Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5e3a6a73-be0f-463f-a67b-a132e473d6f7.roa
File:                     5e3a6a73-be0f-463f-a67b-a132e473d6f7.roa (raw, json)
Hash identifier:          xlFfDLyksG60zemEQvlepZWERT1F1gABBTLyUK1sqpQ=
Subject key identifier:   F0:BC:81:8A:20:6F:B2:5B:04:06:21:C5:FB:D9:FD:B1:66:34:4C:25
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3959D40AA5FA6289DAA76733E4086879558E3949
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5e3a6a73-be0f-463f-a67b-a132e473d6f7.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf9:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:59:d4:0a:a5:fa:62:89:da:a7:67:33:e4:08:68:79:55:8e:39:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=d96ddc207605c9acd4961fd37bee7e8305e4c45e9d7759be2ca7e8a12b17cd73, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1a:f8:db:ff:66:45:6d:fa:05:0f:ee:88:32:
                    1a:61:bc:c2:c3:26:a0:e9:d8:78:3b:67:7f:96:51:
                    eb:bd:2e:af:e3:9e:b9:05:50:54:f1:0f:80:b4:84:
                    c2:90:e0:e3:8a:d3:62:fd:0f:8c:a2:57:dc:d8:26:
                    13:a4:b5:c1:80:a2:df:09:09:eb:b9:45:dd:e8:a2:
                    f3:af:57:b3:fe:5c:76:dc:b6:f2:6e:fd:be:13:3b:
                    bf:bd:a6:06:4a:4c:82:f7:0a:67:94:d6:fe:63:d4:
                    1c:64:6a:e5:4c:5a:5e:19:02:fc:fb:26:70:f6:f2:
                    65:2f:1d:1b:d2:c7:ec:74:43:d4:76:d5:32:a5:b5:
                    b8:72:9e:6f:a5:04:2f:9c:dd:b3:73:3f:30:4a:51:
                    16:c0:cf:d5:83:cb:6b:fd:68:05:db:63:e8:54:21:
                    9e:5f:79:b1:8a:3d:04:ad:25:1d:2b:da:87:b6:20:
                    2e:7f:2b:36:86:30:64:a0:19:ae:a7:ae:d9:e4:3d:
                    7d:f2:82:e5:a6:ea:47:b9:9c:4c:a8:05:0d:d6:c6:
                    60:d9:84:42:b9:fd:89:e6:c2:07:b2:32:b6:4c:8d:
                    bd:e1:3d:65:38:0f:23:56:c5:19:dd:8d:03:b0:90:
                    09:56:10:fb:ec:63:12:5b:ce:19:96:b8:26:d4:92:
                    08:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:BC:81:8A:20:6F:B2:5B:04:06:21:C5:FB:D9:FD:B1:66:34:4C:25
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/5e3a6a73-be0f-463f-a67b-a132e473d6f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf9:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:be:13:8c:be:0b:0f:51:e7:0f:00:70:98:c1:72:87:9a:2c:
         8e:62:ad:5b:ee:14:0d:30:3b:1a:a4:fb:7a:a4:6f:03:e4:46:
         a7:fd:87:36:d9:a7:40:04:8e:c8:6b:24:81:6f:3f:9f:ff:9a:
         65:8c:f5:1b:0e:5a:cc:34:a7:4f:68:02:f8:44:f7:97:23:64:
         8c:c2:bb:0e:12:5c:97:ea:00:24:3a:e0:8e:5e:da:b7:c2:ec:
         f2:a5:ca:0a:41:f0:6f:e6:ce:15:61:ee:24:6b:f7:26:c4:a6:
         c5:cb:24:23:3d:d2:cc:94:6c:9e:41:b3:19:8d:fb:9d:12:30:
         41:00:e5:5c:7b:69:06:28:05:44:07:e8:47:6d:b1:80:56:58:
         06:6e:80:f0:2e:d3:ae:51:d7:66:41:2e:74:13:19:14:05:9d:
         b0:ac:97:ca:8b:c1:71:f9:95:3c:4c:32:a3:fc:ab:6a:e3:94:
         d4:9e:80:4d:55:fe:45:6e:61:44:16:84:b9:c5:b0:e7:8d:ee:
         55:c0:56:09:f3:02:16:0e:ba:d7:ef:d9:c3:68:e5:24:48:b8:
         8b:34:b7:6a:84:63:9a:b4:43:7c:ec:58:9c:53:e7:7f:46:2f:
         00:db:1a:9b:6e:6d:f1:69:80:d7:76:b1:e2:ce:25:a2:43:4d:
         b4:29:21:87
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUOVnUCqX6Yonap2cz5AhoeVWOOUkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAZDk2ZGRjMjA3NjA1YzlhY2Q0OTYx
ZmQzN2JlZTdlODMwNWU0YzQ1ZTlkNzc1OWJlMmNhN2U4YTEyYjE3Y2Q3MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBr42/9mRW36BQ/uiDIaYbzCwyag
6dh4O2d/llHrvS6v4565BVBU8Q+AtITCkODjitNi/Q+Molfc2CYTpLXBgKLfCQnr
uUXd6KLzr1ez/lx23Lbybv2+Ezu/vaYGSkyC9wpnlNb+Y9QcZGrlTFpeGQL8+yZw
9vJlLx0b0sfsdEPUdtUypbW4cp5vpQQvnN2zcz8wSlEWwM/Vg8tr/WgF22PoVCGe
X3mxij0ErSUdK9qHtiAufys2hjBkoBmup67Z5D198oLlpupHuZxMqAUN1sZg2YRC
uf2J5sIHsjK2TI294T1lOA8jVsUZ3Y0DsJAJVhD77GMSW84Zlrgm1JIIAQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPC8gYogb7JbBAYhxfvZ/bFmNEwlMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzVlM2E2YTczLWJlMGYtNDYzZi1hNjdiLWExMzJlNDczZDZmNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+UAwDQYJKoZIhvcNAQELBQADggEBAMS+E4y+Cw9R5w8AcJjB
coeaLI5irVvuFA0wOxqk+3qkbwPkRqf9hzbZp0AEjshrJIFvP5//mmWM9RsOWsw0
p09oAvhE95cjZIzCuw4SXJfqACQ64I5e2rfC7PKlygpB8G/mzhVh7iRr9ybEpsXL
JCM90syUbJ5BsxmN+50SMEEA5Vx7aQYoBUQH6EdtsYBWWAZugPAu065R12ZBLnQT
GRQFnbCsl8qLwXH5lTxMMqP8q2rjlNSegE1V/kVuYUQWhLnFsOeN7lXAVgnzAhYO
utfv2cNo5SRIuIs0t2qEY5q0Q3zsWJxT539GLwDbGptubfFpgNd2seLOJaJDTbQp
IYc=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:22:45 2024 by rpki-client on console-fra.rpki-client.org