Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5d3ca5a8-d6d1-42f0-a0f6-be78a237e8f2.roa
File:                     5d3ca5a8-d6d1-42f0-a0f6-be78a237e8f2.roa (raw, json)
Hash identifier:          QRb96JwBNGByK2Svlw3Ju4Y8VfD6k66gK2lo51G2ECc=
Subject key identifier:   5A:36:F1:BF:E4:AE:39:79:71:DE:7D:70:DA:56:46:FC:98:53:E7:9F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5BBCD820706F48FAE236F3FDE89DFA81404D60A3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5d3ca5a8-d6d1-42f0-a0f6-be78a237e8f2.roa
Signing time:             Sat 22 Jun 2024 00:00:00 +0000
ROA not before:           Sat 22 Jun 2024 00:00:00 +0000
ROA not after:            Sat 27 Jul 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2406:da00::/24 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:bc:d8:20:70:6f:48:fa:e2:36:f3:fd:e8:9d:fa:81:40:4d:60:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 22 00:00:00 2024 GMT
            Not After : Jul 27 23:59:59 2024 GMT
        Subject: serialNumber=bdccd329826c16edc72131e8b8ff5af7aac2d64f2209939fad971d4deff56e8d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d9:0d:b9:88:12:25:03:3d:95:06:ab:74:f0:
                    5f:91:fc:e7:97:c5:d7:65:5c:8b:db:70:c1:cb:4f:
                    d9:50:d3:98:ae:91:8e:b8:bb:02:e4:75:9b:1f:f0:
                    d8:ea:da:65:e6:9b:c4:b3:b2:3a:bf:fe:b9:f0:ca:
                    c8:6e:8e:41:72:e0:4c:1c:49:d5:b2:00:1f:82:62:
                    45:d8:9e:c4:15:f3:a9:cb:23:c9:72:74:64:6a:65:
                    9f:6a:1a:fa:6f:6b:14:03:61:60:a6:ae:dc:c4:fd:
                    9e:2d:f0:04:b3:b0:6a:f4:c3:6d:83:ec:c5:c6:45:
                    7a:dd:90:dc:44:b3:8a:42:b0:58:a8:04:02:24:98:
                    0f:8d:29:4b:29:ad:fd:ac:27:40:4c:22:12:20:d4:
                    b5:d6:b8:0d:f3:40:ba:3f:49:29:da:8f:64:5c:03:
                    ec:e3:31:40:cb:33:46:c3:b1:fd:22:15:14:89:63:
                    97:e0:78:39:2e:8f:b9:4e:fa:e2:24:a4:1e:19:bf:
                    b8:95:8c:bb:35:96:90:5a:d1:51:5f:e6:be:c7:5d:
                    2c:f9:3f:2e:ba:8b:5a:8b:48:1f:67:8b:51:1a:dd:
                    03:b3:09:8e:7e:3a:88:ac:ec:8e:8d:7f:e7:9e:d6:
                    e5:54:a6:1f:b6:5c:44:78:43:3c:ce:73:fb:d4:00:
                    4c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:36:F1:BF:E4:AE:39:79:71:DE:7D:70:DA:56:46:FC:98:53:E7:9F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5d3ca5a8-d6d1-42f0-a0f6-be78a237e8f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00::/24

    Signature Algorithm: sha256WithRSAEncryption
         10:fc:e7:82:e6:ef:b7:3a:ae:e9:cb:a5:b9:75:a8:11:0c:89:
         28:ff:68:ee:61:0a:24:24:1e:33:e8:ea:4f:35:bd:af:e0:cb:
         4a:ae:48:fa:ed:27:cf:9a:cb:30:d9:64:6b:ee:49:67:27:78:
         46:f2:1b:2c:87:91:61:04:ec:1e:f5:05:b0:a5:d2:05:e5:c4:
         80:3d:13:6b:70:fc:4f:de:d6:95:f2:51:58:e2:05:1c:70:3c:
         67:49:ff:e7:18:85:51:6b:b2:fe:c5:8a:da:60:e9:3f:d2:6d:
         10:04:f0:c9:91:47:38:09:0f:c3:fc:fd:88:54:85:c4:84:d2:
         5d:a0:f8:c0:42:25:dd:49:f5:c0:0d:d3:d3:b0:3c:8a:0d:41:
         27:a1:f8:8d:cd:c0:e9:37:b3:b2:f0:ef:3f:e7:87:5e:84:4a:
         5d:ed:a3:00:35:84:1e:66:30:8b:d7:ea:a6:3b:d6:2d:73:8f:
         a6:f0:32:b6:98:62:6e:ff:c4:88:07:41:ef:2f:8c:c7:1e:fb:
         fe:f8:e2:5e:ec:90:c8:f5:13:ff:aa:4b:0d:2a:fb:f5:44:8b:
         ee:87:1d:6f:9c:22:71:de:65:8e:ea:cc:a3:4d:7e:7e:da:3d:
         28:12:9e:49:f1:8f:36:7a:44:25:59:3a:eb:ca:cd:c3:33:c4:
         5d:05:1a:88
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUW7zYIHBvSPriNvP96J36gUBNYKMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMjAwMDAwMFoX
DTI0MDcyNzIzNTk1OVowejFJMEcGA1UEBRNAYmRjY2QzMjk4MjZjMTZlZGM3MjEz
MWU4YjhmZjVhZjdhYWMyZDY0ZjIyMDk5MzlmYWQ5NzFkNGRlZmY1NmU4ZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNkNuYgSJQM9lQardPBfkfznl8XX
ZVyL23DBy0/ZUNOYrpGOuLsC5HWbH/DY6tpl5pvEs7I6v/658MrIbo5BcuBMHEnV
sgAfgmJF2J7EFfOpyyPJcnRkamWfahr6b2sUA2Fgpq7cxP2eLfAEs7Bq9MNtg+zF
xkV63ZDcRLOKQrBYqAQCJJgPjSlLKa39rCdATCISINS11rgN80C6P0kp2o9kXAPs
4zFAyzNGw7H9IhUUiWOX4Hg5Lo+5TvriJKQeGb+4lYy7NZaQWtFRX+a+x10s+T8u
uotai0gfZ4tRGt0DswmOfjqIrOyOjX/nntblVKYftlxEeEM8znP71ABMcQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFFo28b/krjl5cd59cNpWRvyYU+efMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzVkM2NhNWE4LWQ2ZDEtNDJmMC1hMGY2LWJlNzhhMjM3ZThmMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAAjAGAwQAJAbaMA0GCSqGSIb3DQEBCwUAA4IBAQAQ/OeC5u+3Oq7py6W5dagR
DIko/2juYQokJB4z6OpPNb2v4MtKrkj67SfPmssw2WRr7klnJ3hG8hssh5FhBOwe
9QWwpdIF5cSAPRNrcPxP3taV8lFY4gUccDxnSf/nGIVRa7L+xYraYOk/0m0QBPDJ
kUc4CQ/D/P2IVIXEhNJdoPjAQiXdSfXADdPTsDyKDUEnofiNzcDpN7Oy8O8/54de
hEpd7aMANYQeZjCL1+qmO9Ytc4+m8DK2mGJu/8SIB0HvL4zHHvv++OJe7JDI9RP/
qksNKvv1RIvuhx1vnCJx3mWO6syjTX5+2j0oEp5J8Y82ekQlWTrrys3DM8RdBRqI
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:50 2024 by rpki-client on console-fra.rpki-client.org