Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/60bdc157-596d-496e-bdbc-bada0f6826ad.roa
File:                     60bdc157-596d-496e-bdbc-bada0f6826ad.roa (raw, json)
Hash identifier:          gXHne/Qh+ySdwUt8eu0VhastXPDpIv2A/LvlK0oVjmk=
Subject key identifier:   83:BE:98:8D:06:0C:52:8E:CF:8C:5C:6D:6B:89:22:E5:07:F5:1C:96
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0182B3C883AFF63ED3AA95705EDF621F4ED9ED7E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/60bdc157-596d-496e-bdbc-bada0f6826ad.roa
Signing time:             Tue 19 Nov 2024 00:00:00 +0000
ROA not before:           Tue 19 Nov 2024 00:00:00 +0000
ROA not after:            Tue 24 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 08 Dec 2024 00:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:b3:c8:83:af:f6:3e:d3:aa:95:70:5e:df:62:1f:4e:d9:ed:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Nov 19 00:00:00 2024 GMT
            Not After : Dec 24 23:59:59 2024 GMT
        Subject: serialNumber=e784d49721e553ffe24d2be941a7366ab3f1a1f1fafbde4c71d2f539fb2f5a49, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:87:64:04:2e:ca:07:1e:9e:c9:70:ff:55:76:
                    6a:3e:c4:ba:e0:f2:29:28:66:75:26:fa:ee:7c:6c:
                    7d:84:53:6d:a3:ae:19:ae:53:70:ee:ef:85:58:61:
                    3c:3b:0c:71:7f:ef:82:77:06:0e:16:95:04:c3:bc:
                    8b:f4:d0:d8:c0:03:da:64:25:d6:fb:4f:c3:f6:b4:
                    84:04:dc:56:00:85:8f:42:ae:fa:60:dc:4c:55:91:
                    4c:91:0d:ef:51:8f:3a:8d:80:3e:ef:80:71:1b:2b:
                    06:49:c7:b1:c7:b0:43:1d:c0:e8:64:7c:67:b6:0f:
                    d8:b7:83:07:33:50:3a:a3:6c:f4:98:7d:c2:a7:92:
                    37:0c:e8:a1:1b:31:50:9f:c4:95:6c:55:37:4e:7a:
                    95:ed:83:15:aa:11:05:78:e0:a0:27:bb:c7:ba:09:
                    18:21:68:42:a4:12:fd:a9:2f:5a:a6:b5:5d:bd:88:
                    04:2a:94:0a:b6:6a:9a:88:ff:ac:41:4b:1d:6e:5b:
                    6d:aa:b3:62:53:8b:34:1b:50:be:fc:f7:41:4c:82:
                    8d:37:27:cb:19:0d:3a:1e:bc:78:13:91:b1:a1:d9:
                    33:21:ca:a8:4a:7c:ff:b2:6e:e8:1a:25:e0:17:f3:
                    41:97:6f:37:81:ba:01:0d:db:60:66:c0:9e:42:67:
                    69:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BE:98:8D:06:0C:52:8E:CF:8C:5C:6D:6B:89:22:E5:07:F5:1C:96
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/60bdc157-596d-496e-bdbc-bada0f6826ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:5b:d6:26:b2:31:84:39:48:52:95:3d:c5:92:48:6f:04:35:
         09:8f:21:48:34:5a:c0:be:db:5a:95:ae:a0:17:e4:01:c4:26:
         17:a1:db:82:26:17:d8:97:b8:75:c5:a0:47:b1:e7:ab:1b:79:
         89:72:7c:84:a1:ab:b3:56:dd:40:3f:df:f2:a1:81:cd:7c:e0:
         b8:0d:f2:56:17:64:b0:d2:e2:a5:f6:17:1f:1c:15:99:89:52:
         31:9c:52:16:82:76:19:04:fb:05:73:e9:2f:5d:3a:cc:d6:bc:
         4b:67:2c:e9:80:63:c5:c0:1e:a6:9d:ea:af:de:1c:2a:13:d5:
         31:0d:18:6f:bd:63:45:8b:22:b8:0a:3d:24:4b:a8:c3:86:49:
         80:ca:b2:9a:de:76:e2:02:a0:b1:fb:c9:f8:58:f5:18:5c:7a:
         00:e7:b0:04:6a:c0:a1:25:f2:20:95:5a:c3:d1:dc:99:eb:4a:
         09:f6:c7:25:85:96:09:35:6e:ca:00:d2:b8:ff:4b:46:83:1e:
         ef:17:d0:15:14:e7:3d:00:09:11:de:7c:46:3c:33:90:11:d7:
         0e:f2:8a:f8:50:ad:49:83:55:b7:61:a3:a9:cc:ea:6a:ef:77:
         6e:41:29:b5:05:c6:00:04:5a:21:22:2e:b1:26:be:1c:04:e5:
         20:dc:31:84
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUAYKzyIOv9j7TqpVwXt9iH07Z7X4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTExOTAwMDAwMFoX
DTI0MTIyNDIzNTk1OVowejFJMEcGA1UEBRNAZTc4NGQ0OTcyMWU1NTNmZmUyNGQy
YmU5NDFhNzM2NmFiM2YxYTFmMWZhZmJkZTRjNzFkMmY1MzlmYjJmNWE0OTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIdkBC7KBx6eyXD/VXZqPsS64PIp
KGZ1JvrufGx9hFNto64ZrlNw7u+FWGE8Owxxf++CdwYOFpUEw7yL9NDYwAPaZCXW
+0/D9rSEBNxWAIWPQq76YNxMVZFMkQ3vUY86jYA+74BxGysGScexx7BDHcDoZHxn
tg/Yt4MHM1A6o2z0mH3Cp5I3DOihGzFQn8SVbFU3TnqV7YMVqhEFeOCgJ7vHugkY
IWhCpBL9qS9aprVdvYgEKpQKtmqaiP+sQUsdblttqrNiU4s0G1C+/PdBTIKNNyfL
GQ06Hrx4E5GxodkzIcqoSnz/sm7oGiXgF/NBl283gboBDdtgZsCeQmdpaQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIO+mI0GDFKOz4xcbWuJIuUH9RyWMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzYwYmRjMTU3LTU5NmQtNDk2ZS1iZGJjLWJhZGEwZjY4MjZhZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/KAwDQYJKoZIhvcNAQELBQADggEBADhb1iayMYQ5SFKVPcWS
SG8ENQmPIUg0WsC+21qVrqAX5AHEJheh24ImF9iXuHXFoEex56sbeYlyfIShq7NW
3UA/3/Khgc184LgN8lYXZLDS4qX2Fx8cFZmJUjGcUhaCdhkE+wVz6S9dOszWvEtn
LOmAY8XAHqad6q/eHCoT1TENGG+9Y0WLIrgKPSRLqMOGSYDKspreduICoLH7yfhY
9RhcegDnsARqwKEl8iCVWsPR3JnrSgn2xyWFlgk1bsoA0rj/S0aDHu8X0BUU5z0A
CRHefEY8M5AR1w7yivhQrUmDVbdho6nM6mrvd25BKbUFxgAEWiEiLrEmvhwE5SDc
MYQ=
-----END CERTIFICATE-----
Generated at Wed Dec 4 01:20:53 2024 by rpki-client on console-ams.rpki-client.org