Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd4f1fa-ef72-445b-8178-cdb0ba581ea1.roa
File:                     4fd4f1fa-ef72-445b-8178-cdb0ba581ea1.roa (raw, json)
Hash identifier:          gL2GBYhxH7S+nD9/oj3Fdt3diEIYWOQ+TjiRlu4OlWU=
Subject key identifier:   AE:2D:8E:D2:6C:64:98:7C:F1:42:05:FE:1F:5C:C2:A9:68:2A:C8:3C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0C7A55A3F49D880C528E8B2BC5DE302702FDF62D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd4f1fa-ef72-445b-8178-cdb0ba581ea1.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:7a:55:a3:f4:9d:88:0c:52:8e:8b:2b:c5:de:30:27:02:fd:f6:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=e14c172494c0258513308e3a409b6164c6d4890dfa2df1528cd9be6d1bfe0e6c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e4:b0:fd:97:53:49:90:72:1e:cb:03:c6:86:
                    db:f9:eb:f2:fe:a6:33:58:84:56:7b:bc:28:90:27:
                    f8:87:32:bd:63:14:78:f0:71:5d:6b:46:d0:bc:3c:
                    19:14:c9:c1:2f:31:58:d0:41:21:d4:83:41:8d:d0:
                    6d:d2:b2:1f:17:6e:2a:96:9b:54:e2:35:f3:99:bc:
                    48:7c:c0:b1:45:df:4f:fb:0b:10:a2:da:3c:61:87:
                    46:e6:c1:96:d5:95:37:1c:f7:a5:17:85:fc:83:a5:
                    9b:70:22:3c:a9:d9:4b:f5:fa:5e:1e:44:f9:0b:3a:
                    9b:f0:62:ff:4e:1a:5d:8f:c3:41:08:6f:16:7c:e7:
                    59:b6:70:b3:20:94:28:5c:d3:26:b7:24:e3:69:ab:
                    69:f8:e3:c9:78:11:0a:2b:1b:78:17:b9:8d:e2:c2:
                    07:1b:5a:e0:02:db:d5:c1:a6:f7:ff:28:9c:0e:68:
                    91:aa:49:c0:f4:1f:75:a2:fd:b8:f1:b5:ed:c2:24:
                    63:74:5e:a0:4b:fe:77:4b:fb:08:1b:e1:96:23:1c:
                    c6:b7:75:b5:b7:ca:bb:03:ee:e4:bb:56:bf:77:e5:
                    23:2c:93:4e:df:ba:1e:49:27:cb:21:cc:35:3b:13:
                    a2:72:b3:ba:4b:15:22:cd:17:82:6a:9e:1d:8c:86:
                    d8:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:2D:8E:D2:6C:64:98:7C:F1:42:05:FE:1F:5C:C2:A9:68:2A:C8:3C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd4f1fa-ef72-445b-8178-cdb0ba581ea1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0b:32:93:3b:d9:aa:1b:7c:c1:c4:48:b1:dc:65:2a:70:ca:ac:
         7f:12:80:d1:2c:b1:be:dd:d1:34:8b:92:67:04:d9:57:68:e8:
         5b:25:d3:f6:21:de:9b:53:2b:20:b5:cb:bb:94:5d:3c:47:de:
         46:54:74:63:40:dd:fd:83:0d:3a:c3:07:2b:ab:95:82:84:21:
         a4:7e:31:54:a9:2e:da:0c:34:fa:58:d0:ae:d3:ca:ba:df:f9:
         72:de:8c:d7:ce:8c:1c:86:ae:8c:ba:ec:85:1c:ca:e6:3f:85:
         51:c1:65:0d:6b:ab:c7:7f:d5:92:90:8a:62:c2:d1:f6:91:98:
         55:c6:97:29:46:37:36:4f:5a:75:14:d2:ab:4d:e7:37:df:36:
         29:4c:ec:a2:fc:09:86:03:1d:04:94:ae:6d:fa:44:7f:ff:92:
         9f:1e:f0:f2:d5:d8:49:98:50:e2:e7:ea:f5:46:d6:d9:67:f4:
         db:ab:1f:7e:5d:78:f2:27:ec:99:d3:1f:dd:9a:39:f3:b3:13:
         77:fd:76:81:87:b3:1d:1d:cd:a3:06:ae:98:da:f0:a2:76:ff:
         a2:e5:04:23:55:5b:b6:1c:44:9d:94:35:24:4f:44:f0:06:e1:
         f3:2e:e0:1a:c0:41:74:ef:de:f1:df:73:71:8c:1b:ae:ae:57:
         7a:f2:77:d5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUDHpVo/SdiAxSjosrxd4wJwL99i0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAZTE0YzE3MjQ5NGMwMjU4NTEzMzA4
ZTNhNDA5YjYxNjRjNmQ0ODkwZGZhMmRmMTUyOGNkOWJlNmQxYmZlMGU2YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOSw/ZdTSZByHssDxobb+evy/qYz
WIRWe7wokCf4hzK9YxR48HFda0bQvDwZFMnBLzFY0EEh1INBjdBt0rIfF24qlptU
4jXzmbxIfMCxRd9P+wsQoto8YYdG5sGW1ZU3HPelF4X8g6WbcCI8qdlL9fpeHkT5
Czqb8GL/Thpdj8NBCG8WfOdZtnCzIJQoXNMmtyTjaatp+OPJeBEKKxt4F7mN4sIH
G1rgAtvVwab3/yicDmiRqknA9B91ov248bXtwiRjdF6gS/53S/sIG+GWIxzGt3W1
t8q7A+7ku1a/d+UjLJNO37oeSSfLIcw1OxOicrO6SxUizReCap4djIbY8QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFK4tjtJsZJh88UIF/h9cwqloKsg8MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRmZDRmMWZhLWVmNzItNDQ1Yi04MTc4LWNkYjBiYTU4MWVhMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaAKAwDQYJKoZIhvcNAQELBQADggEBAAsykzvZqht8wcRIsdxl
KnDKrH8SgNEssb7d0TSLkmcE2Vdo6Fsl0/Yh3ptTKyC1y7uUXTxH3kZUdGNA3f2D
DTrDByurlYKEIaR+MVSpLtoMNPpY0K7Tyrrf+XLejNfOjByGroy67IUcyuY/hVHB
ZQ1rq8d/1ZKQimLC0faRmFXGlylGNzZPWnUU0qtN5zffNilM7KL8CYYDHQSUrm36
RH//kp8e8PLV2EmYUOLn6vVG1tln9NurH35dePIn7JnTH92aOfOzE3f9doGHsx0d
zaMGrpja8KJ2/6LlBCNVW7YcRJ2UNSRPRPAG4fMu4BrAQXTv3vHfc3GMG66uV3ry
d9U=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:45 2023 by rpki-client on console-fra.rpki-client.org