Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b01259d-9f22-4394-8476-cc9d3cf57a44.roa
File:                     7b01259d-9f22-4394-8476-cc9d3cf57a44.roa (raw, json)
Hash identifier:          5SzulkES2h+BSElanl4HSBcSoS7Q1/tdHPX0Sq9Fc1E=
Subject key identifier:   C0:47:B7:56:5B:D8:A0:D6:ED:1F:00:28:1A:A0:E3:2D:82:4B:59:80
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5B65799FE0165614310D243C0223FFF3AEA8DDC4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b01259d-9f22-4394-8476-cc9d3cf57a44.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:65:79:9f:e0:16:56:14:31:0d:24:3c:02:23:ff:f3:ae:a8:dd:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=c4085a9d67a747608d30798f42540fa31cf36c504ef901b554dac398cffa17dd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:58:2f:38:d5:39:cc:c0:cb:eb:14:d3:74:b2:
                    83:d6:8c:33:9b:11:53:62:2a:5b:fe:21:e0:3c:57:
                    d3:de:61:61:7e:71:cf:9c:e9:8c:dc:4c:39:23:51:
                    17:9a:f2:df:9a:be:54:07:05:70:86:aa:af:4a:2d:
                    55:05:da:f5:26:ed:87:de:59:1b:7c:14:fe:bf:02:
                    c4:9f:97:7d:a6:76:58:9f:75:9f:13:fa:f6:bc:30:
                    e1:c7:58:1b:ae:03:e3:67:46:8f:bb:77:3a:08:6c:
                    64:fb:5c:db:bd:9a:9c:ea:4d:d6:e3:db:76:14:58:
                    29:b9:fb:4e:5d:af:7d:52:00:22:dc:c1:c1:8e:1b:
                    4d:af:2b:b3:2c:2b:8b:d8:87:ed:65:4b:5b:92:aa:
                    d6:dc:52:2c:99:2a:64:d6:bb:4c:76:4e:5f:3c:2a:
                    ac:f7:3b:ab:a4:ca:f2:1b:45:6c:a7:4a:df:b8:78:
                    09:4a:85:35:e5:8c:81:33:4e:7f:a1:da:04:28:f0:
                    f3:6e:e1:dd:ad:25:8d:a0:6f:19:a7:e4:86:66:1d:
                    e5:32:bd:12:4e:f2:24:66:fb:d8:dd:7c:8d:af:05:
                    47:fb:e5:f4:29:ed:2e:b7:58:1f:46:20:d7:e2:78:
                    32:ae:7d:8f:b9:02:b4:eb:c9:9b:f7:2e:62:c4:1f:
                    81:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:47:B7:56:5B:D8:A0:D6:ED:1F:00:28:1A:A0:E3:2D:82:4B:59:80
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b01259d-9f22-4394-8476-cc9d3cf57a44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:29:2d:88:30:bf:0d:7f:df:c6:80:d1:e3:da:f3:f5:de:78:
         63:e5:93:fe:75:5c:b4:53:fc:ee:c9:ef:b7:2e:85:c9:f2:b9:
         28:3a:41:a1:27:97:e4:68:44:e8:f4:93:4f:80:3e:62:d2:93:
         54:c9:22:ea:88:31:d9:f1:2a:7a:a8:dc:56:0d:ad:4f:47:85:
         0c:e9:1d:ad:37:9c:9f:b1:26:84:0e:a4:57:04:0a:32:bb:8c:
         b3:aa:4b:56:8d:5b:f1:ad:be:44:c1:99:3e:2a:41:c9:45:f8:
         18:c2:59:f0:25:f8:88:be:58:e5:a9:de:c8:06:7b:f6:03:6f:
         0e:f3:23:78:b3:51:3a:01:1a:53:81:08:ba:41:c6:c7:58:ff:
         bd:24:b7:3f:d4:f5:ed:6f:31:bb:59:c4:57:63:6c:48:91:b2:
         6d:05:c3:35:24:d3:16:6c:f3:83:8c:39:32:1b:55:5d:87:25:
         0e:56:05:ad:d9:88:6c:b7:37:6b:bd:be:9f:d8:08:53:c9:37:
         dc:ee:d9:12:99:07:54:4d:27:f7:8c:f6:f2:5a:d4:b6:0a:ea:
         9d:8c:9f:da:f0:24:51:42:66:74:b2:b6:13:03:88:e0:fd:01:
         1f:98:b8:b8:ed:80:d3:1a:36:30:59:67:52:dd:b4:19:6a:f8:
         68:7a:2f:69
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUW2V5n+AWVhQxDSQ8AiP/866o3cQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAYzQwODVhOWQ2N2E3NDc2MDhkMzA3
OThmNDI1NDBmYTMxY2YzNmM1MDRlZjkwMWI1NTRkYWMzOThjZmZhMTdkZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1gvONU5zMDL6xTTdLKD1owzmxFT
Yipb/iHgPFfT3mFhfnHPnOmM3Ew5I1EXmvLfmr5UBwVwhqqvSi1VBdr1Ju2H3lkb
fBT+vwLEn5d9pnZYn3WfE/r2vDDhx1gbrgPjZ0aPu3c6CGxk+1zbvZqc6k3W49t2
FFgpuftOXa99UgAi3MHBjhtNryuzLCuL2IftZUtbkqrW3FIsmSpk1rtMdk5fPCqs
9zurpMryG0Vsp0rfuHgJSoU15YyBM05/odoEKPDzbuHdrSWNoG8Zp+SGZh3lMr0S
TvIkZvvY3XyNrwVH++X0Ke0ut1gfRiDX4ngyrn2PuQK068mb9y5ixB+BgQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMBHt1Zb2KDW7R8AKBqg4y2CS1mAMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzdiMDEyNTlkLTlmMjItNDM5NC04NDc2LWNjOWQzY2Y1N2E0NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9xAwDQYJKoZIhvcNAQELBQADggEBAEIpLYgwvw1/38aA0ePa
8/XeeGPlk/51XLRT/O7J77cuhcnyuSg6QaEnl+RoROj0k0+APmLSk1TJIuqIMdnx
Knqo3FYNrU9HhQzpHa03nJ+xJoQOpFcECjK7jLOqS1aNW/GtvkTBmT4qQclF+BjC
WfAl+Ii+WOWp3sgGe/YDbw7zI3izUToBGlOBCLpBxsdY/70ktz/U9e1vMbtZxFdj
bEiRsm0FwzUk0xZs84OMOTIbVV2HJQ5WBa3ZiGy3N2u9vp/YCFPJN9zu2RKZB1RN
J/eM9vJa1LYK6p2Mn9rwJFFCZnSythMDiOD9AR+YuLjtgNMaNjBZZ1LdtBlq+Gh6
L2k=
-----END CERTIFICATE-----
Generated at Mon Jun 24 01:28:14 2024 by rpki-client on console-ams.rpki-client.org