Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b01259d-9f22-4394-8476-cc9d3cf57a44.roa
File:                     7b01259d-9f22-4394-8476-cc9d3cf57a44.roa (raw, json)
Hash identifier:          IM0OqlDbgynVOaMFnrFqbKlejZkjH2GGA6M2E8RyWBs=
Subject key identifier:   50:70:10:50:9B:E6:40:3D:E3:B8:09:B8:24:23:3B:E2:6F:55:B5:BF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3CF71013163F7D113B3582D99D3A4572A40D1A46
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b01259d-9f22-4394-8476-cc9d3cf57a44.roa
Signing time:             Tue 12 Mar 2024 00:00:00 +0000
ROA not before:           Tue 12 Mar 2024 00:00:00 +0000
ROA not after:            Tue 16 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f7:10:13:16:3f:7d:11:3b:35:82:d9:9d:3a:45:72:a4:0d:1a:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Apr 16 23:59:59 2024 GMT
        Subject: serialNumber=a958f9a7d4a48476ab5a90412d28c8653d2b3e7fc18093a6a2541840b60288c2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:50:81:48:0b:0f:20:de:e0:f0:68:9c:96:72:
                    fa:b4:a0:f4:c8:6f:cf:96:8c:25:23:1a:3c:3a:a6:
                    d4:7c:4a:c3:6d:36:5d:59:5c:2f:c5:0d:f7:52:42:
                    3a:86:07:de:61:37:6a:eb:73:3b:02:23:fd:42:18:
                    5a:74:ea:a1:cd:fb:5c:c1:ba:c4:53:0b:16:55:57:
                    d6:70:c1:c1:cf:28:0c:e3:4e:0f:b7:c8:2d:9d:e9:
                    52:b7:e3:da:71:4a:7a:e8:be:67:af:2d:80:4a:e2:
                    dd:3b:d8:23:16:62:f2:11:9b:ec:01:74:66:ec:a0:
                    b5:1f:02:0d:d9:20:e5:fc:53:08:ff:f4:d1:f1:9b:
                    f3:af:6d:34:1e:a0:bb:1c:1a:ce:93:89:d3:06:5e:
                    cc:89:89:b4:6c:2e:ce:7d:33:fb:ba:20:74:e7:4e:
                    b6:fb:1e:41:7b:9c:dc:10:e5:27:91:e8:ad:2e:dd:
                    09:48:fc:bd:4c:86:e2:50:4f:75:5c:2d:30:e9:19:
                    41:90:b1:6b:51:88:69:b8:ab:12:4a:4c:85:e3:d3:
                    e9:3a:c4:05:5f:bc:57:1a:55:c5:f4:5c:1e:60:31:
                    80:36:49:0c:96:c1:ad:3e:6f:88:01:5f:c0:c3:05:
                    0f:65:7c:6a:bb:22:c9:85:b4:48:51:13:cd:b7:35:
                    5b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:70:10:50:9B:E6:40:3D:E3:B8:09:B8:24:23:3B:E2:6F:55:B5:BF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b01259d-9f22-4394-8476-cc9d3cf57a44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c8:1a:16:fb:f6:e9:9c:7b:57:21:46:07:79:ae:87:21:2d:98:
         38:32:74:66:d2:03:0e:93:65:df:e5:20:7a:df:ec:34:16:b3:
         4b:95:82:b1:1e:e8:8b:19:12:53:0c:9b:d7:1f:2f:cd:63:bb:
         f2:0c:f4:d0:8f:2d:11:3a:d6:42:94:b8:1d:18:0a:8e:60:e6:
         66:59:f6:7e:44:1b:44:9e:4d:01:23:c9:10:75:69:87:6a:11:
         97:85:62:39:61:99:a4:89:3c:57:06:99:e4:3e:41:a4:75:c3:
         18:2b:69:03:26:c7:cc:12:63:70:c5:33:41:0f:82:f7:08:b9:
         38:1e:43:06:b3:ff:d6:56:37:8b:4a:93:15:4c:c4:b2:96:a6:
         8e:bd:dc:de:70:50:89:9c:63:c1:78:d9:60:c0:3e:90:b8:f0:
         d8:fe:95:dc:15:96:5b:ab:c5:62:eb:09:62:98:18:ac:ed:95:
         aa:88:ca:52:67:10:eb:57:01:43:57:e9:b4:40:14:04:51:94:
         f3:e0:37:4b:e8:cf:5e:74:c6:3b:ad:42:b3:6f:74:f3:f0:f3:
         6e:1a:d5:c4:e5:45:15:d4:d8:f1:67:9a:31:f1:c2:d1:2b:6a:
         00:d8:93:ca:d6:3c:2e:55:48:77:e9:a2:db:3b:05:e7:3b:d0:
         25:32:2c:75
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUPPcQExY/fRE7NYLZnTpFcqQNGkYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDMxMjAwMDAwMFoX
DTI0MDQxNjIzNTk1OVowejFJMEcGA1UEBRNAYTk1OGY5YTdkNGE0ODQ3NmFiNWE5
MDQxMmQyOGM4NjUzZDJiM2U3ZmMxODA5M2E2YTI1NDE4NDBiNjAyODhjMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VCBSAsPIN7g8GiclnL6tKD0yG/P
lowlIxo8OqbUfErDbTZdWVwvxQ33UkI6hgfeYTdq63M7AiP9QhhadOqhzftcwbrE
UwsWVVfWcMHBzygM404Pt8gtnelSt+PacUp66L5nry2ASuLdO9gjFmLyEZvsAXRm
7KC1HwIN2SDl/FMI//TR8Zvzr200HqC7HBrOk4nTBl7MiYm0bC7OfTP7uiB05062
+x5Be5zcEOUnkeitLt0JSPy9TIbiUE91XC0w6RlBkLFrUYhpuKsSSkyF49PpOsQF
X7xXGlXF9FweYDGANkkMlsGtPm+IAV/AwwUPZXxquyLJhbRIURPNtzVblQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFBwEFCb5kA947gJuCQjO+JvVbW/MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzdiMDEyNTlkLTlmMjItNDM5NC04NDc2LWNjOWQzY2Y1N2E0NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9xAwDQYJKoZIhvcNAQELBQADggEBAMgaFvv26Zx7VyFGB3mu
hyEtmDgydGbSAw6TZd/lIHrf7DQWs0uVgrEe6IsZElMMm9cfL81ju/IM9NCPLRE6
1kKUuB0YCo5g5mZZ9n5EG0SeTQEjyRB1aYdqEZeFYjlhmaSJPFcGmeQ+QaR1wxgr
aQMmx8wSY3DFM0EPgvcIuTgeQwaz/9ZWN4tKkxVMxLKWpo693N5wUImcY8F42WDA
PpC48Nj+ldwVllurxWLrCWKYGKztlaqIylJnEOtXAUNX6bRAFARRlPPgN0voz150
xjutQrNvdPPw824a1cTlRRXU2PFnmjHxwtEragDYk8rWPC5VSHfpots7Bec70CUy
LHU=
-----END CERTIFICATE-----
Generated at Thu Mar 28 00:59:36 2024 by rpki-client on console-fra.rpki-client.org