Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4e351fa8-3b89-4512-a16b-5c307fc6f611.roa
File:                     4e351fa8-3b89-4512-a16b-5c307fc6f611.roa (raw, json)
Hash identifier:          FKOkOo1ZaDwQlocFbC5sWX2zEL8vEQ9n9zPPFXb9irE=
Subject key identifier:   41:4F:94:3B:BE:E4:7E:25:3E:E7:E5:CA:09:56:4D:CC:19:3D:18:66
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       307096F9103DB1039DB20C76BF9B0FFE930EFC5D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4e351fa8-3b89-4512-a16b-5c307fc6f611.roa
Signing time:             Fri 31 May 2024 00:00:00 +0000
ROA not before:           Fri 31 May 2024 00:00:00 +0000
ROA not after:            Fri 05 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf0:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 00:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:70:96:f9:10:3d:b1:03:9d:b2:0c:76:bf:9b:0f:fe:93:0e:fc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 31 00:00:00 2024 GMT
            Not After : Jul  5 23:59:59 2024 GMT
        Subject: serialNumber=77fd86d861641d84ffd67904f9504ade427f248a0b7a52336ffca0b0cbcaa2bb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a8:2c:09:7a:4a:b7:9e:c5:fd:b7:66:c5:58:
                    1c:60:23:5c:ef:93:9e:f2:dc:e1:48:4d:42:fc:0b:
                    91:fb:ef:d7:4f:bb:ab:8e:43:40:01:7e:b3:1b:3c:
                    88:fb:fe:3e:c9:d6:05:af:27:33:07:4d:76:f9:c6:
                    8a:25:4a:8a:4e:73:72:32:dc:c0:63:f6:3f:53:76:
                    32:f2:3d:a6:bd:5b:2c:31:5b:ab:e7:88:9c:b1:c7:
                    09:ee:11:0e:ec:43:65:fb:3b:ae:e4:9b:78:61:b7:
                    5f:e3:08:a9:24:19:13:ff:a4:50:c3:c4:ce:d7:85:
                    cc:18:04:77:b0:e6:e4:8b:b3:4f:72:f0:8a:a3:f1:
                    75:96:e4:63:ef:e7:f7:13:06:04:e2:f6:33:20:e9:
                    3f:b0:c0:f0:44:b2:0b:eb:69:43:4f:02:01:9a:38:
                    e8:f6:a8:07:a0:e1:1c:40:f3:3c:b2:1b:24:fb:0d:
                    a3:77:0f:4f:c1:67:9d:0d:88:f3:a2:28:41:0b:68:
                    5d:dc:54:14:11:d1:f6:04:e3:48:a0:25:03:f3:ea:
                    71:77:4d:29:61:16:f5:45:8a:6a:82:11:0c:91:2e:
                    58:8c:3d:ca:57:8c:b9:fc:3b:ea:a6:a5:6a:47:8a:
                    87:c8:df:ad:09:2f:71:25:64:dc:6a:17:99:1d:9d:
                    14:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:4F:94:3B:BE:E4:7E:25:3E:E7:E5:CA:09:56:4D:CC:19:3D:18:66
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4e351fa8-3b89-4512-a16b-5c307fc6f611.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf0:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         6b:7e:a2:1d:90:c4:22:cc:d9:d1:46:df:de:63:46:a2:88:41:
         3b:07:95:5b:d7:f1:fc:21:f0:e8:6e:32:a2:c4:e7:7f:ec:e8:
         1e:e7:4b:94:4d:ab:da:42:37:1a:64:6c:88:21:9c:7c:85:04:
         2f:29:7a:bc:a8:92:3e:af:aa:87:35:92:b7:c2:ad:61:71:0a:
         d4:37:b3:b2:3e:df:48:b3:c3:ad:fa:f4:f7:c8:60:f1:13:38:
         76:74:91:bd:14:c1:1f:14:c0:f9:b9:b0:c8:d5:14:a5:c2:a6:
         1c:0b:89:d4:cc:e5:cf:b7:b2:a3:80:a2:a4:94:96:87:a1:86:
         d6:73:64:59:13:a7:c4:60:8f:71:99:de:3d:fd:2f:83:90:2a:
         60:d5:3f:56:01:29:8d:15:b0:20:bc:b1:73:6f:60:fc:83:07:
         af:0c:c9:cc:f2:53:b4:6b:60:91:5a:1a:f2:39:d2:53:3f:a0:
         ee:ea:09:45:12:a3:34:7b:01:e7:5f:69:73:1c:f6:ef:f6:d9:
         2e:ea:e4:8d:4f:56:ae:99:dc:d6:91:d8:91:fe:ed:e1:7e:e2:
         57:5a:09:9d:0f:a7:7b:6e:4f:2c:fc:e2:53:fd:bb:a4:f4:5a:
         78:8f:91:b3:13:c8:81:92:70:ff:92:a1:f5:18:c7:69:d3:36:
         3d:41:78:a9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMHCW+RA9sQOdsgx2v5sP/pMO/F0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUzMTAwMDAwMFoX
DTI0MDcwNTIzNTk1OVowejFJMEcGA1UEBRNANzdmZDg2ZDg2MTY0MWQ4NGZmZDY3
OTA0Zjk1MDRhZGU0MjdmMjQ4YTBiN2E1MjMzNmZmY2EwYjBjYmNhYTJiYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6gsCXpKt57F/bdmxVgcYCNc75Oe
8tzhSE1C/AuR++/XT7urjkNAAX6zGzyI+/4+ydYFryczB012+caKJUqKTnNyMtzA
Y/Y/U3Yy8j2mvVssMVur54icsccJ7hEO7ENl+zuu5Jt4Ybdf4wipJBkT/6RQw8TO
14XMGAR3sObki7NPcvCKo/F1luRj7+f3EwYE4vYzIOk/sMDwRLIL62lDTwIBmjjo
9qgHoOEcQPM8shsk+w2jdw9PwWedDYjzoihBC2hd3FQUEdH2BONIoCUD8+pxd00p
YRb1RYpqghEMkS5YjD3KV4y5/DvqpqVqR4qHyN+tCS9xJWTcaheZHZ0UIQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEFPlDu+5H4lPuflyglWTcwZPRhmMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRlMzUxZmE4LTNiODktNDUxMi1hMTZiLTVjMzA3ZmM2ZjYxMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8AgwDQYJKoZIhvcNAQELBQADggEBAGt+oh2QxCLM2dFG395j
RqKIQTsHlVvX8fwh8OhuMqLE53/s6B7nS5RNq9pCNxpkbIghnHyFBC8peryokj6v
qoc1krfCrWFxCtQ3s7I+30izw6369PfIYPETOHZ0kb0UwR8UwPm5sMjVFKXCphwL
idTM5c+3sqOAoqSUloehhtZzZFkTp8Rgj3GZ3j39L4OQKmDVP1YBKY0VsCC8sXNv
YPyDB68MyczyU7RrYJFaGvI50lM/oO7qCUUSozR7AedfaXMc9u/22S7q5I1PVq6Z
3NaR2JH+7eF+4ldaCZ0Pp3tuTyz84lP9u6T0WniPkbMTyIGScP+SofUYx2nTNj1B
eKk=
-----END CERTIFICATE-----
Generated at Mon Jun 17 18:19:39 2024 by rpki-client on console-ams.rpki-client.org