Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/794feada-3f8b-4a7b-8954-992fddba3191.roa
File:                     794feada-3f8b-4a7b-8954-992fddba3191.roa (raw, json)
Hash identifier:          d9Dfjh2V50gaVvZvEGsCN0vOS4B/WWS1QaUWTHSpgX0=
Subject key identifier:   7E:8E:C4:B1:39:F7:27:7C:B7:36:85:22:0E:49:4A:93:D9:E0:9A:9A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       10BDA80D9EFB967E674DC6F25CD32F4086A50F78
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/794feada-3f8b-4a7b-8954-992fddba3191.roa
Signing time:             Thu 02 Mar 2023 00:00:00 +0000
ROA not before:           Thu 02 Mar 2023 00:00:00 +0000
ROA not after:            Thu 06 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 16 Mar 2023 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:bd:a8:0d:9e:fb:96:7e:67:4d:c6:f2:5c:d3:2f:40:86:a5:0f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar  2 00:00:00 2023 GMT
            Not After : Apr  6 23:59:59 2023 GMT
        Subject: serialNumber=9878ca3ff0a675e6694e123904b962cafb54573f47675a456e0edd3a6f74a51d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:11:ed:2a:02:a5:0b:db:96:a7:ce:8d:7d:8b:
                    57:32:24:e1:e7:81:73:f5:7c:dd:1f:4d:ad:01:f8:
                    a0:e7:99:69:24:69:12:38:c1:2d:77:9f:c4:f4:99:
                    14:51:da:a9:60:6a:7a:37:85:5f:51:5e:0c:59:0b:
                    17:bb:e1:85:9c:d4:8b:16:62:e9:93:87:ba:55:d9:
                    2a:f7:c2:06:d1:ce:e2:98:d4:10:a2:59:21:fc:3b:
                    85:9b:fc:38:91:3e:5a:2d:f3:60:9f:47:5f:ea:a8:
                    00:da:6e:db:32:85:44:cd:5a:e3:55:f0:4e:36:5d:
                    03:fb:b2:62:33:65:6d:79:49:f2:e4:70:71:7a:2c:
                    07:bb:9c:77:74:5d:03:08:f6:61:ce:ee:23:9c:81:
                    5c:2e:73:57:c3:fb:92:b3:df:c6:f8:09:31:76:87:
                    26:d4:b9:35:4b:fb:b8:44:96:e1:06:85:65:ad:30:
                    78:6a:f3:a1:3e:d5:f2:e6:09:dd:61:c7:b9:7e:8a:
                    b0:dd:d2:f1:77:37:72:54:d7:d6:11:6e:60:4b:f9:
                    b6:8c:5d:f5:ba:36:7e:a5:44:8d:28:be:c3:27:59:
                    83:c0:18:4f:95:32:73:db:56:61:61:32:af:fc:ca:
                    81:a0:01:ef:b9:2c:c6:2f:f8:2e:a1:4b:8e:15:f8:
                    66:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                7E:8E:C4:B1:39:F7:27:7C:B7:36:85:22:0E:49:4A:93:D9:E0:9A:9A
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/794feada-3f8b-4a7b-8954-992fddba3191.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:e1:90:ba:ae:a4:62:03:d0:b5:b6:63:4d:5e:7f:d0:f9:66:
         2d:4c:2c:67:4c:b2:93:b3:cc:7e:7f:1c:97:ad:83:22:05:2a:
         c9:7f:ab:df:69:70:7c:e4:bc:ef:b5:64:45:f2:25:f6:54:e5:
         00:26:85:8b:ac:cb:58:a2:90:90:f2:61:00:c0:32:b3:08:80:
         2e:b5:54:9a:05:cd:dc:a0:b5:42:78:94:b5:9c:dc:27:5c:75:
         26:3b:41:fc:84:10:df:e4:a6:81:48:12:6f:d7:1f:d0:b2:cb:
         df:6f:19:95:b5:3e:59:39:19:0c:18:8f:fa:43:62:c5:13:67:
         b4:10:bb:1c:a6:9e:7e:0f:25:78:12:3a:0a:fc:a4:c5:2a:74:
         d7:90:75:c3:8f:d0:08:75:0f:12:f2:d1:d0:cd:01:2d:d4:2e:
         cd:7f:ab:c9:46:9e:bc:e4:72:94:0c:c5:d9:62:62:5b:c3:d1:
         90:54:c9:a6:cb:80:4a:e5:d7:33:4c:d6:5c:93:7f:43:36:65:
         df:81:f0:65:8d:83:9d:28:11:38:b4:66:c5:7a:8d:69:54:1c:
         0f:18:a0:7c:00:c6:eb:4a:6f:18:91:39:37:06:62:c5:97:13:
         ed:3f:10:4c:da:9b:9d:14:bc:49:62:9c:90:10:ab:3d:38:7a:
         ec:5e:cb:ca
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUEL2oDZ77ln5nTcbyXNMvQIalD3gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMwMjAwMDAwMFoX
DTIzMDQwNjIzNTk1OVowgaUxSTBHBgNVBAUTQDk4NzhjYTNmZjBhNjc1ZTY2OTRl
MTIzOTA0Yjk2MmNhZmI1NDU3M2Y0NzY3NWE0NTZlMGVkZDNhNmY3NGE1MWQxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpEe0qAqUL25anzo19i1cyJOHngXP1fN0f
Ta0B+KDnmWkkaRI4wS13n8T0mRRR2qlgano3hV9RXgxZCxe74YWc1IsWYumTh7pV
2Sr3wgbRzuKY1BCiWSH8O4Wb/DiRPlot82CfR1/qqADabtsyhUTNWuNV8E42XQP7
smIzZW15SfLkcHF6LAe7nHd0XQMI9mHO7iOcgVwuc1fD+5Kz38b4CTF2hybUuTVL
+7hEluEGhWWtMHhq86E+1fLmCd1hx7l+irDd0vF3N3JU19YRbmBL+baMXfW6Nn6l
RI0ovsMnWYPAGE+VMnPbVmFhMq/8yoGgAe+5LMYv+C6hS44V+GafAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUfo7EsTn3J3y3NoUiDklKk9ngmpowHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvNzk0
ZmVhZGEtM2Y4Yi00YTdiLTg5NTQtOTkyZmRkYmEzMTkxLnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtrxoDANBgkqhkiG9w0BAQsFAAOCAQEABeGQuq6kYgPQtbZjTV5/0Plm
LUwsZ0yyk7PMfn8cl62DIgUqyX+r32lwfOS877VkRfIl9lTlACaFi6zLWKKQkPJh
AMAyswiALrVUmgXN3KC1QniUtZzcJ1x1JjtB/IQQ3+SmgUgSb9cf0LLL328ZlbU+
WTkZDBiP+kNixRNntBC7HKaefg8leBI6CvykxSp015B1w4/QCHUPEvLR0M0BLdQu
zX+ryUaevORylAzF2WJiW8PRkFTJpsuASuXXM0zWXJN/QzZl34HwZY2DnSgROLRm
xXqNaVQcDxigfADG60pvGJE5NwZixZcT7T8QTNqbnRS8SWKckBCrPTh67F7Lyg==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:52:18 2023 by rpki-client on console-fra.rpki-client.org