Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/79f34a6b-850b-4988-b9c9-b49d5a938aa3.roa
File:                     79f34a6b-850b-4988-b9c9-b49d5a938aa3.roa (raw, json)
Hash identifier:          OHzJGsuz0Ls4f7emQyinCY1k3lek/1ZO8h6jxQ5nCXM=
Subject key identifier:   BD:00:0A:9E:A5:93:35:53:C4:76:E3:5C:8C:F2:90:E5:13:C9:69:A8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0D79E9E9215EE2F2BA35767169D2D394ABAFB85F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/79f34a6b-850b-4988-b9c9-b49d5a938aa3.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:79:e9:e9:21:5e:e2:f2:ba:35:76:71:69:d2:d3:94:ab:af:b8:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=4f69ee08b87fef0bf3de49774e364abd7089d741c7562c8dcd828b22119fe7ef, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f6:9a:85:6e:e6:16:68:22:6d:bd:86:36:29:
                    53:f1:2e:3d:36:48:35:d2:f2:81:d2:e6:76:39:8e:
                    2a:83:14:d8:c6:33:a6:92:6d:ba:d7:80:be:b0:e0:
                    2e:0b:ee:73:ac:2d:b3:c0:99:66:56:99:44:0a:f9:
                    6e:11:aa:90:1b:ce:5c:4a:8f:51:7a:f5:79:5d:2e:
                    aa:fb:de:79:31:c7:d4:c4:0f:e5:00:dd:db:5c:c9:
                    82:c8:cc:3f:9d:0d:04:5e:e6:c8:8d:2a:63:6e:d9:
                    d4:5e:af:d8:5f:4d:24:6e:39:a8:15:40:cd:77:92:
                    00:e6:02:81:d8:94:27:a5:9f:3b:1d:20:64:7c:8c:
                    ca:32:20:28:ed:9d:34:e3:5a:9d:6a:de:51:0b:6e:
                    c6:c6:e2:0f:5e:91:31:7d:e9:56:f5:10:9b:ce:c2:
                    15:1f:11:1d:fa:00:39:e5:dc:ed:52:21:31:4a:01:
                    7b:94:f0:0f:0f:1e:da:cb:0c:17:49:76:3e:e0:35:
                    28:17:9f:6b:ed:5f:18:d7:d5:67:ce:20:6a:e8:9d:
                    4b:fe:f4:37:36:9a:7f:61:db:ce:df:3a:80:73:54:
                    1d:f4:82:b4:29:59:7d:82:9f:16:1a:d9:9d:ab:63:
                    61:da:61:c6:24:ca:bd:f2:36:a6:44:56:eb:14:74:
                    bf:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:00:0A:9E:A5:93:35:53:C4:76:E3:5C:8C:F2:90:E5:13:C9:69:A8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/79f34a6b-850b-4988-b9c9-b49d5a938aa3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b4:b2:92:08:cd:d8:9e:c4:be:4a:3f:a5:be:18:ad:2a:e0:1c:
         14:47:03:48:73:6e:64:76:e0:ec:5f:cb:88:e2:a0:15:70:bd:
         3f:ef:7c:fa:a5:da:eb:0b:ae:92:a4:6c:7d:4b:e4:d2:2f:78:
         fb:ad:2b:fe:67:48:83:a1:62:c3:83:8f:a3:74:92:01:54:87:
         fb:10:0b:df:f7:d0:a4:74:6a:3c:e2:4e:97:d7:ba:63:1b:cf:
         8d:01:bb:74:93:f4:f8:1c:c5:67:64:be:d7:30:94:8c:d3:4d:
         3e:c9:82:64:b0:02:5f:d7:16:21:d4:ad:50:15:98:81:8c:ca:
         4b:12:83:f9:d7:99:34:94:02:44:f3:04:cf:91:cb:7e:af:98:
         ae:04:3b:ca:5c:aa:aa:dc:95:d0:a9:90:a2:b0:4a:b7:40:59:
         0a:20:92:de:fa:c0:cb:7c:c4:e1:05:02:de:96:26:7f:48:c8:
         3e:02:a4:31:74:1f:55:56:32:b3:a7:e5:9a:3f:4b:e3:22:74:
         12:eb:a0:54:2f:27:87:16:19:30:aa:54:3e:92:5d:20:0f:81:
         2d:57:8b:8d:88:4c:c4:29:55:0d:0b:e5:6d:b4:99:68:07:71:
         9f:a1:14:bf:e6:9c:e8:2f:54:1e:25:2f:02:40:a3:6b:bc:e9:
         61:d5:a3:a5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUDXnp6SFe4vK6NXZxadLTlKuvuF8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNANGY2OWVlMDhiODdmZWYwYmYzZGU0
OTc3NGUzNjRhYmQ3MDg5ZDc0MWM3NTYyYzhkY2Q4MjhiMjIxMTlmZTdlZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPaahW7mFmgibb2GNilT8S49Nkg1
0vKB0uZ2OY4qgxTYxjOmkm2614C+sOAuC+5zrC2zwJlmVplECvluEaqQG85cSo9R
evV5XS6q+955McfUxA/lAN3bXMmCyMw/nQ0EXubIjSpjbtnUXq/YX00kbjmoFUDN
d5IA5gKB2JQnpZ87HSBkfIzKMiAo7Z0041qdat5RC27GxuIPXpExfelW9RCbzsIV
HxEd+gA55dztUiExSgF7lPAPDx7aywwXSXY+4DUoF59r7V8Y19VnziBq6J1L/vQ3
Npp/YdvO3zqAc1Qd9IK0KVl9gp8WGtmdq2Nh2mHGJMq98jamRFbrFHS/tQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL0ACp6lkzVTxHbjXIzykOUTyWmoMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzc5ZjM0YTZiLTg1MGItNDk4OC1iOWM5LWI0OWQ1YTkzOGFhMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaaAwDQYJKoZIhvcNAQELBQADggEBALSykgjN2J7Evko/pb4Y
rSrgHBRHA0hzbmR24Oxfy4jioBVwvT/vfPql2usLrpKkbH1L5NIvePutK/5nSIOh
YsODj6N0kgFUh/sQC9/30KR0ajziTpfXumMbz40Bu3ST9PgcxWdkvtcwlIzTTT7J
gmSwAl/XFiHUrVAVmIGMyksSg/nXmTSUAkTzBM+Ry36vmK4EO8pcqqrcldCpkKKw
SrdAWQogkt76wMt8xOEFAt6WJn9IyD4CpDF0H1VWMrOn5Zo/S+MidBLroFQvJ4cW
GTCqVD6SXSAPgS1Xi42ITMQpVQ0L5W20mWgHcZ+hFL/mnOgvVB4lLwJAo2u86WHV
o6U=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:56:53 2024 by rpki-client on console-ams.rpki-client.org