Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/644598e2-5a1d-4374-9e6e-4cad0606e0a8.roa
File:                     644598e2-5a1d-4374-9e6e-4cad0606e0a8.roa (raw, json)
Hash identifier:          c5zshACbRyPle0gMd6IIkt0mFFaf7Ypb9HVBr0ss11Y=
Subject key identifier:   02:09:6F:95:E4:8C:73:44:B4:96:9F:35:4B:88:5A:ED:55:4E:2D:C1
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6276BE3C1B83B2C71A37976020F64B827055F978
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/644598e2-5a1d-4374-9e6e-4cad0606e0a8.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:76:be:3c:1b:83:b2:c7:1a:37:97:60:20:f6:4b:82:70:55:f9:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=c517ef6de273cd2402068b4488313c135f063ed629db3cbb1afdced9f1a50324, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8d:38:92:80:4b:bc:d0:52:92:5d:f6:4d:65:
                    26:51:d3:0e:d8:41:6b:97:d6:f8:51:51:f2:44:72:
                    c0:e3:e0:5e:93:c6:bb:ae:14:91:da:79:98:a9:e7:
                    40:b1:3d:16:9b:fa:cf:f6:07:06:8c:05:e5:39:5e:
                    05:89:40:86:69:f6:d4:94:0b:90:58:2c:ee:92:2c:
                    a7:76:d9:71:85:d2:3c:d3:37:81:ee:db:bf:4f:8c:
                    41:de:47:8f:e0:08:00:29:2b:3c:af:a7:b5:86:2d:
                    84:98:2c:99:29:6a:99:e6:3f:42:95:f8:57:f6:3a:
                    f2:4e:bf:a0:2d:89:cf:ac:72:22:0e:b2:7a:05:18:
                    0c:1a:bf:00:a2:36:39:7c:6e:b4:c1:2e:ee:68:76:
                    d4:e5:a8:43:2c:9a:ac:e8:0c:00:8f:81:f3:92:e3:
                    22:91:0b:d6:a0:13:8c:24:e3:14:c3:c5:7c:8a:16:
                    50:97:c6:7b:f7:56:e4:05:47:b8:a5:9c:29:5e:73:
                    bd:8e:2e:e4:be:ee:2a:43:26:c4:a0:38:82:59:b6:
                    92:f0:b9:12:4a:83:aa:63:71:c8:9c:5d:de:cc:9a:
                    d8:81:fa:39:fa:ac:3d:79:a3:57:ff:44:fa:e9:93:
                    65:c2:1a:38:02:1a:1c:ab:58:cd:f9:b0:e4:02:f8:
                    df:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:09:6F:95:E4:8C:73:44:B4:96:9F:35:4B:88:5A:ED:55:4E:2D:C1
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/644598e2-5a1d-4374-9e6e-4cad0606e0a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b0:36:7e:13:d8:b9:88:15:f1:97:eb:5d:fa:63:62:1f:3f:33:
         dc:0d:07:54:3f:4a:3c:ff:4d:f6:92:28:5c:ed:bc:e9:d5:a9:
         90:be:f1:70:bf:98:46:22:8f:5d:91:54:06:e5:29:a5:85:d2:
         8d:76:94:cd:59:91:85:b3:36:b0:9d:dc:cd:4a:9a:24:a0:1c:
         e9:f7:2c:2e:77:2e:4a:c4:bd:e3:44:47:80:9a:cc:0d:6e:43:
         3d:27:34:cc:55:9a:f1:55:69:be:54:76:93:0e:6c:73:50:cd:
         c6:b3:e5:60:39:71:bb:09:3d:e4:96:0a:56:f3:d1:93:64:54:
         71:cc:d6:d1:e8:5a:d5:69:75:40:d9:43:c5:63:51:3d:40:ea:
         48:c2:0f:21:a3:91:16:4d:6f:7a:56:aa:ae:2e:75:64:42:ad:
         e3:57:47:94:44:a5:eb:be:97:a8:a8:53:88:c2:9e:17:5c:95:
         37:32:40:ce:47:6c:dc:23:f1:45:ec:bb:40:f2:d0:6b:01:62:
         47:7f:18:10:ea:c3:1b:93:3c:db:0d:13:e5:2b:c9:05:b5:d6:
         6f:6d:4c:5e:5b:80:a8:fc:5f:7d:a7:3a:bf:a4:4f:1d:b7:ba:
         f9:65:4a:3c:f4:c0:05:d2:0c:03:ff:fa:d6:8e:7a:42:c3:99:
         0d:8c:be:f5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUYna+PBuDsscaN5dgIPZLgnBV+XgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAYzUxN2VmNmRlMjczY2QyNDAyMDY4
YjQ0ODgzMTNjMTM1ZjA2M2VkNjI5ZGIzY2JiMWFmZGNlZDlmMWE1MDMyNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI04koBLvNBSkl32TWUmUdMO2EFr
l9b4UVHyRHLA4+Bek8a7rhSR2nmYqedAsT0Wm/rP9gcGjAXlOV4FiUCGafbUlAuQ
WCzukiyndtlxhdI80zeB7tu/T4xB3keP4AgAKSs8r6e1hi2EmCyZKWqZ5j9ClfhX
9jryTr+gLYnPrHIiDrJ6BRgMGr8AojY5fG60wS7uaHbU5ahDLJqs6AwAj4HzkuMi
kQvWoBOMJOMUw8V8ihZQl8Z791bkBUe4pZwpXnO9ji7kvu4qQybEoDiCWbaS8LkS
SoOqY3HInF3ezJrYgfo5+qw9eaNX/0T66ZNlwho4Ahocq1jN+bDkAvjfGwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAIJb5XkjHNEtJafNUuIWu1VTi3BMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY0NDU5OGUyLTVhMWQtNDM3NC05ZTZlLTRjYWQwNjA2ZTBhOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauZAwDQYJKoZIhvcNAQELBQADggEBALA2fhPYuYgV8ZfrXfpj
Yh8/M9wNB1Q/Sjz/TfaSKFztvOnVqZC+8XC/mEYij12RVAblKaWF0o12lM1ZkYWz
NrCd3M1KmiSgHOn3LC53LkrEveNER4CazA1uQz0nNMxVmvFVab5UdpMObHNQzcaz
5WA5cbsJPeSWClbz0ZNkVHHM1tHoWtVpdUDZQ8VjUT1A6kjCDyGjkRZNb3pWqq4u
dWRCreNXR5REpeu+l6ioU4jCnhdclTcyQM5HbNwj8UXsu0Dy0GsBYkd/GBDqwxuT
PNsNE+UryQW11m9tTF5bgKj8X32nOr+kTx23uvllSjz0wAXSDAP/+taOekLDmQ2M
vvU=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:55 2024 by rpki-client on console-fra.rpki-client.org