Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/710800d0-a544-4fe9-abd4-369c82fabbb3.roa
File:                     710800d0-a544-4fe9-abd4-369c82fabbb3.roa (raw, json)
Hash identifier:          ihNKhqf0eoWRHgGz6t9lVlOSR+OXTn2t/zFvSlVOFz4=
Subject key identifier:   FF:B1:50:59:32:A7:EB:C4:24:56:B6:17:28:7E:AC:46:1C:A3:94:48
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2C06AD2824088FD604BD5F5D200AEF94AD6D8A78
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/710800d0-a544-4fe9-abd4-369c82fabbb3.roa
Signing time:             Fri 31 May 2024 00:00:00 +0000
ROA not before:           Fri 31 May 2024 00:00:00 +0000
ROA not after:            Fri 05 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafe:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:06:ad:28:24:08:8f:d6:04:bd:5f:5d:20:0a:ef:94:ad:6d:8a:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 31 00:00:00 2024 GMT
            Not After : Jul  5 23:59:59 2024 GMT
        Subject: serialNumber=9040e3c5455d5b7b6cb1fe0f923c79700c831838399a2de2133629f09e93620e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:78:6d:fb:4f:44:00:ae:3c:ac:a5:3e:74:37:
                    28:8e:3c:81:d3:95:89:a2:76:e4:4c:6f:01:25:a3:
                    6b:35:2f:5f:e5:11:7d:6c:81:a2:3f:00:ce:21:72:
                    50:6f:bf:e3:56:84:09:da:2b:32:17:e0:c0:94:54:
                    18:f2:34:ed:b0:22:47:e5:6a:84:3e:2a:19:3a:78:
                    68:1d:4b:7d:db:24:d2:75:a5:25:58:b3:7b:8d:01:
                    51:c0:08:88:c6:51:74:b3:91:72:c5:d4:5f:ab:89:
                    70:e6:91:ca:18:2e:e6:87:4e:8f:60:d8:5a:9e:ca:
                    43:4f:e1:13:f7:7f:e1:53:56:53:3f:1c:0b:cf:f2:
                    84:c4:af:1e:b7:84:e3:f7:c5:82:40:35:34:b6:9e:
                    49:a3:ea:0a:f7:0b:ee:30:e8:f2:86:66:ca:11:ed:
                    1a:84:c9:4f:3e:01:8f:4a:04:f6:80:e3:72:31:86:
                    a3:44:38:f7:8b:9e:0e:49:24:ac:fb:42:3a:5d:b3:
                    92:be:9e:34:b2:fc:c7:59:02:d2:40:85:a8:61:c0:
                    a6:1c:16:07:f0:b2:ed:52:30:28:d5:b7:f0:8c:3f:
                    08:3a:12:22:13:9b:f1:d1:1c:94:26:5d:93:9a:c0:
                    d8:67:69:44:14:85:ea:08:1f:b8:c3:29:b6:6c:f9:
                    57:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:B1:50:59:32:A7:EB:C4:24:56:B6:17:28:7E:AC:46:1C:A3:94:48
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/710800d0-a544-4fe9-abd4-369c82fabbb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafe:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         4b:d6:bb:90:00:5d:34:9a:e5:fa:25:68:7e:27:a6:00:f0:7a:
         b4:66:9e:1a:d5:f3:1f:f4:1b:ae:5f:c8:00:1b:aa:3c:f3:5d:
         7e:a4:c3:a9:7e:53:a3:9e:52:e7:c7:00:5b:05:1e:3a:95:2d:
         52:de:51:3c:1a:06:4c:61:0b:62:74:3a:0c:6a:19:b5:01:e5:
         7a:36:65:cc:e9:46:a4:f4:5b:b4:ed:11:d6:13:99:95:d5:4a:
         04:3b:99:ff:65:43:bf:c2:a6:fa:f5:4b:39:5b:dd:01:d0:1c:
         05:9c:9b:4e:e8:18:08:9e:39:1b:d2:6f:1d:29:1b:3c:06:94:
         c9:a8:69:18:4d:ac:64:f6:e0:f8:be:93:f1:8e:c1:e7:f7:e6:
         eb:ec:f3:f8:7a:59:00:21:e6:fa:f2:8d:62:d3:db:1d:b4:f5:
         ca:34:c4:fc:80:b3:77:31:06:4d:6f:de:cc:0c:f4:f9:a6:0e:
         6c:28:eb:ee:ed:d1:51:04:88:92:ff:b1:73:a2:a1:ee:37:6c:
         ac:48:57:f2:f2:1e:ba:94:72:ee:0a:9e:ea:15:21:d5:0f:7c:
         2a:96:32:5e:92:b4:91:69:47:6d:72:10:09:09:57:4e:63:ab:
         b1:49:74:f9:af:e1:1a:f9:00:35:07:7e:0c:4e:3d:c4:0b:27:
         63:1e:69:35
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULAatKCQIj9YEvV9dIArvlK1tingwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUzMTAwMDAwMFoX
DTI0MDcwNTIzNTk1OVowejFJMEcGA1UEBRNAOTA0MGUzYzU0NTVkNWI3YjZjYjFm
ZTBmOTIzYzc5NzAwYzgzMTgzODM5OWEyZGUyMTMzNjI5ZjA5ZTkzNjIwZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Hht+09EAK48rKU+dDcojjyB05WJ
onbkTG8BJaNrNS9f5RF9bIGiPwDOIXJQb7/jVoQJ2isyF+DAlFQY8jTtsCJH5WqE
PioZOnhoHUt92yTSdaUlWLN7jQFRwAiIxlF0s5FyxdRfq4lw5pHKGC7mh06PYNha
nspDT+ET93/hU1ZTPxwLz/KExK8et4Tj98WCQDU0tp5Jo+oK9wvuMOjyhmbKEe0a
hMlPPgGPSgT2gONyMYajRDj3i54OSSSs+0I6XbOSvp40svzHWQLSQIWoYcCmHBYH
8LLtUjAo1bfwjD8IOhIiE5vx0RyUJl2TmsDYZ2lEFIXqCB+4wym2bPlX3wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFP+xUFkyp+vEJFa2Fyh+rEYco5RIMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzcxMDgwMGQwLWE1NDQtNGZlOS1hYmQ0LTM2OWM4MmZhYmJiMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/ggwDQYJKoZIhvcNAQELBQADggEBAEvWu5AAXTSa5folaH4n
pgDwerRmnhrV8x/0G65fyAAbqjzzXX6kw6l+U6OeUufHAFsFHjqVLVLeUTwaBkxh
C2J0OgxqGbUB5Xo2ZczpRqT0W7TtEdYTmZXVSgQ7mf9lQ7/Cpvr1Szlb3QHQHAWc
m07oGAieORvSbx0pGzwGlMmoaRhNrGT24Pi+k/GOwef35uvs8/h6WQAh5vryjWLT
2x209co0xPyAs3cxBk1v3swM9PmmDmwo6+7t0VEEiJL/sXOioe43bKxIV/LyHrqU
cu4KnuoVIdUPfCqWMl6StJFpR21yEAkJV05jq7FJdPmv4Rr5ADUHfgxOPcQLJ2Me
aTU=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:01:50 2024 by rpki-client on console-fra.rpki-client.org