Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fe6a299-f119-4899-820b-ec885ec1a4a3.roa
File:                     4fe6a299-f119-4899-820b-ec885ec1a4a3.roa (raw, json)
Hash identifier:          +raN6O6Yb3IgZCLH2oqZAnkit/ynTYZCo98ghYntRS8=
Subject key identifier:   6B:E4:C1:EA:68:96:79:25:74:9D:FB:A4:4E:EA:31:6B:2C:97:0D:60
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       38C04D867937138D3F366012FD904ADFCDF695A6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fe6a299-f119-4899-820b-ec885ec1a4a3.roa
Signing time:             Fri 31 May 2024 00:00:00 +0000
ROA not before:           Fri 31 May 2024 00:00:00 +0000
ROA not after:            Fri 05 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 25 Jun 2024 00:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:c0:4d:86:79:37:13:8d:3f:36:60:12:fd:90:4a:df:cd:f6:95:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 31 00:00:00 2024 GMT
            Not After : Jul  5 23:59:59 2024 GMT
        Subject: serialNumber=1dc1a227a4008bd9d32d40c889dca0db06c7d221d2088d97c56ef66351738c77, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:10:c7:8d:76:1d:ba:b0:f3:ca:31:a6:5f:19:
                    a5:93:0d:58:51:5a:15:59:3f:4a:3a:07:3b:68:d3:
                    13:b8:51:08:71:98:7b:e4:9a:d9:a3:c8:72:87:6b:
                    a2:d5:d1:2e:e1:b9:51:6d:30:b8:30:2d:6c:ac:3b:
                    d2:cb:01:ab:bf:04:5c:a9:eb:b7:9a:b4:52:47:f4:
                    62:9a:32:58:40:b0:d8:fc:39:3d:f7:f0:9a:15:10:
                    15:55:7e:28:d1:74:f9:5f:61:fc:10:45:b9:7a:bb:
                    e3:aa:2a:f9:0a:bc:77:ca:13:19:b6:fa:ca:84:3e:
                    50:66:48:88:17:79:a6:99:ef:eb:8c:34:ee:ef:bf:
                    15:93:78:74:e1:23:a3:83:e7:71:42:4d:30:51:b4:
                    d8:1d:ec:0d:05:f8:94:05:42:b4:0a:a4:f5:df:0e:
                    46:5b:a6:24:40:38:32:16:54:47:2a:57:e2:28:47:
                    ba:2c:92:74:64:32:58:1d:a8:fb:04:dd:5e:46:49:
                    43:d1:a9:37:ac:7c:30:86:07:07:38:f4:73:ba:b7:
                    b4:85:15:22:78:55:98:b5:9c:83:a4:e0:98:1c:42:
                    84:48:3e:1d:b4:97:ad:f3:62:27:50:68:52:ba:ce:
                    96:30:c5:e7:5c:a7:9a:b0:63:14:fd:2e:21:6a:43:
                    22:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E4:C1:EA:68:96:79:25:74:9D:FB:A4:4E:EA:31:6B:2C:97:0D:60
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fe6a299-f119-4899-820b-ec885ec1a4a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         03:90:96:ec:d5:3c:a6:f0:84:35:dd:e8:17:11:1b:56:1b:ea:
         d4:5f:81:1d:e5:33:66:c5:ec:c1:b0:d1:ee:50:75:6b:38:48:
         9c:ef:39:10:53:30:b4:64:4c:e4:bb:bc:af:b8:8f:1a:9e:ca:
         3b:2d:24:99:b9:b9:ee:d9:de:89:0d:86:c1:37:9c:07:80:1c:
         1f:e6:80:93:76:3c:0f:47:e5:e4:95:cd:69:d9:fb:8c:94:3e:
         47:f3:08:a4:4d:50:94:a7:2e:03:55:25:2c:1a:f2:ef:0c:9d:
         ba:f2:a8:17:3b:25:fc:ca:9e:eb:3f:c9:5c:81:5e:5f:8e:14:
         7e:9f:72:27:e5:3a:0b:00:f3:44:0b:22:df:40:4b:3e:91:56:
         0a:47:7f:ca:f5:77:f2:83:32:53:c5:c5:fb:f3:fd:a4:ff:c6:
         6b:11:06:f7:36:5e:4c:d7:30:dd:a4:f5:10:3d:c0:91:9a:35:
         5a:4c:7a:88:81:af:7a:52:51:e0:18:40:c7:09:3f:10:b4:41:
         83:ff:50:43:eb:04:d2:20:f8:b5:07:35:b9:0d:87:95:01:c1:
         d0:0d:17:fd:90:95:6d:64:be:16:e3:58:34:d8:43:11:49:07:
         8f:a0:5b:8d:c1:41:58:fa:f6:cd:e0:14:e2:95:0d:66:24:f6:
         4e:78:09:b7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUOMBNhnk3E40/NmAS/ZBK3832laYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUzMTAwMDAwMFoX
DTI0MDcwNTIzNTk1OVowejFJMEcGA1UEBRNAMWRjMWEyMjdhNDAwOGJkOWQzMmQ0
MGM4ODlkY2EwZGIwNmM3ZDIyMWQyMDg4ZDk3YzU2ZWY2NjM1MTczOGM3NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRDHjXYdurDzyjGmXxmlkw1YUVoV
WT9KOgc7aNMTuFEIcZh75JrZo8hyh2ui1dEu4blRbTC4MC1srDvSywGrvwRcqeu3
mrRSR/RimjJYQLDY/Dk99/CaFRAVVX4o0XT5X2H8EEW5ervjqir5Crx3yhMZtvrK
hD5QZkiIF3mmme/rjDTu778Vk3h04SOjg+dxQk0wUbTYHewNBfiUBUK0CqT13w5G
W6YkQDgyFlRHKlfiKEe6LJJ0ZDJYHaj7BN1eRklD0ak3rHwwhgcHOPRzure0hRUi
eFWYtZyDpOCYHEKESD4dtJet82InUGhSus6WMMXnXKeasGMU/S4hakMiuwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGvkwepolnkldJ37pE7qMWsslw1gMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRmZTZhMjk5LWYxMTktNDg5OS04MjBiLWVjODg1ZWMxYTRhMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9yAwDQYJKoZIhvcNAQELBQADggEBAAOQluzVPKbwhDXd6BcR
G1Yb6tRfgR3lM2bF7MGw0e5QdWs4SJzvORBTMLRkTOS7vK+4jxqeyjstJJm5ue7Z
3okNhsE3nAeAHB/mgJN2PA9H5eSVzWnZ+4yUPkfzCKRNUJSnLgNVJSwa8u8Mnbry
qBc7JfzKnus/yVyBXl+OFH6fciflOgsA80QLIt9ASz6RVgpHf8r1d/KDMlPFxfvz
/aT/xmsRBvc2XkzXMN2k9RA9wJGaNVpMeoiBr3pSUeAYQMcJPxC0QYP/UEPrBNIg
+LUHNbkNh5UBwdANF/2QlW1kvhbjWDTYQxFJB4+gW43BQVj69s3gFOKVDWYk9k54
Cbc=
-----END CERTIFICATE-----
Generated at Fri Jun 21 01:18:45 2024 by rpki-client on console-fra.rpki-client.org