Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fe6a299-f119-4899-820b-ec885ec1a4a3.roa
File:                     4fe6a299-f119-4899-820b-ec885ec1a4a3.roa (raw, json)
Hash identifier:          XTpbPVE5w4ZYy71vS9S8MJs5XzmNXH/oDVnWWrlZsqI=
Subject key identifier:   87:EF:DB:57:79:5F:65:C0:D4:96:A5:90:D7:7E:D6:40:34:86:11:5A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2D89976E0238C6FE0DEEC5F45C9A681FCD6125C8
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fe6a299-f119-4899-820b-ec885ec1a4a3.roa
Signing time:             Sat 16 Mar 2024 00:00:00 +0000
ROA not before:           Sat 16 Mar 2024 00:00:00 +0000
ROA not after:            Sat 20 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:89:97:6e:02:38:c6:fe:0d:ee:c5:f4:5c:9a:68:1f:cd:61:25:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 16 00:00:00 2024 GMT
            Not After : Apr 20 23:59:59 2024 GMT
        Subject: serialNumber=35e5a62d107ca64ebe9803092658bfcd301ab6986a8c9fce4c9c75fd016e42a8, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0e:62:77:d7:d1:bc:fc:23:fa:94:aa:30:b2:
                    fa:c3:cc:26:d0:28:cb:8a:9d:2a:5a:3d:1d:ca:e3:
                    22:85:c5:9b:2c:f7:39:6d:b8:84:a1:43:61:4d:88:
                    2c:06:7e:72:28:9f:7e:d0:86:ac:9a:5d:26:5f:c4:
                    99:a1:33:98:d0:52:43:eb:be:aa:73:f4:62:c6:83:
                    d1:59:8a:8c:44:3b:35:e1:08:3b:e5:e7:81:e4:77:
                    2e:27:1f:bb:b7:0f:4b:12:c7:94:0b:8c:be:7a:20:
                    f1:1d:5f:ea:e7:e1:0d:7a:e1:8b:69:35:46:20:cf:
                    37:9c:d7:e5:f2:4f:39:a8:c3:bc:38:03:87:31:04:
                    cb:72:c3:59:06:b2:59:2a:51:43:44:b4:0b:cf:60:
                    37:9d:e3:29:80:df:2f:2d:cf:44:7d:21:72:3a:8a:
                    f0:a5:47:2c:d9:b7:92:7a:54:c3:10:b2:c0:9c:ed:
                    db:ea:7d:24:57:19:b3:a6:9a:54:c0:2b:84:fe:e3:
                    60:fd:d1:db:96:88:8e:a5:f6:ac:2a:75:41:4b:59:
                    eb:0e:10:41:82:0d:e3:1b:e5:8b:3b:cd:97:ef:de:
                    72:3d:4d:cf:99:9e:64:22:28:36:9a:2c:ce:c6:ba:
                    a4:61:db:a2:4c:94:c5:fc:0b:06:fd:ce:1f:7c:f8:
                    42:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:EF:DB:57:79:5F:65:C0:D4:96:A5:90:D7:7E:D6:40:34:86:11:5A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fe6a299-f119-4899-820b-ec885ec1a4a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c7:15:31:8c:54:7c:ce:67:68:b1:25:43:b3:17:d8:03:fd:47:
         64:86:ac:3e:8d:95:93:d7:ca:5e:b7:06:6a:6f:68:c6:e5:10:
         06:f1:5e:86:a5:b3:25:70:e5:7b:79:c1:c1:cb:8d:8e:d6:93:
         2c:da:d3:31:10:ee:4b:8b:e5:68:f4:52:69:6a:f3:30:9e:8d:
         4e:83:dd:11:49:b9:ed:80:1f:fc:7b:da:68:9e:82:f0:7b:60:
         ba:cf:90:68:3b:3e:88:ab:18:81:df:54:e7:82:64:93:7c:99:
         53:c7:fb:38:ad:a9:1d:0e:6b:96:74:6b:ae:c7:8d:36:c0:f6:
         aa:af:ee:f1:a2:a8:c5:f1:48:dc:65:f2:41:90:8e:39:a5:7c:
         fa:05:ae:5a:09:a4:86:8f:1a:a0:be:04:3e:af:ef:20:d8:a5:
         12:8b:35:b0:9f:58:e3:85:63:9d:7e:e1:96:c7:a9:3b:67:b3:
         82:8c:c3:9f:77:0c:53:96:83:ec:c8:b4:2c:2f:b6:63:7b:6e:
         b7:94:eb:0f:ec:4d:b4:0e:17:e6:3e:08:40:6a:3b:55:c2:28:
         7d:05:7c:ec:ba:12:c5:ac:80:cc:ed:67:a5:7d:02:be:17:0c:
         76:3a:b6:9a:23:a1:31:0f:16:e9:51:f2:05:0a:b3:e7:f3:b5:
         c3:8a:a0:68
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULYmXbgI4xv4N7sX0XJpoH81hJcgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDMxNjAwMDAwMFoX
DTI0MDQyMDIzNTk1OVowejFJMEcGA1UEBRNAMzVlNWE2MmQxMDdjYTY0ZWJlOTgw
MzA5MjY1OGJmY2QzMDFhYjY5ODZhOGM5ZmNlNGM5Yzc1ZmQwMTZlNDJhODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA5id9fRvPwj+pSqMLL6w8wm0CjL
ip0qWj0dyuMihcWbLPc5bbiEoUNhTYgsBn5yKJ9+0Iasml0mX8SZoTOY0FJD676q
c/RixoPRWYqMRDs14Qg75eeB5HcuJx+7tw9LEseUC4y+eiDxHV/q5+ENeuGLaTVG
IM83nNfl8k85qMO8OAOHMQTLcsNZBrJZKlFDRLQLz2A3neMpgN8vLc9EfSFyOorw
pUcs2beSelTDELLAnO3b6n0kVxmzpppUwCuE/uNg/dHbloiOpfasKnVBS1nrDhBB
gg3jG+WLO82X795yPU3PmZ5kIig2mizOxrqkYduiTJTF/AsG/c4ffPhCgwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIfv21d5X2XA1JalkNd+1kA0hhFaMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRmZTZhMjk5LWYxMTktNDg5OS04MjBiLWVjODg1ZWMxYTRhMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9yAwDQYJKoZIhvcNAQELBQADggEBAMcVMYxUfM5naLElQ7MX
2AP9R2SGrD6NlZPXyl63BmpvaMblEAbxXoalsyVw5Xt5wcHLjY7Wkyza0zEQ7kuL
5Wj0Umlq8zCejU6D3RFJue2AH/x72miegvB7YLrPkGg7PoirGIHfVOeCZJN8mVPH
+zitqR0Oa5Z0a67HjTbA9qqv7vGiqMXxSNxl8kGQjjmlfPoFrloJpIaPGqC+BD6v
7yDYpRKLNbCfWOOFY51+4ZbHqTtns4KMw593DFOWg+zItCwvtmN7breU6w/sTbQO
F+Y+CEBqO1XCKH0FfOy6EsWsgMztZ6V9Ar4XDHY6tpojoTEPFulR8gUKs+fztcOK
oGg=
-----END CERTIFICATE-----
Generated at Thu Mar 28 00:59:36 2024 by rpki-client on console-fra.rpki-client.org