Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd1d514-e9ac-44a6-93a0-af9ce79fc3de.roa
File:                     4fd1d514-e9ac-44a6-93a0-af9ce79fc3de.roa (raw, json)
Hash identifier:          ERLUL/8fNc8X10PXApZdfXoYh+j1OFiem0x8k7hthgk=
Subject key identifier:   39:2F:CD:EB:A9:20:81:83:DD:53:FE:31:1A:FC:1D:7E:96:56:59:EB
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       70F0A34861E8B0113EB918C792C7F4ABB8EDAF1E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd1d514-e9ac-44a6-93a0-af9ce79fc3de.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:f0:a3:48:61:e8:b0:11:3e:b9:18:c7:92:c7:f4:ab:b8:ed:af:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=12df59c2f69a055b60b5940cfa66d91f4bb5fa7636fae0191f443bce5352a5cd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:f1:dc:f6:26:32:1b:02:35:c1:29:c9:14:c6:
                    68:b5:39:e1:41:aa:00:dd:e0:97:c6:10:5f:c4:3d:
                    ed:31:57:e7:49:b3:83:50:f7:88:01:40:ad:20:ce:
                    0b:a3:84:74:9d:39:fa:89:18:73:06:18:6b:5a:f1:
                    1c:72:32:37:ba:01:15:67:46:47:4c:ff:5c:0b:d9:
                    18:93:62:7b:6c:e7:b9:09:09:7d:e4:13:49:fe:5a:
                    36:c0:6c:d1:94:6f:0e:65:b8:df:31:87:84:f7:35:
                    58:44:c0:ed:fb:19:ca:e6:19:f4:aa:b1:d4:4d:1b:
                    1b:f1:34:44:ac:b2:75:49:01:b0:7c:0a:87:d9:48:
                    4e:17:ff:46:35:5e:06:af:f5:4a:90:e4:84:ae:67:
                    09:2b:de:c0:55:71:84:2c:b2:80:00:45:b0:fc:0b:
                    f5:60:3b:3d:8c:69:59:f6:1d:ee:59:f0:9a:85:a1:
                    4b:ba:e4:c0:bc:1d:1d:43:40:e1:84:d3:66:ed:9b:
                    79:cb:38:6c:39:df:1d:26:c1:f1:f4:c3:e2:21:6f:
                    9b:15:47:9d:e9:73:12:d3:8e:b0:78:3a:28:18:e8:
                    8f:1b:17:0e:d8:34:77:94:8c:87:df:f6:af:03:d1:
                    ed:0e:3b:fb:ef:f0:42:26:3d:0c:f8:f1:51:0d:66:
                    f1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:2F:CD:EB:A9:20:81:83:DD:53:FE:31:1A:FC:1D:7E:96:56:59:EB
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd1d514-e9ac-44a6-93a0-af9ce79fc3de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:17:ed:86:3f:5b:a7:91:19:73:ad:bf:89:32:7b:7c:97:20:
         0f:7a:4e:4d:54:2f:70:78:24:01:07:63:b8:91:8e:cf:50:7b:
         ac:00:18:05:c7:9b:9c:f0:1e:dd:b4:5c:78:d3:64:d7:90:c9:
         3e:43:eb:76:3e:f2:4f:31:4f:c2:fd:05:e1:14:ca:b9:31:ea:
         05:19:f8:58:6a:05:97:5b:9a:1c:c4:f2:89:48:3e:1d:08:65:
         1d:62:26:94:a0:21:50:f3:ba:b3:f6:53:24:e0:3a:b8:9b:31:
         8f:c5:06:ac:4b:60:2c:7e:62:57:ef:6d:63:dc:14:78:1b:06:
         44:66:71:81:56:5f:3a:31:03:ae:73:bb:7e:e4:ee:11:e6:d8:
         43:36:96:26:cc:d2:ba:13:82:7e:21:d5:bb:c5:64:db:70:b3:
         21:10:b4:b2:b3:2f:05:52:80:f4:94:71:7b:bf:15:a2:5d:77:
         a5:7e:3a:4b:b3:01:f4:78:d6:5a:43:1a:d6:7f:8d:39:08:9a:
         9c:0c:64:06:0b:a1:3a:03:b8:07:31:18:48:72:cf:87:7b:b8:
         f8:6b:e8:67:62:b8:b5:76:12:37:fd:c1:5a:d9:bb:64:85:60:
         c2:c6:45:e8:bb:2d:65:98:a5:be:2e:d2:22:99:9e:1d:11:ae:
         58:2a:e8:eb
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcPCjSGHosBE+uRjHksf0q7jtrx4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAMTJkZjU5YzJmNjlhMDU1YjYwYjU5
NDBjZmE2NmQ5MWY0YmI1ZmE3NjM2ZmFlMDE5MWY0NDNiY2U1MzUyYTVjZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5vHc9iYyGwI1wSnJFMZotTnhQaoA
3eCXxhBfxD3tMVfnSbODUPeIAUCtIM4Lo4R0nTn6iRhzBhhrWvEccjI3ugEVZ0ZH
TP9cC9kYk2J7bOe5CQl95BNJ/lo2wGzRlG8OZbjfMYeE9zVYRMDt+xnK5hn0qrHU
TRsb8TRErLJ1SQGwfAqH2UhOF/9GNV4Gr/VKkOSErmcJK97AVXGELLKAAEWw/Av1
YDs9jGlZ9h3uWfCahaFLuuTAvB0dQ0DhhNNm7Zt5yzhsOd8dJsHx9MPiIW+bFUed
6XMS046weDooGOiPGxcO2DR3lIyH3/avA9HtDjv77/BCJj0M+PFRDWbxUQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDkvzeupIIGD3VP+MRr8HX6WVlnrMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRmZDFkNTE0LWU5YWMtNDRhNi05M2EwLWFmOWNlNzlmYzNkZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOEAwDQYJKoZIhvcNAQELBQADggEBAH0X7YY/W6eRGXOtv4ky
e3yXIA96Tk1UL3B4JAEHY7iRjs9Qe6wAGAXHm5zwHt20XHjTZNeQyT5D63Y+8k8x
T8L9BeEUyrkx6gUZ+FhqBZdbmhzE8olIPh0IZR1iJpSgIVDzurP2UyTgOribMY/F
BqxLYCx+YlfvbWPcFHgbBkRmcYFWXzoxA65zu37k7hHm2EM2libM0roTgn4h1bvF
ZNtwsyEQtLKzLwVSgPSUcXu/FaJdd6V+OkuzAfR41lpDGtZ/jTkImpwMZAYLoToD
uAcxGEhyz4d7uPhr6GdiuLV2Ejf9wVrZu2SFYMLGRei7LWWYpb4u0iKZnh0Rrlgq
6Os=
-----END CERTIFICATE-----
Generated at Fri Jun 14 16:48:07 2024 by rpki-client on console-fra.rpki-client.org