Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/863b1d35-6e44-49bf-821c-64a6e5812d58.roa
File:                     863b1d35-6e44-49bf-821c-64a6e5812d58.roa (raw, json)
Hash identifier:          lb5W9M/uHL6AlGJOIU4QvOHHWnvkTat9dz6yl6jNco0=
Subject key identifier:   C9:37:6E:92:E5:5C:37:1A:88:0D:13:9F:29:27:9E:62:9C:08:9D:06
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       C07612F3F8ACED8574E05DA4AFB3F9A8A89638
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/863b1d35-6e44-49bf-821c-64a6e5812d58.roa
Signing time:             Sat 16 Mar 2024 00:00:00 +0000
ROA not before:           Sat 16 Mar 2024 00:00:00 +0000
ROA not after:            Sat 20 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c0:76:12:f3:f8:ac:ed:85:74:e0:5d:a4:af:b3:f9:a8:a8:96:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 16 00:00:00 2024 GMT
            Not After : Apr 20 23:59:59 2024 GMT
        Subject: serialNumber=cc4a97bffe4defd69eb3d306a6ca5df24683dfe36a54f048ffffcfdb7a9bb12a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cf:7d:35:d1:28:4a:d5:60:a3:d1:2f:0c:75:
                    18:71:1b:a0:25:76:3a:c6:19:cc:cd:75:ac:c7:eb:
                    85:7d:34:db:2e:b8:dc:7e:ec:d9:b2:36:b5:a3:5c:
                    a0:b2:44:58:48:a0:82:59:f0:c2:47:c5:50:9c:6b:
                    93:7b:55:dd:0c:b5:68:60:c8:92:bc:66:ff:c5:3d:
                    55:2e:89:e3:b1:79:bc:11:d9:e4:73:f4:3b:89:ca:
                    44:80:b4:3a:f3:15:bf:f2:86:b9:25:f9:cb:93:44:
                    17:1b:bc:8c:15:6c:6e:35:5d:25:e2:00:e1:cf:6d:
                    d4:59:fa:7d:77:60:27:da:e9:82:4c:89:31:3c:7d:
                    ad:2d:f7:6c:eb:e8:d3:70:7b:7a:aa:59:1f:4d:71:
                    9c:5c:1c:aa:45:6b:e1:b1:4e:de:be:36:ab:02:bc:
                    51:af:cd:a9:34:8d:4e:3d:4c:17:c7:8f:15:e9:7d:
                    06:76:32:d6:95:e7:f4:a5:44:2c:53:03:a0:73:26:
                    87:86:7d:ef:9b:45:57:31:5a:c2:ac:26:6d:17:ca:
                    db:83:e9:cd:35:6d:88:e2:69:b1:22:63:c1:8c:1a:
                    6a:89:e4:45:46:8a:7c:7f:c5:77:47:60:03:56:f1:
                    97:52:93:4c:33:2a:ee:d6:34:54:42:fe:6a:a1:7b:
                    fa:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:37:6E:92:E5:5C:37:1A:88:0D:13:9F:29:27:9E:62:9C:08:9D:06
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/863b1d35-6e44-49bf-821c-64a6e5812d58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:8b:46:09:54:e2:d9:8d:84:71:75:4a:11:65:e6:f5:47:b2:
         0d:1c:8d:b8:ff:d2:26:8c:2b:42:b4:1f:61:81:bf:e5:31:8c:
         2b:13:dd:6b:27:5f:82:9d:14:00:5a:d2:20:e4:3a:ca:9d:5a:
         29:05:49:b1:ed:bd:58:6e:91:8b:e1:46:32:f2:ab:72:85:ff:
         c1:45:55:1a:80:e3:ad:86:ef:10:b0:34:98:c7:32:5b:4e:91:
         dc:ae:9b:6b:62:9b:38:35:13:9f:76:2b:85:6e:25:06:95:2f:
         6d:69:92:ef:5c:d4:f1:51:99:73:49:5f:b1:ba:19:84:61:7b:
         46:14:08:1c:74:ef:2e:49:2c:3f:18:fe:29:b7:6d:32:c2:50:
         2e:c1:15:db:cf:6a:e4:0c:f0:46:9b:44:09:8e:d0:46:dc:f1:
         48:cd:6e:37:13:ae:56:c8:49:97:55:6f:75:8b:f9:fc:6d:0a:
         5b:fb:2e:e4:7b:f1:6e:0b:bb:ac:4e:0d:03:c2:13:74:ae:a4:
         13:3b:2d:ec:b5:5e:72:08:2a:ec:06:ff:7b:28:05:11:b9:d7:
         19:3d:8d:38:ce:c8:26:4d:89:6b:91:11:ef:0d:b0:50:f5:df:
         c0:b8:bd:e9:21:ff:b6:c5:e5:4e:0d:e7:fb:dc:eb:f8:00:dc:
         82:cc:1f:ed
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUAMB2EvP4rO2FdOBdpK+z+aioljgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDMxNjAwMDAwMFoX
DTI0MDQyMDIzNTk1OVowejFJMEcGA1UEBRNAY2M0YTk3YmZmZTRkZWZkNjllYjNk
MzA2YTZjYTVkZjI0NjgzZGZlMzZhNTRmMDQ4ZmZmZmNmZGI3YTliYjEyYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0M99NdEoStVgo9EvDHUYcRugJXY6
xhnMzXWsx+uFfTTbLrjcfuzZsja1o1ygskRYSKCCWfDCR8VQnGuTe1XdDLVoYMiS
vGb/xT1VLonjsXm8Ednkc/Q7icpEgLQ68xW/8oa5JfnLk0QXG7yMFWxuNV0l4gDh
z23UWfp9d2An2umCTIkxPH2tLfds6+jTcHt6qlkfTXGcXByqRWvhsU7evjarArxR
r82pNI1OPUwXx48V6X0GdjLWlef0pUQsUwOgcyaHhn3vm0VXMVrCrCZtF8rbg+nN
NW2I4mmxImPBjBpqieRFRop8f8V3R2ADVvGXUpNMMyru1jRUQv5qoXv67QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMk3bpLlXDcaiA0TnyknnmKcCJ0GMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2M2IxZDM1LTZlNDQtNDliZi04MjFjLTY0YTZlNTgxMmQ1OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+7AwDQYJKoZIhvcNAQELBQADggEBAIeLRglU4tmNhHF1ShFl
5vVHsg0cjbj/0iaMK0K0H2GBv+UxjCsT3WsnX4KdFABa0iDkOsqdWikFSbHtvVhu
kYvhRjLyq3KF/8FFVRqA462G7xCwNJjHMltOkdyum2timzg1E592K4VuJQaVL21p
ku9c1PFRmXNJX7G6GYRhe0YUCBx07y5JLD8Y/im3bTLCUC7BFdvPauQM8EabRAmO
0Ebc8UjNbjcTrlbISZdVb3WL+fxtClv7LuR78W4Lu6xODQPCE3SupBM7Ley1XnII
KuwG/3soBRG51xk9jTjOyCZNiWuREe8NsFD138C4vekh/7bF5U4N5/vc6/gA3ILM
H+0=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:36:31 2024 by rpki-client on console-fra.rpki-client.org