Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/60bdc157-596d-496e-bdbc-bada0f6826ad.roa
File:                     60bdc157-596d-496e-bdbc-bada0f6826ad.roa (raw, json)
Hash identifier:          CIg7ZdgXvMSmF6d6AanpOYkwiSYSE24P5yd0CyCfzSU=
Subject key identifier:   4E:95:65:64:48:A5:00:62:F4:58:2B:43:D1:7C:5E:03:DA:14:AC:CE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4CAE71842C90B2D31D659BFD09BB0B632EA3B286
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/60bdc157-596d-496e-bdbc-bada0f6826ad.roa
Signing time:             Sat 06 Apr 2024 00:00:00 +0000
ROA not before:           Sat 06 Apr 2024 00:00:00 +0000
ROA not after:            Sat 11 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 14 Apr 2024 12:21:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:ae:71:84:2c:90:b2:d3:1d:65:9b:fd:09:bb:0b:63:2e:a3:b2:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Apr  6 00:00:00 2024 GMT
            Not After : May 11 23:59:59 2024 GMT
        Subject: serialNumber=01c765ede558e3c10d92656e3bc744cec14a3c2350fcaafe293826d3def19c4b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a4:28:5e:7c:59:b2:ba:4e:6a:7b:9d:90:66:
                    16:db:ee:11:5c:42:46:67:88:2b:21:9c:db:64:22:
                    4f:a7:36:08:a6:2a:88:97:17:bd:82:18:ba:0b:7f:
                    05:85:42:45:00:b2:ee:d5:01:c7:ff:81:97:37:fe:
                    5c:2b:20:b3:bf:19:e6:ef:80:6c:2e:ac:99:17:84:
                    de:09:2f:0a:61:ad:99:79:7e:40:8b:a8:74:fa:fd:
                    ea:d6:60:f9:3b:fc:54:65:1f:43:2c:e4:ab:03:b4:
                    f0:56:39:89:29:52:1e:12:eb:8e:43:f4:4a:e5:a1:
                    da:fb:f9:ae:be:5d:fa:23:da:3f:d0:db:8d:7b:a4:
                    2a:f7:7f:fb:58:42:4d:32:9e:e7:7d:b2:5a:ba:ed:
                    9e:74:8a:70:f4:27:ed:73:1f:cb:ab:be:ea:2e:1f:
                    6e:16:ec:21:9d:15:bc:08:cb:c7:b6:6d:f2:8b:33:
                    5a:a3:ee:50:5a:0f:14:cb:90:9b:5e:46:eb:aa:bf:
                    dc:6f:5f:d3:1d:c4:30:f3:59:5a:25:53:1b:99:99:
                    e1:18:8f:29:f9:51:62:a6:df:54:54:03:67:85:09:
                    67:77:12:05:e9:08:08:c5:ea:d0:71:73:1d:26:7d:
                    76:55:0d:05:47:7e:86:68:1c:3d:b6:11:5d:2f:f5:
                    14:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:95:65:64:48:A5:00:62:F4:58:2B:43:D1:7C:5E:03:DA:14:AC:CE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/60bdc157-596d-496e-bdbc-bada0f6826ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:a3:7d:ca:c4:74:5b:25:dc:be:45:be:eb:0f:35:39:24:59:
         e7:18:b2:8f:c2:4e:e2:04:da:a7:81:df:4d:26:16:57:53:6f:
         d9:57:6a:aa:46:75:3b:bb:3d:23:bb:66:ed:6a:d9:93:d2:af:
         65:26:69:24:7c:b1:4a:ba:9a:ac:94:bd:67:29:3e:84:10:da:
         cb:00:06:7e:70:dd:a7:e3:17:ae:18:12:8e:b6:1a:59:a7:da:
         1e:6f:18:04:78:33:59:fb:35:8a:ca:b1:e3:f7:b2:bd:31:d3:
         5e:2c:a0:b2:78:4f:c2:e3:f3:1a:94:bb:c0:3b:3a:36:45:19:
         15:09:9e:b1:f5:88:b9:0d:0a:b3:cf:41:de:e3:46:06:79:dd:
         90:7b:6f:50:a8:23:2b:cc:d9:0d:3c:36:82:ab:03:0f:e5:4d:
         74:8b:90:18:fb:cd:f7:55:9b:7e:69:ad:b8:9a:ca:bd:31:f6:
         c5:60:42:f1:d1:82:8a:5d:e8:ed:5e:4f:b3:0b:81:e1:36:10:
         be:14:0f:53:6b:ca:1c:aa:62:62:4f:7d:cd:59:bc:f8:a4:fe:
         ca:0d:9e:08:f1:2b:63:31:bc:e0:50:d8:a1:0b:84:d0:b1:dd:
         53:59:77:f4:1d:8d:7b:a2:be:c2:da:49:88:ce:3f:1b:3a:e5:
         be:71:2c:86
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTK5xhCyQstMdZZv9CbsLYy6jsoYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDQwNjAwMDAwMFoX
DTI0MDUxMTIzNTk1OVowejFJMEcGA1UEBRNAMDFjNzY1ZWRlNTU4ZTNjMTBkOTI2
NTZlM2JjNzQ0Y2VjMTRhM2MyMzUwZmNhYWZlMjkzODI2ZDNkZWYxOWM0YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqQoXnxZsrpOanudkGYW2+4RXEJG
Z4grIZzbZCJPpzYIpiqIlxe9ghi6C38FhUJFALLu1QHH/4GXN/5cKyCzvxnm74Bs
LqyZF4TeCS8KYa2ZeX5Ai6h0+v3q1mD5O/xUZR9DLOSrA7TwVjmJKVIeEuuOQ/RK
5aHa+/muvl36I9o/0NuNe6Qq93/7WEJNMp7nfbJauu2edIpw9Cftcx/Lq77qLh9u
FuwhnRW8CMvHtm3yizNao+5QWg8Uy5CbXkbrqr/cb1/THcQw81laJVMbmZnhGI8p
+VFipt9UVANnhQlndxIF6QgIxerQcXMdJn12VQ0FR36GaBw9thFdL/UUoQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFE6VZWRIpQBi9FgrQ9F8XgPaFKzOMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzYwYmRjMTU3LTU5NmQtNDk2ZS1iZGJjLWJhZGEwZjY4MjZhZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/KAwDQYJKoZIhvcNAQELBQADggEBAIujfcrEdFsl3L5FvusP
NTkkWecYso/CTuIE2qeB300mFldTb9lXaqpGdTu7PSO7Zu1q2ZPSr2UmaSR8sUq6
mqyUvWcpPoQQ2ssABn5w3afjF64YEo62Glmn2h5vGAR4M1n7NYrKseP3sr0x014s
oLJ4T8Lj8xqUu8A7OjZFGRUJnrH1iLkNCrPPQd7jRgZ53ZB7b1CoIyvM2Q08NoKr
Aw/lTXSLkBj7zfdVm35prbiayr0x9sVgQvHRgopd6O1eT7MLgeE2EL4UD1Nryhyq
YmJPfc1ZvPik/soNngjxK2MxvOBQ2KELhNCx3VNZd/QdjXuivsLaSYjOPxs65b5x
LIY=
-----END CERTIFICATE-----
Generated at Sat Apr 13 00:48:11 2024 by rpki-client on console-fra.rpki-client.org