:31:71:9b:cb:b5:52:78:15:
                    61:1e:24:30:e1:aa:63:87:34:21:5a:46:bb:0a:6f:
                    8e:b7:14:52:60:22:67:66:5e:fe:fe:d0:b1:69:ac:
                    3d:b1:d7:a6:2e:d1:a5:f6:c9:6b:9d:d9:49:af:00:
                    11:52:e9:9e:f4:9f:a2:3d:88:56:35:76:ed:e8:ec:
                    5e:e5:a2:fe:b7:e0:b9:1d:90:86:df:76:75:da:49:
                    a5:65:8a:03:ee:85:dd:cb:8a:08:00:36:85:87:f8:
                    de:38:18:1b:20:fe:9e:5e:e2:2f:45:20:5d:f5:35:
                    86:d6:ab:75:4a:2c:e6:2c:d6:6e:3a:1d:2b:f9:10:
                    cb:7e:12:c1:90:7f:4d:c7:78:e7:1d:7d:cd:81:7a:
                    f2:ba:a0:21:c7:7f:79:f4:7d:19:ce:eb:2a:7f:e7:
                    dd:9a:ae:eb:ee:d8:bd:1a:84:54:c3:e2:c5:ee:1f:
                    cd:f1:47:40:41:dd:de:2e:90:4e:09:28:a3:e3:2e:
                    9a:c5:5b:3c:a4:8f:84:35:98:32:fe:04:82:a7:68:
                    17:ba:ce:bb:43:c7:4f:5a:34:3e:0e:d6:32:53:f1:
                    2c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:6B:C8:20:05:3B:D0:41:83:DB:1B:71:76:0B:16:D4:F6:61:E1:87
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4d0d3d64-afcc-4838-bca0-f7693f145edf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5b:99:e8:52:a2:be:c3:ac:de:6c:1f:a8:25:81:ae:78:66:c7:
         aa:03:fc:1c:b0:83:bd:f3:dd:cd:cd:2a:e7:aa:e1:54:67:9d:
         af:7a:58:a2:2b:7b:70:9b:0d:97:6d:c0:d2:a5:b2:72:70:da:
         74:33:c3:2a:72:fd:d5:08:e4:43:0d:44:3f:0c:25:d6:46:6f:
         c2:39:a2:a3:d7:f6:bc:f0:5d:9e:49:db:bf:ec:31:c9:91:bd:
         ba:02:b1:09:32:dc:43:a8:97:93:4b:ee:fc:77:6b:01:05:16:
         2a:b5:59:c2:53:a0:ac:93:31:82:ef:c1:74:7d:32:fb:7f:02:
         70:5d:43:aa:04:f2:11:a9:b0:e3:83:73:8f:b4:76:7c:f4:05:
         48:c8:71:cb:f5:46:0a:7d:01:bb:51:e6:ea:cf:2d:f6:59:08:
         0b:1e:e2:30:da:65:14:07:bb:53:4b:5e:3a:93:b7:a7:86:cb:
         14:cf:ca:f5:7c:3d:76:a5:ea:21:44:53:b2:8e:44:43:ab:6d:
         3e:37:3f:49:50:6b:f3:de:c1:ba:fc:38:38:96:f8:57:9c:83:
         bc:ec:df:c6:0d:b1:9b:a2:35:d8:e8:ad:51:39:47:0e:9d:ce:
         b2:2f:82:33:92:43:10:8d:05:90:70:09:fd:1f:b7:95:95:48:
         a8:76:f8:e7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQmhh8ZthMJuYs7CTOsVNGg0zlLQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAYjBmYTNkODY0OGYxOTEzMWNhNjMx
ODhkMjEwODQ0YWJmMWJlNmFhOWQ2ZjRiNmViZGMwZGE4NGQxNDFmMDhiYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbiYfu+J5ry426KzvDReZ1i+xy4r
FRQURkpdsRKdwOUWdecgMXGby7VSeBVhHiQw4apjhzQhWka7Cm+OtxRSYCJnZl7+
/tCxaaw9sdemLtGl9slrndlJrwARUume9J+iPYhWNXbt6Oxe5aL+t+C5HZCG33Z1
2kmlZYoD7oXdy4oIADaFh/jeOBgbIP6eXuIvRSBd9TWG1qt1SizmLNZuOh0r+RDL
fhLBkH9Nx3jnHX3NgXryuqAhx3959H0Zzusqf+fdmq7r7ti9GoRUw+LF7h/N8UdA
Qd3eLpBOCSij4y6axVs8pI+ENZgy/gSCp2gXus67Q8dPWjQ+DtYyU/EsBwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMNryCAFO9BBg9sbcXYLFtT2YeGHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRkMGQzZDY0LWFmY2MtNDgzOC1iY2EwLWY3NjkzZjE0NWVkZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8bAwDQYJKoZIhvcNAQELBQADggEBAFuZ6FKivsOs3mwfqCWB
rnhmx6oD/Bywg73z3c3NKueq4VRnna96WKIre3CbDZdtwNKlsnJw2nQzwypy/dUI
5EMNRD8MJdZGb8I5oqPX9rzwXZ5J27/sMcmRvboCsQky3EOol5NL7vx3awEFFiq1
WcJToKyTMYLvwXR9Mvt/AnBdQ6oE8hGpsOODc4+0dnz0BUjIccv1Rgp9AbtR5urP
LfZZCAse4jDaZRQHu1NLXjqTt6eGyxTPyvV8PXal6iFEU7KOREOrbT43P0lQa/Pe
wbr8ODiW+Fecg7zs38YNsZuiNdjorVE5Rw6dzrIvgjOSQxCNBZBwCf0ft5WVSKh2
+Oc=
-----END CERTIFICATE-----
Generated at Tue Jul 16 03:59:22 2024 by rpki-client on console-ams.rpki-client.org