Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6111e375-8b37-46b7-8884-66a6b6c6fa47.roa
File:                     6111e375-8b37-46b7-8884-66a6b6c6fa47.roa (raw, json)
Hash identifier:          2KUd4vxgYC0FzlP0CpXgTYwHPn1M54CNIeZ8x64Lz8g=
Subject key identifier:   B5:B0:37:97:CC:DF:C2:9C:A3:2A:5E:B8:DD:BC:36:38:2E:73:54:5F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6B09888B8BBAB1C7247C02EE82288B40782CB097
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6111e375-8b37-46b7-8884-66a6b6c6fa47.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf0:4800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:09:88:8b:8b:ba:b1:c7:24:7c:02:ee:82:28:8b:40:78:2c:b0:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=8bbcd5293e152a33baf455033354ace5ae55ee6e1cda65a475f8c4d35df179d8, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:5a:d6:04:4f:c3:40:47:55:24:b4:b7:c5:0d:
                    5b:69:b8:10:67:26:ed:4d:82:f1:39:8f:f5:1a:b0:
                    ec:c5:05:9f:59:e2:e0:8f:ab:a4:7e:9f:6e:dd:aa:
                    c2:3c:d8:6c:3c:32:2a:b9:c5:a1:79:ff:12:f1:6f:
                    76:3d:43:0b:de:95:14:06:17:e4:2d:a2:92:fc:ff:
                    4a:a5:53:ba:4d:5c:8c:1b:f2:a3:24:ca:a3:0b:10:
                    3f:ae:71:7d:d9:44:09:a0:70:90:42:23:87:f1:61:
                    ce:9f:3d:75:01:52:23:ab:79:be:43:d0:70:65:66:
                    57:81:a8:4c:c6:be:c4:3e:6f:f7:73:66:6b:7b:2b:
                    a2:d7:d1:ad:55:30:1b:d1:51:c9:4f:e9:af:67:55:
                    af:5d:ca:d7:9c:4a:12:35:3f:1d:5c:f7:2f:4d:24:
                    11:be:81:fb:92:d1:7d:9a:76:ea:99:41:dd:71:c6:
                    86:54:c1:9d:4b:f4:fb:bb:f0:aa:e8:17:58:1e:c6:
                    8d:88:42:bb:18:12:15:c6:56:44:83:98:44:82:24:
                    91:29:dc:2b:79:01:dd:2e:f3:e0:8f:99:69:c8:31:
                    4e:d4:b9:3f:22:ad:49:ad:e9:86:ae:6f:db:90:e5:
                    29:f2:14:48:79:5d:14:9e:5d:09:1c:a4:d9:41:d1:
                    8e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B0:37:97:CC:DF:C2:9C:A3:2A:5E:B8:DD:BC:36:38:2E:73:54:5F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6111e375-8b37-46b7-8884-66a6b6c6fa47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf0:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         3b:45:b6:42:9b:78:aa:7e:11:2f:fd:1e:a5:f1:6b:a0:9a:c3:
         f2:07:c1:82:58:85:d4:57:c5:44:85:b7:61:3d:10:c1:e0:80:
         73:1b:4b:bc:98:26:19:d2:c8:40:f9:76:0c:87:6c:61:d7:e8:
         83:5a:ab:2d:f1:d5:b7:39:9f:74:71:23:92:41:b6:0e:7a:47:
         54:9b:a8:e3:97:57:c6:79:e2:ce:c9:5f:28:c1:c0:72:32:d8:
         3a:68:f2:66:d1:47:55:ae:3e:94:bd:08:9f:db:c2:c0:34:66:
         a1:55:f7:9c:b8:39:94:f1:a7:10:05:66:73:43:10:29:49:81:
         68:89:b9:ea:e4:10:38:7b:89:7f:51:05:4f:8b:49:c9:60:d8:
         90:a6:81:96:1a:d0:d4:e1:3f:3b:db:d9:44:b9:5c:80:44:e9:
         eb:9a:9a:c6:e2:c9:c5:47:cb:89:ec:ac:12:69:34:dc:80:ca:
         88:2e:55:1a:20:d3:fa:75:8b:37:8b:be:f4:81:2e:a4:dd:bb:
         8e:26:64:cc:5d:0e:18:0c:6d:2a:a1:75:22:3d:7b:bc:cb:7f:
         ed:26:54:b0:56:d8:45:69:8d:44:23:4c:76:66:76:06:a4:47:
         87:09:a4:95:3b:8f:cf:ab:4d:0a:85:71:c7:fb:1d:f2:9c:c1:
         a3:fb:f5:b4
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUawmIi4u6scckfALugiiLQHgssJcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAOGJiY2Q1MjkzZTE1MmEzM2JhZjQ1
NTAzMzM1NGFjZTVhZTU1ZWU2ZTFjZGE2NWE0NzVmOGM0ZDM1ZGYxNzlkODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9lrWBE/DQEdVJLS3xQ1babgQZybt
TYLxOY/1GrDsxQWfWeLgj6ukfp9u3arCPNhsPDIqucWhef8S8W92PUML3pUUBhfk
LaKS/P9KpVO6TVyMG/KjJMqjCxA/rnF92UQJoHCQQiOH8WHOnz11AVIjq3m+Q9Bw
ZWZXgahMxr7EPm/3c2Zreyui19GtVTAb0VHJT+mvZ1WvXcrXnEoSNT8dXPcvTSQR
voH7ktF9mnbqmUHdccaGVMGdS/T7u/Cq6BdYHsaNiEK7GBIVxlZEg5hEgiSRKdwr
eQHdLvPgj5lpyDFO1Lk/Iq1JremGrm/bkOUp8hRIeV0Unl0JHKTZQdGOHwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLWwN5fM38KcoypeuN28Njguc1RfMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzYxMTFlMzc1LThiMzctNDZiNy04ODg0LTY2YTZiNmM2ZmE0Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8EgwDQYJKoZIhvcNAQELBQADggEBADtFtkKbeKp+ES/9HqXx
a6Caw/IHwYJYhdRXxUSFt2E9EMHggHMbS7yYJhnSyED5dgyHbGHX6INaqy3x1bc5
n3RxI5JBtg56R1SbqOOXV8Z54s7JXyjBwHIy2Dpo8mbRR1WuPpS9CJ/bwsA0ZqFV
95y4OZTxpxAFZnNDEClJgWiJuerkEDh7iX9RBU+LSclg2JCmgZYa0NThPzvb2US5
XIBE6euamsbiycVHy4nsrBJpNNyAyoguVRog0/p1izeLvvSBLqTdu44mZMxdDhgM
bSqhdSI9e7zLf+0mVLBW2EVpjUQjTHZmdgakR4cJpJU7j8+rTQqFccf7HfKcwaP7
9bQ=
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:50 2024 by rpki-client on console-fra.rpki-client.org