Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4d5a8513-21e5-4af7-b1b9-e85bc8e16eb8.roa
File:                     4d5a8513-21e5-4af7-b1b9-e85bc8e16eb8.roa (raw, json)
Hash identifier:          YooI/Fk5F7e5tp5y78ofrZTMDvYBJ6BCFIpYz6qSTYw=
Subject key identifier:   8F:78:55:EC:57:AC:AE:27:2F:C4:71:0E:BE:A5:37:83:6B:09:98:C2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       41D26E302441773A74B3A4501B4751E246A1913E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4d5a8513-21e5-4af7-b1b9-e85bc8e16eb8.roa
Signing time:             Mon 06 Mar 2023 00:00:00 +0000
ROA not before:           Mon 06 Mar 2023 00:00:00 +0000
ROA not after:            Mon 10 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafa:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 16 Mar 2023 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d2:6e:30:24:41:77:3a:74:b3:a4:50:1b:47:51:e2:46:a1:91:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar  6 00:00:00 2023 GMT
            Not After : Apr 10 23:59:59 2023 GMT
        Subject: serialNumber=eaeef08f907d8fda2b32f687af13fe0a2dd72826dc03c2b0fdcf9994189acdd3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e6:aa:14:cb:6a:54:74:95:97:c6:6b:2e:82:
                    a0:8f:ed:f2:9f:5f:0e:59:4a:18:d0:ad:ec:c1:31:
                    2b:3e:e7:17:c4:fc:9a:2e:b6:a3:c8:8c:7e:86:d6:
                    a6:c5:eb:22:3d:00:a6:6f:02:39:8b:ca:a5:c4:27:
                    71:dd:f4:b5:c9:f9:67:98:98:fd:f3:94:93:5c:54:
                    19:39:c0:b3:b2:ec:a0:88:ca:c1:53:7c:1d:9e:9d:
                    12:78:ec:cb:74:1a:97:52:e5:0b:85:45:4b:38:ba:
                    b8:06:ac:2e:8f:69:74:e0:e0:13:f6:8e:16:8a:0f:
                    8d:65:c2:b6:1c:8d:cf:15:cc:ac:81:1a:c2:ca:5b:
                    68:3f:03:2f:17:72:92:95:00:85:a3:ff:f4:7b:37:
                    38:28:fc:71:ac:88:48:6f:8e:ac:19:6b:c5:ec:ae:
                    73:52:3f:da:c5:72:e4:bc:df:c6:61:63:16:dd:ba:
                    8a:e0:f8:dd:cf:7a:23:b3:2e:2b:4e:14:86:c3:81:
                    19:bc:cd:4b:5d:2d:3d:17:22:8e:c8:a9:38:d8:e4:
                    5c:ca:9b:ab:86:4c:07:76:3a:56:83:40:3e:88:46:
                    0b:e0:34:45:d0:3c:8b:38:02:78:63:95:97:00:3f:
                    54:bf:93:13:05:6b:30:26:ec:fd:a0:ce:34:67:cd:
                    4e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                8F:78:55:EC:57:AC:AE:27:2F:C4:71:0E:BE:A5:37:83:6B:09:98:C2
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4d5a8513-21e5-4af7-b1b9-e85bc8e16eb8.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafa:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         18:b7:9e:09:ad:22:fe:97:3d:5f:9f:d5:b7:d0:c8:06:87:75:
         cb:91:50:72:bf:fc:fe:91:04:c5:a9:69:15:0c:47:06:17:5c:
         65:13:8a:4f:45:3e:30:d6:1c:dd:e8:42:7a:dc:06:53:4b:89:
         a4:4e:76:52:d4:21:c5:b5:3f:9d:83:8f:84:e7:43:a8:c4:99:
         eb:20:97:95:81:1a:0c:1c:a8:69:15:53:4b:e7:be:25:23:e1:
         79:a0:e1:a2:11:a6:64:2c:76:df:19:7b:0a:a9:ba:dd:a6:7e:
         6a:e7:cb:44:65:4c:24:da:8c:04:32:b8:f4:c3:10:fb:0e:85:
         47:f1:2c:d5:73:e1:ba:9f:92:8e:73:5a:88:79:eb:c2:77:15:
         8b:38:07:5b:ce:21:6c:f8:cb:13:e5:24:85:74:a4:47:66:1e:
         7a:38:b0:09:b0:4e:fa:12:e0:4c:5a:14:a5:37:19:58:9c:7c:
         4f:d5:40:59:7d:b2:e8:3e:9a:ba:8a:ea:ce:c2:07:c7:cb:7d:
         7e:49:35:08:b3:71:a7:fc:66:6e:ad:12:64:35:75:32:23:00:
         ec:65:2b:bc:2e:02:8c:fd:b8:ee:85:54:b1:e8:d2:af:be:88:
         55:c3:59:60:ca:43:59:53:e9:79:d6:87:c1:1f:ee:66:b9:da:
         83:31:65:d4
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUQdJuMCRBdzp0s6RQG0dR4kahkT4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMwNjAwMDAwMFoX
DTIzMDQxMDIzNTk1OVowgaUxSTBHBgNVBAUTQGVhZWVmMDhmOTA3ZDhmZGEyYjMy
ZjY4N2FmMTNmZTBhMmRkNzI4MjZkYzAzYzJiMGZkY2Y5OTk0MTg5YWNkZDMxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl5qoUy2pUdJWXxmsugqCP7fKfXw5ZShjQ
rezBMSs+5xfE/JoutqPIjH6G1qbF6yI9AKZvAjmLyqXEJ3Hd9LXJ+WeYmP3zlJNc
VBk5wLOy7KCIysFTfB2enRJ47Mt0GpdS5QuFRUs4urgGrC6PaXTg4BP2jhaKD41l
wrYcjc8VzKyBGsLKW2g/Ay8XcpKVAIWj//R7Nzgo/HGsiEhvjqwZa8XsrnNSP9rF
cuS838ZhYxbduorg+N3PeiOzLitOFIbDgRm8zUtdLT0XIo7IqTjY5FzKm6uGTAd2
OlaDQD6IRgvgNEXQPIs4AnhjlZcAP1S/kxMFazAm7P2gzjRnzU69AgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUj3hV7FesricvxHEOvqU3g2sJmMIwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvNGQ1
YTg1MTMtMjFlNS00YWY3LWIxYjktZTg1YmM4ZTE2ZWI4LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtr6QDANBgkqhkiG9w0BAQsFAAOCAQEAGLeeCa0i/pc9X5/Vt9DIBod1
y5FQcr/8/pEExalpFQxHBhdcZROKT0U+MNYc3ehCetwGU0uJpE52UtQhxbU/nYOP
hOdDqMSZ6yCXlYEaDByoaRVTS+e+JSPheaDhohGmZCx23xl7Cqm63aZ+aufLRGVM
JNqMBDK49MMQ+w6FR/Es1XPhup+SjnNaiHnrwncVizgHW84hbPjLE+UkhXSkR2Ye
ejiwCbBO+hLgTFoUpTcZWJx8T9VAWX2y6D6auorqzsIHx8t9fkk1CLNxp/xmbq0S
ZDV1MiMA7GUrvC4CjP247oVUsejSr76IVcNZYMpDWVPpedaHwR/uZrnagzFl1A==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:42:44 2023 by rpki-client on console-ams.rpki-client.org