Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4e9beec2-4dab-4f31-b0cb-ad6a3a5761b2.roa
File:                     4e9beec2-4dab-4f31-b0cb-ad6a3a5761b2.roa (raw, json)
Hash identifier:          T2l5+ObUBHMInWCx5TXfC0USeu2QXjbkr/MVWFUz6mk=
Subject key identifier:   38:BE:D4:4F:E8:69:C1:52:49:AA:D5:43:A7:86:4B:8A:68:2A:AC:53
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6FD1CE9CF1A4EB11FEEBD3C397A15BDF974B4924
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4e9beec2-4dab-4f31-b0cb-ad6a3a5761b2.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafa:c000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Sep 2023 12:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d1:ce:9c:f1:a4:eb:11:fe:eb:d3:c3:97:a1:5b:df:97:4b:49:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=d9e88eed267f0373e26f635aaaf9804b0fcbc177bf8883f55c954ad395099f0d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:49:20:32:fa:13:26:1e:21:b7:34:c2:6a:87:
                    7c:76:54:9e:72:2e:34:6b:32:42:34:36:5f:39:01:
                    25:82:b3:0b:71:8b:71:06:b8:82:29:a2:ac:3e:0e:
                    c8:8b:b0:76:02:8b:d0:cb:4f:91:33:52:5e:c6:d4:
                    f2:be:59:12:69:71:27:6b:49:4d:ed:03:87:30:2a:
                    1c:31:e8:ed:bd:a4:d3:0f:3a:0b:d2:1a:d4:5c:fa:
                    2b:ed:29:89:0c:48:88:5b:8a:5b:78:c5:ed:bd:a5:
                    27:d3:99:46:f9:cf:f3:3f:be:58:93:51:c8:54:98:
                    84:5a:8a:23:2c:81:63:38:29:cf:27:d8:06:5c:e0:
                    00:c6:82:f0:6f:0e:70:35:ff:6c:bb:3c:b9:56:84:
                    1a:32:37:e8:51:77:41:bd:0e:25:25:03:ac:ce:66:
                    25:5b:63:28:98:c7:83:53:fe:c7:b3:9b:85:b1:e6:
                    fd:56:6b:2f:37:0f:2c:ce:4b:c5:1b:d5:6d:57:94:
                    29:70:7d:55:e6:b6:3e:98:a6:2f:96:f5:4f:11:79:
                    ab:d4:d0:fa:2c:56:25:6e:dd:5c:76:96:b4:d6:26:
                    e6:66:c1:5d:98:b6:f7:f0:ca:b4:34:59:bb:6d:8e:
                    5a:3b:c7:83:f7:e5:87:f4:c0:44:d2:e7:2f:99:03:
                    27:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:BE:D4:4F:E8:69:C1:52:49:AA:D5:43:A7:86:4B:8A:68:2A:AC:53
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4e9beec2-4dab-4f31-b0cb-ad6a3a5761b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafa:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:a7:32:f7:88:4b:20:4d:0e:7b:fd:52:e9:85:28:bd:a8:7b:
         f5:0f:ec:6d:7a:66:46:ff:28:ce:d3:fd:0d:84:7b:55:bb:12:
         94:6f:6d:ee:b6:19:e5:4f:80:c2:ec:54:4c:1d:41:f1:11:ce:
         39:1d:4e:3c:f1:28:78:71:6a:3a:6c:bb:46:00:68:9f:77:58:
         7c:b7:6f:9d:8f:d3:87:25:2b:40:c2:1c:09:fd:be:09:8b:e2:
         cb:76:f3:dc:8d:6e:b7:a3:2f:7a:fe:d0:49:c9:8f:a7:e1:5c:
         63:89:fd:66:86:88:2e:36:85:7b:72:98:59:c6:aa:16:c9:f9:
         3c:88:5a:d7:fb:ef:20:41:3f:46:ec:01:c0:ee:f8:1f:70:c0:
         3c:1c:ee:0d:93:80:fe:86:de:7e:03:16:18:af:17:04:9a:66:
         21:10:20:78:fe:b1:8c:67:cb:cb:c3:d0:a4:ba:7e:50:b5:c3:
         09:ca:28:f8:65:b8:e0:a8:4c:c5:a9:82:ad:30:b2:b6:bc:0e:
         2b:bc:d1:d4:71:c7:a9:4e:1f:d7:9d:ae:0e:f9:4a:be:72:ab:
         1c:03:fb:ce:85:48:c2:16:6d:00:bb:2c:fe:96:64:a3:f1:ba:
         2a:ab:8f:59:86:4a:83:02:2e:c3:7c:80:0d:81:9a:05:79:d5:
         98:d4:aa:d8
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUb9HOnPGk6xH+69PDl6Fb35dLSSQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkyMjAwMDAwMFoX
DTIzMTAyNzIzNTk1OVowejFJMEcGA1UEBRNAZDllODhlZWQyNjdmMDM3M2UyNmY2
MzVhYWFmOTgwNGIwZmNiYzE3N2JmODg4M2Y1NWM5NTRhZDM5NTA5OWYwZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEkgMvoTJh4htzTCaod8dlSeci40
azJCNDZfOQElgrMLcYtxBriCKaKsPg7Ii7B2AovQy0+RM1JextTyvlkSaXEna0lN
7QOHMCocMejtvaTTDzoL0hrUXPor7SmJDEiIW4pbeMXtvaUn05lG+c/zP75Yk1HI
VJiEWoojLIFjOCnPJ9gGXOAAxoLwbw5wNf9suzy5VoQaMjfoUXdBvQ4lJQOszmYl
W2MomMeDU/7Hs5uFseb9VmsvNw8szkvFG9VtV5QpcH1V5rY+mKYvlvVPEXmr1ND6
LFYlbt1cdpa01ibmZsFdmLb38Mq0NFm7bY5aO8eD9+WH9MBE0ucvmQMnrQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDi+1E/oacFSSarVQ6eGS4poKqxTMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRlOWJlZWMyLTRkYWItNGYzMS1iMGNiLWFkNmEzYTU3NjFiMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+sAwDQYJKoZIhvcNAQELBQADggEBABqnMveISyBNDnv9UumF
KL2oe/UP7G16Zkb/KM7T/Q2Ee1W7EpRvbe62GeVPgMLsVEwdQfERzjkdTjzxKHhx
ajpsu0YAaJ93WHy3b52P04clK0DCHAn9vgmL4st289yNbrejL3r+0EnJj6fhXGOJ
/WaGiC42hXtymFnGqhbJ+TyIWtf77yBBP0bsAcDu+B9wwDwc7g2TgP6G3n4DFhiv
FwSaZiEQIHj+sYxny8vD0KS6flC1wwnKKPhluOCoTMWpgq0wsra8Diu80dRxx6lO
H9edrg75Sr5yqxwD+86FSMIWbQC7LP6WZKPxuiqrj1mGSoMCLsN8gA2BmgV51ZjU
qtg=
-----END CERTIFICATE-----
Generated at Fri Sep 22 00:27:51 2023 by rpki-client on console-ams.rpki-client.org