Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/66c75786-d155-4d77-8244-4d1048cecdfa.roa
File:                     66c75786-d155-4d77-8244-4d1048cecdfa.roa (raw, json)
Hash identifier:          ZdgR+IFm9LvmXwxuERyT/7vBDKIw3J7MEE7LYO/y2mY=
Subject key identifier:   6B:9A:3A:D1:6F:21:99:FF:B4:9D:BB:6C:52:D5:F4:C0:88:F7:3E:FE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       41F1D6E3102E3335421A6F55D371B172FCD640A3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/66c75786-d155-4d77-8244-4d1048cecdfa.roa
Signing time:             Fri 31 May 2024 00:00:00 +0000
ROA not before:           Fri 31 May 2024 00:00:00 +0000
ROA not after:            Fri 05 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:f1:d6:e3:10:2e:33:35:42:1a:6f:55:d3:71:b1:72:fc:d6:40:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 31 00:00:00 2024 GMT
            Not After : Jul  5 23:59:59 2024 GMT
        Subject: serialNumber=a28a8ada076a78d5a85dce9e727b03c5f1e21581463541a5a557ba043f5c9ff5, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:61:b3:08:68:d2:b7:b5:2a:2d:73:83:57:8b:
                    e6:94:a1:10:b8:6c:28:52:85:37:05:7c:9e:b9:23:
                    5d:fc:78:cf:be:a9:a4:b0:22:59:58:36:11:b3:df:
                    0b:b1:28:40:1a:7f:73:1a:8a:0c:a1:3e:a2:5d:66:
                    cb:62:86:d4:5e:69:52:f8:23:24:e7:c8:02:1a:49:
                    eb:7a:ae:f1:fd:76:89:5a:3d:d3:a6:18:60:81:e2:
                    47:35:2d:fb:dc:3e:6c:6e:83:3a:e7:75:96:bc:e8:
                    12:c9:1d:56:99:f5:f8:55:e6:8b:ca:7f:25:d9:e6:
                    0c:99:84:d5:a3:71:ca:9b:b9:91:81:84:f1:59:f5:
                    e5:90:a3:eb:85:9a:76:e1:57:bd:d0:43:b1:81:9f:
                    c2:0a:2b:56:a7:cf:03:b3:62:d7:05:f0:3b:71:7f:
                    b3:12:5a:80:16:dc:5f:50:92:41:a0:41:76:6b:b0:
                    61:6b:c6:ee:66:7b:34:96:3a:70:c1:c9:8d:2e:f5:
                    93:f3:55:20:10:7a:aa:0a:f7:18:7b:63:fc:c6:09:
                    b5:2e:30:0d:7a:cf:ad:4a:27:e1:b6:50:09:8d:47:
                    50:63:ad:3b:89:46:44:3b:90:be:c8:a5:f6:00:dc:
                    b4:a4:0e:fb:63:fb:e2:f6:3f:2a:ef:6b:f8:ee:8c:
                    7b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:9A:3A:D1:6F:21:99:FF:B4:9D:BB:6C:52:D5:F4:C0:88:F7:3E:FE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/66c75786-d155-4d77-8244-4d1048cecdfa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         6c:a5:84:b3:50:94:22:1f:a2:56:87:e5:9d:7b:1e:dc:9c:43:
         84:b1:8d:3e:93:9a:85:ac:5e:83:25:ba:ee:44:59:a1:fc:ef:
         c2:04:9e:e7:6a:65:49:65:f1:43:7d:02:78:e2:6c:c1:fc:51:
         58:d3:a7:84:57:ab:b4:51:67:c9:a1:fb:27:f8:01:68:3b:38:
         df:f6:1a:9e:f9:37:f3:4d:9e:2b:95:bf:b9:23:50:35:b6:73:
         fd:f2:ba:74:79:e6:c9:fc:31:df:a0:96:28:52:15:f5:94:96:
         29:e4:85:a7:5f:41:5c:e9:39:72:e6:d8:c2:cb:3f:82:92:7b:
         77:32:5c:e2:1e:ff:64:dc:32:7a:57:4e:9e:1b:7c:b7:c8:19:
         91:42:f7:71:7d:9c:d5:80:44:a8:45:16:39:68:fb:b0:b2:5b:
         1a:5c:b2:04:19:c1:b2:d1:a2:e3:ab:22:22:2c:41:dd:8b:f7:
         ce:8d:54:15:19:41:7f:28:48:24:fc:04:43:2f:c7:35:62:a0:
         45:31:39:3f:72:a6:54:59:a5:7c:71:2f:a4:da:54:48:76:34:
         35:7f:74:2c:be:8c:f2:01:65:37:40:08:11:5a:bd:13:53:ec:
         68:4e:42:b0:80:a0:f8:52:b0:65:8c:02:02:45:57:da:a7:bb:
         4b:3b:31:af
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQfHW4xAuMzVCGm9V03GxcvzWQKMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUzMTAwMDAwMFoX
DTI0MDcwNTIzNTk1OVowejFJMEcGA1UEBRNAYTI4YThhZGEwNzZhNzhkNWE4NWRj
ZTllNzI3YjAzYzVmMWUyMTU4MTQ2MzU0MWE1YTU1N2JhMDQzZjVjOWZmNTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmGzCGjSt7UqLXODV4vmlKEQuGwo
UoU3BXyeuSNd/HjPvqmksCJZWDYRs98LsShAGn9zGooMoT6iXWbLYobUXmlS+CMk
58gCGknreq7x/XaJWj3TphhggeJHNS373D5sboM653WWvOgSyR1WmfX4VeaLyn8l
2eYMmYTVo3HKm7mRgYTxWfXlkKPrhZp24Ve90EOxgZ/CCitWp88Ds2LXBfA7cX+z
ElqAFtxfUJJBoEF2a7Bha8buZns0ljpwwcmNLvWT81UgEHqqCvcYe2P8xgm1LjAN
es+tSifhtlAJjUdQY607iUZEO5C+yKX2ANy0pA77Y/vi9j8q72v47ox7ZwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGuaOtFvIZn/tJ27bFLV9MCI9z7+MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY2Yzc1Nzg2LWQxNTUtNGQ3Ny04MjQ0LTRkMTA0OGNlY2RmYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+wgwDQYJKoZIhvcNAQELBQADggEBAGylhLNQlCIfolaH5Z17
HtycQ4SxjT6TmoWsXoMluu5EWaH878IEnudqZUll8UN9AnjibMH8UVjTp4RXq7RR
Z8mh+yf4AWg7ON/2Gp75N/NNniuVv7kjUDW2c/3yunR55sn8Md+glihSFfWUlink
hadfQVzpOXLm2MLLP4KSe3cyXOIe/2TcMnpXTp4bfLfIGZFC93F9nNWARKhFFjlo
+7CyWxpcsgQZwbLRouOrIiIsQd2L986NVBUZQX8oSCT8BEMvxzVioEUxOT9yplRZ
pXxxL6TaVEh2NDV/dCy+jPIBZTdACBFavRNT7GhOQrCAoPhSsGWMAgJFV9qnu0s7
Ma8=
-----END CERTIFICATE-----
Generated at Fri Jun 14 16:48:07 2024 by rpki-client on console-fra.rpki-client.org