Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa
File:                     6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa (raw, json)
Hash identifier:          IuOGWsr6ydalH3eHgNXYnHOAsr/jrz2ZGeTWAwIAxPk=
Subject key identifier:   D7:22:1C:F6:54:2B:9E:D1:6B:8C:57:70:93:B1:06:A6:54:3F:02:17
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1D0A73FD077B43B7D91498AF80078691CC09365F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa
Signing time:             Fri 31 May 2024 00:00:00 +0000
ROA not before:           Fri 31 May 2024 00:00:00 +0000
ROA not after:            Fri 05 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daa0:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:0a:73:fd:07:7b:43:b7:d9:14:98:af:80:07:86:91:cc:09:36:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 31 00:00:00 2024 GMT
            Not After : Jul  5 23:59:59 2024 GMT
        Subject: serialNumber=b42dfa09f9b8b958c51be0f6f0527656bb9707d63a13b3eb2956dedbaa220561, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:49:d2:df:16:98:10:f5:30:4e:47:7f:94:55:
                    bb:8a:00:ea:4d:ab:d1:80:48:60:20:c4:aa:c7:d7:
                    66:1b:5c:f2:fa:71:b6:d1:5b:27:66:e9:94:28:1b:
                    eb:6b:95:df:22:8b:89:0f:50:71:4e:e2:32:a1:eb:
                    76:13:5f:64:58:9b:19:7f:b9:3e:2d:03:2c:1b:b1:
                    c4:c7:f7:31:62:9e:19:e5:5f:76:4a:22:7e:72:7a:
                    9c:0b:1d:bd:0f:9f:dc:52:76:e0:8e:7b:ba:31:ac:
                    51:af:ac:da:f2:8f:63:15:b7:3f:05:16:1c:cf:89:
                    20:38:7f:03:b1:68:60:e2:e3:a2:5a:c7:93:5e:13:
                    f5:f6:2f:fa:c1:10:17:eb:40:66:90:6d:38:12:9b:
                    3a:a0:a1:21:65:6b:34:5e:7f:64:ea:31:1c:a6:51:
                    2c:92:2d:0b:19:89:f2:7d:5e:96:cb:24:3e:4b:99:
                    e2:a8:ae:e8:50:28:c1:1b:ba:c2:82:a8:54:20:91:
                    40:7d:6e:af:bf:50:78:1f:c5:aa:6f:75:e9:d9:87:
                    c2:c4:1e:e3:41:10:d8:4e:69:0a:93:98:29:e3:dd:
                    05:41:46:d3:6e:08:72:f5:0f:eb:9e:8e:2a:1d:a4:
                    d8:da:9b:09:72:c0:d1:d7:0d:83:55:1a:37:5e:ae:
                    b2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:22:1C:F6:54:2B:9E:D1:6B:8C:57:70:93:B1:06:A6:54:3F:02:17
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b336b02-f773-4fbb-bbc4-a1149b172ad2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daa0:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:e7:78:9a:5d:f9:cd:50:c6:66:eb:ae:0c:67:ee:e9:d0:3f:
         ab:bc:bf:6c:0c:61:f9:56:eb:c1:1a:50:5e:32:0b:74:fb:98:
         5a:ce:b7:08:65:fe:6d:55:b3:3a:2e:a7:26:3c:74:14:ab:b1:
         1b:fa:3a:b8:78:c1:28:fa:c4:7c:a7:96:12:b1:7a:18:c5:e3:
         31:af:f8:71:88:f0:4d:03:44:0d:99:6b:ea:3e:3b:b1:77:f3:
         67:07:93:dc:33:5e:6b:37:a4:b8:c0:8f:76:0a:1f:e1:d2:11:
         35:6c:63:52:92:bc:21:4c:fe:82:1e:1c:4c:74:d6:51:ea:8d:
         3e:5b:9e:11:dc:71:3b:60:65:bf:a1:9e:bb:7b:e0:c6:f1:08:
         cc:c6:10:8f:1e:6b:2c:79:53:85:8b:58:40:43:a5:32:5d:a9:
         07:74:ce:15:0c:23:bb:99:98:04:ed:49:30:01:d2:01:89:8e:
         8b:a0:57:e0:52:d0:e1:d3:b0:e2:c0:3c:6f:56:47:23:8b:b7:
         3c:fb:df:9f:c4:a7:48:e1:be:c2:af:1d:92:ed:42:3f:35:a9:
         29:21:1a:0b:28:d1:d6:98:fa:c1:1b:8c:eb:f5:b9:9b:1c:e8:
         76:5a:55:4a:f5:78:bc:8f:e5:c0:c3:95:7b:e5:5e:de:62:dc:
         d8:f9:32:24
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUHQpz/Qd7Q7fZFJivgAeGkcwJNl8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUzMTAwMDAwMFoX
DTI0MDcwNTIzNTk1OVowejFJMEcGA1UEBRNAYjQyZGZhMDlmOWI4Yjk1OGM1MWJl
MGY2ZjA1Mjc2NTZiYjk3MDdkNjNhMTNiM2ViMjk1NmRlZGJhYTIyMDU2MTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0nS3xaYEPUwTkd/lFW7igDqTavR
gEhgIMSqx9dmG1zy+nG20VsnZumUKBvra5XfIouJD1BxTuIyoet2E19kWJsZf7k+
LQMsG7HEx/cxYp4Z5V92SiJ+cnqcCx29D5/cUnbgjnu6MaxRr6za8o9jFbc/BRYc
z4kgOH8DsWhg4uOiWseTXhP19i/6wRAX60BmkG04Eps6oKEhZWs0Xn9k6jEcplEs
ki0LGYnyfV6WyyQ+S5niqK7oUCjBG7rCgqhUIJFAfW6vv1B4H8Wqb3Xp2YfCxB7j
QRDYTmkKk5gp490FQUbTbghy9Q/rno4qHaTY2psJcsDR1w2DVRo3Xq6yEQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNciHPZUK57Ra4xXcJOxBqZUPwIXMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzZiMzM2YjAyLWY3NzMtNGZiYi1iYmM0LWExMTQ5YjE3MmFkMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaoLAwDQYJKoZIhvcNAQELBQADggEBAJ3neJpd+c1Qxmbrrgxn
7unQP6u8v2wMYflW68EaUF4yC3T7mFrOtwhl/m1VszoupyY8dBSrsRv6Orh4wSj6
xHynlhKxehjF4zGv+HGI8E0DRA2Za+o+O7F382cHk9wzXms3pLjAj3YKH+HSETVs
Y1KSvCFM/oIeHEx01lHqjT5bnhHccTtgZb+hnrt74MbxCMzGEI8eayx5U4WLWEBD
pTJdqQd0zhUMI7uZmATtSTAB0gGJjougV+BS0OHTsOLAPG9WRyOLtzz735/Ep0jh
vsKvHZLtQj81qSkhGgso0daY+sEbjOv1uZsc6HZaVUr1eLyP5cDDlXvlXt5i3Nj5
MiQ=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:55 2024 by rpki-client on console-fra.rpki-client.org