Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6c009993-5553-4873-85cc-bcb3b5e4a58c.roa
File:                     6c009993-5553-4873-85cc-bcb3b5e4a58c.roa (raw, json)
Hash identifier:          +hj1DgKp+D43jYA754sfU5zFYGqOBupS6E7OPFe7cbc=
Subject key identifier:   38:BC:E6:F0:4A:AB:95:3B:35:CB:90:6F:C5:7A:68:F4:EB:64:4B:23
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4DED9FA002269A14B59ECD9C42061F737D6A2E55
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6c009993-5553-4873-85cc-bcb3b5e4a58c.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf9:4800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ed:9f:a0:02:26:9a:14:b5:9e:cd:9c:42:06:1f:73:7d:6a:2e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=635fd76beeb69371c9c273e963da7fedceda4c2ed321edccf3c9b33ec440a4df, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:07:fc:32:2d:0d:7f:e0:ee:59:d4:6e:3b:49:
                    b9:ba:a0:25:c2:ec:44:85:10:75:fe:0f:e5:e1:0f:
                    b0:a5:88:7a:d5:12:b4:4c:b7:94:67:91:3d:af:29:
                    6f:c8:d8:ed:c9:a5:28:89:00:12:c0:c5:c7:51:c3:
                    f1:25:7b:7d:49:0a:9d:68:87:03:42:a8:9a:06:96:
                    a7:ba:b8:1d:d1:50:90:f6:fa:40:6a:b2:b5:8b:01:
                    97:78:dd:b4:15:47:57:57:9e:8c:18:d0:20:01:7d:
                    c8:73:9b:bd:c1:70:ef:92:d0:e1:1b:34:e7:c8:3e:
                    a5:35:5c:11:a3:8c:45:12:f8:70:d0:08:cd:b7:8a:
                    7c:e2:e8:d7:84:52:cb:45:46:e8:33:61:06:8a:bd:
                    53:5d:fa:bf:de:c0:64:51:ce:e3:47:5c:1a:c6:0f:
                    eb:79:4d:82:d1:2f:44:3a:61:d5:63:ec:e3:d3:fa:
                    1c:2a:a4:a5:b8:3d:50:d9:3c:f6:82:8b:8a:c4:cf:
                    c8:8d:35:13:e6:57:fe:08:ef:11:1e:ba:ef:0c:6e:
                    df:51:c3:93:3e:02:13:86:1e:e2:e7:b4:cd:e1:cf:
                    f9:b2:9f:51:33:4e:e2:a4:73:ad:48:41:2d:21:a3:
                    bb:52:ed:48:7c:39:38:ef:85:bd:f5:d6:0e:75:2a:
                    41:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:BC:E6:F0:4A:AB:95:3B:35:CB:90:6F:C5:7A:68:F4:EB:64:4B:23
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6c009993-5553-4873-85cc-bcb3b5e4a58c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf9:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         a0:34:48:70:e4:cd:c0:3e:ff:43:a7:91:ac:36:8e:b7:14:b6:
         55:8f:88:0b:f0:01:e3:5d:d9:33:8c:4d:da:92:27:71:f4:d9:
         fa:0c:a5:00:21:fb:d5:a8:f5:2f:ac:2b:73:42:7c:f3:4d:2f:
         10:62:99:73:ff:ea:16:48:20:1d:ce:e6:6c:ec:84:ed:32:9e:
         78:eb:ba:45:1b:c7:f6:f1:0c:ee:15:05:48:81:cf:2d:08:7d:
         5b:e1:3c:f5:c6:8b:e2:76:16:2a:c9:2f:c8:f2:44:08:ac:d7:
         bf:45:80:64:bc:49:d2:b4:d8:a3:da:5d:54:30:c1:7f:11:4f:
         b1:aa:38:e2:58:f1:80:81:e9:e5:c2:b6:31:18:4c:5d:54:23:
         0f:45:63:5d:3b:58:8d:ee:6b:8e:6f:a3:a6:5c:4c:81:2a:e6:
         1d:65:0b:6d:41:d0:e1:b3:6c:93:98:c0:cd:56:be:27:75:15:
         77:54:cb:d4:2d:7b:79:fa:e6:38:60:16:a1:37:2c:15:77:dc:
         51:b2:34:8a:26:96:75:8a:78:1a:9b:c8:e7:22:c0:37:8b:1f:
         45:f3:c8:4f:de:84:ea:0a:5c:29:b5:34:e4:84:84:f5:1b:95:
         35:0f:01:86:bf:89:bc:1b:fe:62:a0:9a:65:cc:a3:f2:86:f0:
         28:ad:d8:d2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTe2foAImmhS1ns2cQgYfc31qLlUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNANjM1ZmQ3NmJlZWI2OTM3MWM5YzI3
M2U5NjNkYTdmZWRjZWRhNGMyZWQzMjFlZGNjZjNjOWIzM2VjNDQwYTRkZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQf8Mi0Nf+DuWdRuO0m5uqAlwuxE
hRB1/g/l4Q+wpYh61RK0TLeUZ5E9rylvyNjtyaUoiQASwMXHUcPxJXt9SQqdaIcD
QqiaBpanurgd0VCQ9vpAarK1iwGXeN20FUdXV56MGNAgAX3Ic5u9wXDvktDhGzTn
yD6lNVwRo4xFEvhw0AjNt4p84ujXhFLLRUboM2EGir1TXfq/3sBkUc7jR1waxg/r
eU2C0S9EOmHVY+zj0/ocKqSluD1Q2Tz2gouKxM/IjTUT5lf+CO8RHrrvDG7fUcOT
PgIThh7i57TN4c/5sp9RM07ipHOtSEEtIaO7Uu1IfDk474W99dYOdSpBGwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDi85vBKq5U7NcuQb8V6aPTrZEsjMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzZjMDA5OTkzLTU1NTMtNDg3My04NWNjLWJjYjNiNWU0YTU4Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+UgwDQYJKoZIhvcNAQELBQADggEBAKA0SHDkzcA+/0Onkaw2
jrcUtlWPiAvwAeNd2TOMTdqSJ3H02foMpQAh+9Wo9S+sK3NCfPNNLxBimXP/6hZI
IB3O5mzshO0ynnjrukUbx/bxDO4VBUiBzy0IfVvhPPXGi+J2FirJL8jyRAis179F
gGS8SdK02KPaXVQwwX8RT7GqOOJY8YCB6eXCtjEYTF1UIw9FY107WI3ua45vo6Zc
TIEq5h1lC21B0OGzbJOYwM1Wvid1FXdUy9Qte3n65jhgFqE3LBV33FGyNIomlnWK
eBqbyOciwDeLH0XzyE/ehOoKXCm1NOSEhPUblTUPAYa/ibwb/mKgmmXMo/KG8Cit
2NI=
-----END CERTIFICATE-----
Generated at Sun Jun 16 00:53:14 2024 by rpki-client on console-fra.rpki-client.org