Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/667bae0e-6025-4a25-a289-cdb2e802f6fe.roa
File:                     667bae0e-6025-4a25-a289-cdb2e802f6fe.roa (raw, json)
Hash identifier:          cW8oMvTAOr7RHtZColFg3KodHsQKxv1oUUx+P3c2pXs=
Subject key identifier:   04:65:F4:35:E2:28:E5:2F:6D:FE:AD:CE:DA:61:38:C0:1D:12:89:EC
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6918FCE93F88681A8034942C06F9E6EAEE95D908
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/667bae0e-6025-4a25-a289-cdb2e802f6fe.roa
Signing time:             Tue 29 Oct 2024 00:00:00 +0000
ROA not before:           Tue 29 Oct 2024 00:00:00 +0000
ROA not after:            Tue 03 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da12::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Nov 2024 00:10:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:18:fc:e9:3f:88:68:1a:80:34:94:2c:06:f9:e6:ea:ee:95:d9:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Oct 29 00:00:00 2024 GMT
            Not After : Dec  3 23:59:59 2024 GMT
        Subject: serialNumber=768ab216c3f35d3f9acd833e2e7568dc9eeeb307e6052b71f514e369d6a1a8cb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:05:ef:45:f5:59:11:0d:be:e7:d6:be:5c:f7:
                    da:72:81:ca:69:f1:e4:d9:00:af:28:e0:f0:de:3b:
                    f4:82:81:58:5e:85:87:66:1f:c4:3c:f2:c3:cb:c9:
                    52:10:94:4e:00:ec:67:ad:07:92:14:fb:bf:83:b2:
                    86:75:6c:84:48:5c:17:d2:c6:2c:08:d5:3d:5c:16:
                    65:78:80:15:ad:83:9a:5a:4e:ad:28:e5:46:76:e3:
                    a7:90:82:a4:ae:1b:a5:f3:7f:1b:55:bb:cf:53:c6:
                    24:e5:bb:bc:d3:9d:21:ef:cf:ac:95:11:63:8c:a6:
                    70:da:c8:71:50:92:0c:6f:4b:c6:f5:1c:e4:35:4b:
                    cf:c2:96:ce:33:1a:16:5b:2b:29:93:af:31:5d:2f:
                    70:e3:91:b6:a1:23:51:2b:9a:78:18:08:d2:ce:32:
                    03:a0:31:64:60:6b:a3:36:8a:8e:91:e7:a2:8c:9c:
                    12:29:e2:8b:0c:1d:77:57:60:0b:0d:ed:1c:04:81:
                    b6:fa:9a:79:c2:d2:bb:77:14:35:44:86:72:cc:5b:
                    69:c2:72:2c:ad:a7:eb:ab:a5:cc:63:59:9c:49:41:
                    ed:c2:1e:16:3a:bc:97:1f:7f:5f:04:e2:f6:cb:31:
                    25:9d:9b:eb:5c:31:54:90:63:2b:73:91:bd:90:17:
                    d6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:65:F4:35:E2:28:E5:2F:6D:FE:AD:CE:DA:61:38:C0:1D:12:89:EC
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/667bae0e-6025-4a25-a289-cdb2e802f6fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da12::/36

    Signature Algorithm: sha256WithRSAEncryption
         ad:03:85:89:6d:06:5a:31:05:d2:f7:fa:16:f2:28:5d:4e:22:
         98:ae:f1:ed:95:6b:ba:4e:ee:1b:59:6f:29:1a:ac:dd:4f:d8:
         42:73:b5:51:bc:49:6b:5e:0e:36:9b:16:04:4c:ce:a2:6c:30:
         a7:18:88:a6:eb:20:e7:91:a7:ec:4e:76:16:60:32:51:86:cf:
         9e:3e:c4:91:b7:3c:e3:ed:27:27:44:fc:52:ee:0b:87:d0:de:
         1d:bf:fe:34:b4:4a:63:29:5f:ec:b9:d8:8b:21:7a:3b:9b:46:
         b8:df:c8:b9:65:ae:e6:6e:33:3c:46:04:e8:f5:9f:b5:65:b8:
         e7:5e:48:44:83:8c:3a:88:1a:0f:85:87:8f:6f:9b:4d:78:bb:
         2b:d4:b3:0c:14:24:7d:6b:55:fc:ae:7a:42:09:17:c0:1c:eb:
         e2:6d:c4:5b:ed:34:b3:9d:59:2c:2a:64:b6:4b:ae:ee:b2:f6:
         97:ed:26:d1:97:14:f9:47:ca:79:27:7b:80:60:4f:40:a3:dd:
         16:87:81:16:d7:2e:ed:35:fd:b7:46:ce:cb:09:31:22:02:e2:
         23:76:82:18:5c:9e:9e:5e:6d:af:ea:98:15:39:f1:de:1b:03:
         cc:8e:7f:0f:e0:a4:3e:4f:99:30:10:af:a3:7c:9b:28:da:a5:
         1b:e9:43:d2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUaRj86T+IaBqANJQsBvnm6u6V2QgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTAyOTAwMDAwMFoX
DTI0MTIwMzIzNTk1OVowejFJMEcGA1UEBRNANzY4YWIyMTZjM2YzNWQzZjlhY2Q4
MzNlMmU3NTY4ZGM5ZWVlYjMwN2U2MDUyYjcxZjUxNGUzNjlkNmExYThjYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgXvRfVZEQ2+59a+XPfacoHKafHk
2QCvKODw3jv0goFYXoWHZh/EPPLDy8lSEJROAOxnrQeSFPu/g7KGdWyESFwX0sYs
CNU9XBZleIAVrYOaWk6tKOVGduOnkIKkrhul838bVbvPU8Yk5bu8050h78+slRFj
jKZw2shxUJIMb0vG9RzkNUvPwpbOMxoWWyspk68xXS9w45G2oSNRK5p4GAjSzjID
oDFkYGujNoqOkeeijJwSKeKLDB13V2ALDe0cBIG2+pp5wtK7dxQ1RIZyzFtpwnIs
rafrq6XMY1mcSUHtwh4WOryXH39fBOL2yzElnZvrXDFUkGMrc5G9kBfWzwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFARl9DXiKOUvbf6tztphOMAdEonsMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY2N2JhZTBlLTYwMjUtNGEyNS1hMjg5LWNkYjJlODAyZjZmZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaEgAwDQYJKoZIhvcNAQELBQADggEBAK0DhYltBloxBdL3+hby
KF1OIpiu8e2Va7pO7htZbykarN1P2EJztVG8SWteDjabFgRMzqJsMKcYiKbrIOeR
p+xOdhZgMlGGz54+xJG3POPtJydE/FLuC4fQ3h2//jS0SmMpX+y52IshejubRrjf
yLllruZuMzxGBOj1n7VluOdeSESDjDqIGg+Fh49vm014uyvUswwUJH1rVfyuekIJ
F8Ac6+JtxFvtNLOdWSwqZLZLru6y9pftJtGXFPlHynkne4BgT0Cj3RaHgRbXLu01
/bdGzssJMSIC4iN2ghhcnp5eba/qmBU58d4bA8yOfw/gpD5PmTAQr6N8myjapRvp
Q9I=
-----END CERTIFICATE-----
Generated at Thu Nov 7 01:56:56 2024 by rpki-client on console-fra.rpki-client.org