Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6347c501-49db-4824-84b7-42ef12c9b450.roa
File:                     6347c501-49db-4824-84b7-42ef12c9b450.roa (raw, json)
Hash identifier:          5vGLAa+ZSyRZvzVSLEXidYzxCUsELpYHZgjkDoSuJBM=
Subject key identifier:   FC:D0:EB:5C:52:47:66:43:15:EE:DA:B6:55:D9:0C:8D:BB:4F:44:2E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2D53D53FECC6FA85D31CA823EBF43E7C69B6851C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6347c501-49db-4824-84b7-42ef12c9b450.roa
Signing time:             Fri 14 Jun 2024 00:00:00 +0000
ROA not before:           Fri 14 Jun 2024 00:00:00 +0000
ROA not after:            Fri 19 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:c800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:53:d5:3f:ec:c6:fa:85:d3:1c:a8:23:eb:f4:3e:7c:69:b6:85:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 14 00:00:00 2024 GMT
            Not After : Jul 19 23:59:59 2024 GMT
        Subject: serialNumber=c4705afcf664feeab35058866910bdc705be0e6d6fc54943752d20df6f7ae1da, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:56:de:c4:52:59:d3:02:5a:1c:88:5e:3a:4d:
                    e9:c2:6d:e3:11:ce:ee:af:b2:d8:95:7e:65:79:5f:
                    1f:29:af:72:3e:c8:65:24:78:47:26:98:2d:b4:77:
                    70:78:06:7f:71:5b:b9:70:7b:28:26:c6:f0:b2:03:
                    11:d5:5d:e7:d9:3d:42:6e:26:77:6b:8a:7f:33:b9:
                    68:de:93:b9:55:e4:af:7f:c7:c7:87:35:f6:75:82:
                    ad:12:11:3d:d5:15:f3:e4:f4:28:68:dc:c6:8c:d1:
                    d3:09:4b:38:a5:3b:4c:5d:11:83:19:fc:ba:b4:d9:
                    4c:79:85:ec:4f:f2:4c:46:4e:e3:ff:27:a3:8f:01:
                    c9:ac:10:79:aa:81:f3:ce:7e:99:35:90:03:3e:45:
                    d0:2f:c6:d0:d8:11:b0:c9:31:be:dd:15:73:e1:10:
                    6f:93:b3:9a:8f:e3:28:b8:e4:dd:07:c6:b9:f9:ab:
                    48:4d:65:e3:ea:10:81:21:fa:95:80:07:61:f0:d2:
                    7a:de:90:38:c5:21:a1:11:85:59:20:4a:50:57:01:
                    9e:63:0e:2b:fe:6e:72:71:60:1b:c8:cc:5b:2c:aa:
                    4f:9e:ef:9e:c6:34:0e:f7:7f:53:50:13:c7:ca:49:
                    9f:de:5f:b0:95:0c:5c:61:26:9f:14:e6:e8:28:2b:
                    ca:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:D0:EB:5C:52:47:66:43:15:EE:DA:B6:55:D9:0C:8D:BB:4F:44:2E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6347c501-49db-4824-84b7-42ef12c9b450.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         4b:14:30:cc:59:32:4a:3f:20:6c:b9:01:7d:1f:65:6b:34:3f:
         c9:0a:2b:c3:43:f4:e5:66:0b:0b:80:36:e2:a0:c0:cf:7a:de:
         06:c5:22:fa:89:99:34:cc:17:54:71:42:20:e5:30:b7:a6:43:
         75:44:5b:29:a4:3a:ec:a1:f8:37:2f:1b:41:71:a6:6b:9a:92:
         db:c0:90:89:47:fe:21:a9:b1:9c:9d:3d:8c:1d:a0:43:0e:1d:
         87:2a:ab:1b:ff:16:87:b4:dc:55:58:c7:ac:63:ca:9a:97:96:
         5c:ef:ff:45:5a:bf:e4:a5:2f:0e:de:4d:62:cb:30:9c:69:d7:
         20:3b:0d:d2:29:7a:48:01:22:b5:01:2d:c6:b3:7a:ed:36:a6:
         0a:ac:31:71:d5:14:b7:b8:71:72:ec:8a:92:c6:08:a5:9c:85:
         b3:77:50:fa:91:a6:7f:1c:c8:d5:e4:a5:a2:24:b6:10:5e:97:
         44:4e:58:7a:d4:c0:ae:a0:cd:86:37:7b:1d:89:e5:44:0f:eb:
         69:6a:2d:29:1d:f1:04:bf:4b:76:24:3a:93:7c:10:ab:b3:11:
         08:b8:ce:4c:d1:5c:97:5a:ad:3e:5a:34:c2:f7:ed:6c:26:88:
         cc:2b:8c:0e:d7:d1:8f:15:b2:98:a9:9b:48:d2:53:5f:f4:44:
         56:93:da:ca
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULVPVP+zG+oXTHKgj6/Q+fGm2hRwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxNDAwMDAwMFoX
DTI0MDcxOTIzNTk1OVowejFJMEcGA1UEBRNAYzQ3MDVhZmNmNjY0ZmVlYWIzNTA1
ODg2NjkxMGJkYzcwNWJlMGU2ZDZmYzU0OTQzNzUyZDIwZGY2ZjdhZTFkYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlbexFJZ0wJaHIheOk3pwm3jEc7u
r7LYlX5leV8fKa9yPshlJHhHJpgttHdweAZ/cVu5cHsoJsbwsgMR1V3n2T1CbiZ3
a4p/M7lo3pO5VeSvf8fHhzX2dYKtEhE91RXz5PQoaNzGjNHTCUs4pTtMXRGDGfy6
tNlMeYXsT/JMRk7j/yejjwHJrBB5qoHzzn6ZNZADPkXQL8bQ2BGwyTG+3RVz4RBv
k7Oaj+MouOTdB8a5+atITWXj6hCBIfqVgAdh8NJ63pA4xSGhEYVZIEpQVwGeYw4r
/m5ycWAbyMxbLKpPnu+exjQO939TUBPHykmf3l+wlQxcYSafFOboKCvKGQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPzQ61xSR2ZDFe7atlXZDI27T0QuMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzYzNDdjNTAxLTQ5ZGItNDgyNC04NGI3LTQyZWYxMmM5YjQ1MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/MgwDQYJKoZIhvcNAQELBQADggEBAEsUMMxZMko/IGy5AX0f
ZWs0P8kKK8ND9OVmCwuANuKgwM963gbFIvqJmTTMF1RxQiDlMLemQ3VEWymkOuyh
+DcvG0FxpmuaktvAkIlH/iGpsZydPYwdoEMOHYcqqxv/Foe03FVYx6xjypqXllzv
/0Vav+SlLw7eTWLLMJxp1yA7DdIpekgBIrUBLcazeu02pgqsMXHVFLe4cXLsipLG
CKWchbN3UPqRpn8cyNXkpaIkthBel0ROWHrUwK6gzYY3ex2J5UQP62lqLSkd8QS/
S3YkOpN8EKuzEQi4zkzRXJdarT5aNML37WwmiMwrjA7X0Y8Vspipm0jSU1/0RFaT
2so=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:05 2024 by rpki-client on console-ams.rpki-client.org