Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/64aa810d-cc7f-45fe-b794-d290c3a511c5.roa
File:                     64aa810d-cc7f-45fe-b794-d290c3a511c5.roa (raw, json)
Hash identifier:          f7TCQ2U2jdgonevH+2IDqvpIHv5lcFms+9UxbnTnJAc=
Subject key identifier:   DF:14:84:98:E1:30:AB:E1:CA:36:54:9E:AE:5A:E9:48:09:56:C1:F7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       424400091C85A47F4A91E7190B3BF2B756058D5D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/64aa810d-cc7f-45fe-b794-d290c3a511c5.roa
Signing time:             Mon 27 Mar 2023 00:00:00 +0000
ROA not before:           Mon 27 Mar 2023 00:00:00 +0000
ROA not after:            Mon 01 May 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 28 Mar 2023 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:44:00:09:1c:85:a4:7f:4a:91:e7:19:0b:3b:f2:b7:56:05:8d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 27 00:00:00 2023 GMT
            Not After : May  1 23:59:59 2023 GMT
        Subject: serialNumber=be833ad69f4e03516531d6adf248d10d9eff492a607a54335726c9ecdf10811b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:33:dc:b7:4e:6b:52:60:47:79:46:8b:28:e2:
                    03:23:d2:cc:fb:5b:d2:bb:7d:4e:d9:30:32:99:84:
                    dc:e2:ff:b4:3c:c6:7e:8e:16:46:48:a1:68:e3:d9:
                    78:5e:28:0d:e7:4e:32:8d:6d:f4:b1:d4:72:f7:13:
                    03:72:79:21:7a:cf:3b:35:ae:0b:e7:67:d4:0f:d8:
                    da:b0:25:2c:ae:d1:ce:e5:97:f1:35:db:3c:a0:6a:
                    e5:a2:cf:c4:bd:91:25:51:5e:64:86:bb:b5:e9:c8:
                    48:cf:19:9d:62:44:bd:a9:7d:67:b5:b5:00:26:44:
                    ae:29:19:f5:1a:31:ed:d9:a0:f2:bb:f2:dd:07:2b:
                    a2:a7:b0:4c:99:4a:9f:3e:bd:0b:7c:99:fe:56:c2:
                    2a:96:63:41:84:d5:bf:22:0d:fd:78:ff:75:df:6d:
                    cd:ae:5f:bf:81:49:cf:c1:a0:60:89:f0:07:77:db:
                    5f:d1:b3:47:50:ec:c6:89:3f:b1:6b:5f:31:03:21:
                    40:db:4d:43:68:3f:b4:49:5d:e8:fa:d8:69:49:cc:
                    b4:01:84:c4:b8:1a:f8:1b:c9:8a:9e:59:b0:ee:61:
                    21:42:bd:ad:2d:17:40:52:35:9c:72:3a:a0:a0:c8:
                    a5:73:57:92:a0:b5:3e:bd:9e:23:6e:78:5c:6c:a9:
                    86:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                DF:14:84:98:E1:30:AB:E1:CA:36:54:9E:AE:5A:E9:48:09:56:C1:F7
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/64aa810d-cc7f-45fe-b794-d290c3a511c5.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:72:39:c4:fa:bb:67:e9:5a:3b:37:f1:42:fb:5f:a8:a9:1c:
         fd:2c:14:52:1b:9d:c4:78:4d:3f:cd:69:9a:76:95:24:a1:a5:
         9b:2d:0c:45:f0:03:16:45:1a:94:81:68:86:15:18:b1:72:e1:
         5d:cc:29:3e:e3:9d:85:0a:49:25:88:ad:e4:99:2e:a2:f3:02:
         9c:f0:89:37:38:e2:87:bc:09:99:f1:cc:1a:8c:fa:2f:15:31:
         6f:76:6f:b6:4d:22:21:13:fc:08:6d:58:f7:23:41:4c:3b:50:
         2b:7c:4f:4d:41:18:d2:c1:b9:5c:8b:5d:76:4d:cb:5a:2c:b5:
         b7:50:80:0e:84:b4:81:12:e0:b0:91:aa:ea:ce:9a:9d:7a:dc:
         fc:4c:db:cf:34:57:40:c4:04:6b:d8:50:d8:72:19:e8:47:0e:
         ce:62:fd:d6:78:6b:1e:2c:be:84:0a:16:1f:68:3f:c5:44:c5:
         e6:aa:a9:69:98:e9:4d:91:f6:c8:d2:18:c7:f3:7e:47:bb:09:
         f8:de:2a:6e:dc:ed:8b:17:98:b6:47:3e:8f:ab:31:3e:3c:61:
         5b:ec:e8:f9:e1:53:3d:ea:c6:3b:f1:aa:8e:13:de:f7:ae:52:
         1c:0e:b9:b7:6a:ec:7a:67:0a:27:e0:21:af:17:68:1c:6e:f5:
         3d:8b:81:53
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUQkQACRyFpH9KkecZCzvyt1YFjV0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMyNzAwMDAwMFoX
DTIzMDUwMTIzNTk1OVowgaUxSTBHBgNVBAUTQGJlODMzYWQ2OWY0ZTAzNTE2NTMx
ZDZhZGYyNDhkMTBkOWVmZjQ5MmE2MDdhNTQzMzU3MjZjOWVjZGYxMDgxMWIxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVM9y3TmtSYEd5Roso4gMj0sz7W9K7fU7Z
MDKZhNzi/7Q8xn6OFkZIoWjj2XheKA3nTjKNbfSx1HL3EwNyeSF6zzs1rgvnZ9QP
2NqwJSyu0c7ll/E12zygauWiz8S9kSVRXmSGu7XpyEjPGZ1iRL2pfWe1tQAmRK4p
GfUaMe3ZoPK78t0HK6KnsEyZSp8+vQt8mf5WwiqWY0GE1b8iDf14/3Xfbc2uX7+B
Sc/BoGCJ8Ad321/Rs0dQ7MaJP7FrXzEDIUDbTUNoP7RJXej62GlJzLQBhMS4Gvgb
yYqeWbDuYSFCva0tF0BSNZxyOqCgyKVzV5KgtT69niNueFxsqYZhAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQU3xSEmOEwq+HKNlSerlrpSAlWwfcwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvNjRh
YTgxMGQtY2M3Zi00NWZlLWI3OTQtZDI5MGMzYTUxMWM1LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtrx4DANBgkqhkiG9w0BAQsFAAOCAQEAKHI5xPq7Z+laOzfxQvtfqKkc
/SwUUhudxHhNP81pmnaVJKGlmy0MRfADFkUalIFohhUYsXLhXcwpPuOdhQpJJYit
5JkuovMCnPCJNzjih7wJmfHMGoz6LxUxb3Zvtk0iIRP8CG1Y9yNBTDtQK3xPTUEY
0sG5XItddk3LWiy1t1CADoS0gRLgsJGq6s6anXrc/EzbzzRXQMQEa9hQ2HIZ6EcO
zmL91nhrHiy+hAoWH2g/xUTF5qqpaZjpTZH2yNIYx/N+R7sJ+N4qbtztixeYtkc+
j6sxPjxhW+zo+eFTPerGO/GqjhPe965SHA65t2rsemcKJ+AhrxdoHG71PYuBUw==
-----END CERTIFICATE-----
Generated at Mon Mar 27 00:42:43 2023 by rpki-client on console-ams.rpki-client.org