Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6966423c-fa27-4cd5-898f-a147e75cdcb6.roa
File:                     6966423c-fa27-4cd5-898f-a147e75cdcb6.roa (raw, json)
Hash identifier:          SXPvkgjXzy93hmGQSL2ta4Qt0H9o95gu6kgeC2rvMd8=
Subject key identifier:   1B:D2:4B:D9:74:95:9A:A6:FD:45:B1:90:0A:F2:9D:F6:8A:86:38:92
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5FCFE4D1537634E7047C43D46F9926BEB3606300
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6966423c-fa27-4cd5-898f-a147e75cdcb6.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:cf:e4:d1:53:76:34:e7:04:7c:43:d4:6f:99:26:be:b3:60:63:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=65891e6e43bf290778fa0c10864e7d16808d89a6eeca2bf74054e9d79f3e3d7a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:98:5a:81:e9:3f:26:75:7d:99:87:4c:23:13:
                    d5:c0:9d:c9:64:e6:55:c2:b6:ee:cf:ca:61:28:1b:
                    e7:73:cf:53:c4:52:9e:83:7a:11:10:03:8c:c4:21:
                    5a:c7:1b:99:2d:93:f1:b7:d4:00:b1:9b:d7:e1:e1:
                    f1:f0:bc:de:64:bc:22:3c:30:b5:92:01:46:91:3d:
                    cd:71:4e:cb:76:d5:40:bc:da:00:6b:ae:d9:ea:7b:
                    a4:7d:ac:a0:a5:04:57:4f:e3:83:21:11:8d:bc:b0:
                    6c:6b:fb:b1:ba:c0:54:33:7d:0e:d4:a6:b0:62:4b:
                    89:e5:43:33:a3:b1:01:e2:b9:20:56:0d:23:82:89:
                    d0:09:e3:ce:c3:60:55:85:83:3c:e0:72:a6:46:3b:
                    54:9c:98:51:fe:de:04:f3:b8:ec:b3:3c:05:61:bd:
                    9a:86:2e:67:d1:53:b4:7e:50:20:b6:8d:5e:79:5e:
                    c9:07:62:fc:c7:b5:10:5f:01:7d:8b:3e:fd:47:6b:
                    c6:97:c1:11:91:90:90:3b:71:dd:c3:a1:54:58:f3:
                    3a:99:7a:4e:9d:d9:e1:a7:30:f9:29:9d:f5:93:e4:
                    08:b9:e8:fd:8b:c3:1b:c3:98:b1:23:77:87:63:1d:
                    00:67:33:58:10:d1:e0:ea:4b:ab:34:72:e5:33:2c:
                    a5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D2:4B:D9:74:95:9A:A6:FD:45:B1:90:0A:F2:9D:F6:8A:86:38:92
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6966423c-fa27-4cd5-898f-a147e75cdcb6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a4:8b:f5:ac:06:03:f2:d8:05:12:64:e9:7a:e2:59:9b:08:bb:
         64:4c:16:87:de:db:0b:03:52:27:1b:8f:88:3e:f2:fb:52:6b:
         de:cb:f6:b4:5d:c8:af:cf:a9:39:17:4f:93:56:22:17:17:b0:
         f6:9d:d2:67:fd:ff:c0:b8:de:29:a6:a7:7e:5c:28:96:9c:e6:
         67:db:68:35:db:a2:73:4c:0f:b0:2f:7d:2f:5c:05:d7:aa:a0:
         04:d1:c9:c2:37:a9:d1:c4:bf:dd:73:9f:4c:e4:6f:08:57:d3:
         1f:57:3a:f0:16:51:6a:bd:de:2f:c6:b1:3e:a7:9b:30:a4:db:
         b5:43:8a:66:eb:50:66:5b:33:40:eb:94:34:f0:35:b6:01:8d:
         ec:d9:d0:d2:10:46:3c:22:f2:f7:af:9a:70:f5:c0:04:ca:c5:
         21:fb:34:40:ef:81:61:d0:9a:dc:04:3d:9e:86:46:68:e2:61:
         27:d1:f4:e9:d9:28:f4:b0:db:39:45:42:bd:04:9a:94:28:0b:
         f5:57:18:04:89:44:5f:8a:1b:71:67:5a:22:29:7c:99:77:c9:
         a9:57:fb:25:65:de:b2:5d:9d:6d:f2:40:4c:63:a0:03:97:5b:
         d4:d2:fb:c6:00:b6:04:9f:ec:db:e7:c8:b5:92:c5:8f:a3:43:
         f1:dc:c9:9f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUX8/k0VN2NOcEfEPUb5kmvrNgYwAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNANjU4OTFlNmU0M2JmMjkwNzc4ZmEw
YzEwODY0ZTdkMTY4MDhkODlhNmVlY2EyYmY3NDA1NGU5ZDc5ZjNlM2Q3YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZhagek/JnV9mYdMIxPVwJ3JZOZV
wrbuz8phKBvnc89TxFKeg3oREAOMxCFaxxuZLZPxt9QAsZvX4eHx8LzeZLwiPDC1
kgFGkT3NcU7LdtVAvNoAa67Z6nukfaygpQRXT+ODIRGNvLBsa/uxusBUM30O1Kaw
YkuJ5UMzo7EB4rkgVg0jgonQCePOw2BVhYM84HKmRjtUnJhR/t4E87jsszwFYb2a
hi5n0VO0flAgto1eeV7JB2L8x7UQXwF9iz79R2vGl8ERkZCQO3Hdw6FUWPM6mXpO
ndnhpzD5KZ31k+QIuej9i8Mbw5ixI3eHYx0AZzNYENHg6kurNHLlMyylwQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBvSS9l0lZqm/UWxkArynfaKhjiSMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY5NjY0MjNjLWZhMjctNGNkNS04OThmLWExNDdlNzVjZGNiNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauaAwDQYJKoZIhvcNAQELBQADggEBAKSL9awGA/LYBRJk6Xri
WZsIu2RMFofe2wsDUicbj4g+8vtSa97L9rRdyK/PqTkXT5NWIhcXsPad0mf9/8C4
3immp35cKJac5mfbaDXbonNMD7AvfS9cBdeqoATRycI3qdHEv91zn0zkbwhX0x9X
OvAWUWq93i/GsT6nmzCk27VDimbrUGZbM0DrlDTwNbYBjezZ0NIQRjwi8vevmnD1
wATKxSH7NEDvgWHQmtwEPZ6GRmjiYSfR9OnZKPSw2zlFQr0EmpQoC/VXGASJRF+K
G3FnWiIpfJl3yalX+yVl3rJdnW3yQExjoAOXW9TS+8YAtgSf7NvnyLWSxY+jQ/Hc
yZ8=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:05 2024 by rpki-client on console-ams.rpki-client.org