Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5ac76ccb-4f57-4185-ad2f-05bf338ba35d.roa
File:                     5ac76ccb-4f57-4185-ad2f-05bf338ba35d.roa (raw, json)
Hash identifier:          eKRw4Wn2xOHG93rLQcPRNBBkVV5zRMA4Qxo+KjMPElY=
Subject key identifier:   C7:D4:CF:CF:15:24:37:A3:CB:C2:C4:7E:65:CA:BD:B3:81:EA:B6:D4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       59C0AE69F3A7F50FB99FFCD4D82F64822D5E4BF6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5ac76ccb-4f57-4185-ad2f-05bf338ba35d.roa
Signing time:             Mon 03 Feb 2025 00:00:00 +0000
ROA not before:           Mon 03 Feb 2025 00:00:00 +0000
ROA not after:            Mon 10 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:60c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 09 Feb 2025 00:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:c0:ae:69:f3:a7:f5:0f:b9:9f:fc:d4:d8:2f:64:82:2d:5e:4b:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000
        Validity
            Not Before: Feb  3 00:00:00 2025 GMT
            Not After : Mar 10 23:59:59 2025 GMT
        Subject: CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9e:d1:75:de:04:d3:82:e3:ce:4e:1e:6f:04:
                    98:f8:5b:24:b0:c8:5a:71:31:d2:39:f2:64:6e:36:
                    c2:c0:df:f1:df:7a:39:be:df:3b:51:64:56:8f:86:
                    8d:34:8e:4e:4e:ff:8e:c3:d7:2a:2f:e4:5a:97:42:
                    ad:4a:de:57:9d:24:7f:63:19:46:55:03:30:08:21:
                    7d:0f:90:2f:67:75:a1:d7:8c:71:e0:6e:59:e3:f5:
                    d3:8b:59:e9:55:07:58:3f:a8:ed:44:2a:7c:d6:e7:
                    35:d9:78:e9:29:f6:2e:de:14:23:48:13:7e:d4:8d:
                    8c:e0:73:b7:b0:8d:3b:39:e9:06:5a:89:0a:73:22:
                    8c:9d:ee:fc:2d:0e:b1:69:0b:d7:8a:00:f1:0f:60:
                    e4:f5:93:88:0b:2e:eb:c1:93:c0:78:81:8a:91:c3:
                    af:61:07:f6:22:d6:64:d6:08:d5:43:a9:7c:ae:b6:
                    44:4e:40:48:21:59:9e:e5:83:50:62:f8:5f:21:ff:
                    37:ca:09:df:9d:e9:a8:10:20:60:7f:a8:be:53:04:
                    4a:ef:58:8d:7e:f7:9d:20:0d:e0:be:70:25:5b:a5:
                    76:c3:3b:ed:21:4e:a8:75:64:8a:41:c2:e4:fe:82:
                    9b:f9:7e:bd:8b:31:05:65:55:54:02:ed:85:31:80:
                    5d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D4:CF:CF:15:24:37:A3:CB:C2:C4:7E:65:CA:BD:B3:81:EA:B6:D4
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5ac76ccb-4f57-4185-ad2f-05bf338ba35d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:60c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         20:c7:bf:94:33:58:09:5a:3e:8f:91:39:68:a6:e3:66:80:53:
         0f:30:0a:0c:04:4c:76:7e:ea:9e:54:d5:cb:67:3d:63:e8:98:
         8a:c9:dd:30:f1:0c:ea:1f:fe:45:76:99:58:6e:72:b9:ac:9d:
         9c:34:d6:7b:c4:4c:38:d3:b5:0b:54:17:40:6f:b3:10:2b:b0:
         a3:c9:23:cc:ee:41:7a:90:d7:bf:fb:6d:74:d6:fd:18:9f:6a:
         f1:2a:94:7d:49:56:c4:a2:08:2b:52:dd:08:b5:2a:e7:d6:08:
         09:d9:de:95:24:5c:dc:48:3c:39:02:62:d5:f6:f9:f3:43:03:
         b6:f4:41:53:38:14:9e:e8:58:2b:af:19:29:9c:36:4a:9f:7f:
         b3:b5:7f:3b:15:25:ef:40:50:0d:ee:c5:dc:3b:3a:e7:78:fd:
         9f:cb:07:1b:ae:41:a9:aa:3f:6b:0c:65:09:ce:41:57:93:3f:
         60:26:d1:1f:65:cb:0e:b4:53:9a:85:fe:63:53:88:ba:01:64:
         93:47:e2:a4:42:5d:fe:48:bd:74:04:60:10:33:52:26:79:d7:
         51:cd:2a:da:73:7f:22:5f:70:ce:66:86:e6:62:16:04:e6:10:
         67:b9:49:2a:f6:fc:a8:4c:52:3f:fa:b1:c3:b3:fd:cf:a3:0d:
         3d:c7:e5:2d
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUWcCuafOn9Q+5n/zU2C9kgi1eS/YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDIwMzAwMDAwMFoX
DTI1MDMxMDIzNTk1OVowejFJMEcGA1UEBRNAMGQ4OTBlYTYxZWYyOWViMzBkMzUz
ZjM0ZDNmMDhmN2QxNjc3OGVmMjdmNjFkODc3NTNhYWMwOGMyYmY3ZGFjOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvp7Rdd4E04Ljzk4ebwSY+FsksMha
cTHSOfJkbjbCwN/x33o5vt87UWRWj4aNNI5OTv+Ow9cqL+Ral0KtSt5XnSR/YxlG
VQMwCCF9D5AvZ3Wh14xx4G5Z4/XTi1npVQdYP6jtRCp81uc12XjpKfYu3hQjSBN+
1I2M4HO3sI07OekGWokKcyKMne78LQ6xaQvXigDxD2Dk9ZOICy7rwZPAeIGKkcOv
YQf2ItZk1gjVQ6l8rrZETkBIIVme5YNQYvhfIf83ygnfnemoECBgf6i+UwRK71iN
fvedIA3gvnAlW6V2wzvtIU6odWSKQcLk/oKb+X69izEFZVVUAu2FMYBdswIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMfUz88VJDejy8LEfmXKvbOB6rbUMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzVhYzc2Y2NiLTRmNTctNDE4NS1hZDJmLTA1YmYzMzhiYTM1ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAbaaWDAMA0GCSqGSIb3DQEBCwUAA4IBAQAgx7+UM1gJWj6PkTlo
puNmgFMPMAoMBEx2fuqeVNXLZz1j6JiKyd0w8QzqH/5FdplYbnK5rJ2cNNZ7xEw4
07ULVBdAb7MQK7CjySPM7kF6kNe/+2101v0Yn2rxKpR9SVbEoggrUt0ItSrn1ggJ
2d6VJFzcSDw5AmLV9vnzQwO29EFTOBSe6FgrrxkpnDZKn3+ztX87FSXvQFAN7sXc
OzrneP2fywcbrkGpqj9rDGUJzkFXkz9gJtEfZcsOtFOahf5jU4i6AWSTR+KkQl3+
SL10BGAQM1ImeddRzSrac38iX3DOZobmYhYE5hBnuUkq9vyoTFI/+rHDs/3Pow09
x+Ut
-----END CERTIFICATE-----
Generated at Wed Feb 5 03:55:40 2025 by rpki-client