Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/863b1d35-6e44-49bf-821c-64a6e5812d58.roa
File:                     863b1d35-6e44-49bf-821c-64a6e5812d58.roa (raw, json)
Hash identifier:          q28TUboighAEt6ZeIQ9tkZh6jKXqeqEtViCgL9+tLfg=
Subject key identifier:   01:FD:C1:BD:B0:C4:A2:A6:A1:16:39:D8:2C:42:07:4D:A6:AA:07:DF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       329A07ABAA5A219FFB07575AF19C1D5ADE4589DB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/863b1d35-6e44-49bf-821c-64a6e5812d58.roa
Signing time:             Mon 09 Sep 2024 00:00:00 +0000
ROA not before:           Mon 09 Sep 2024 00:00:00 +0000
ROA not after:            Mon 14 Oct 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 18 Sep 2024 15:54:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:9a:07:ab:aa:5a:21:9f:fb:07:57:5a:f1:9c:1d:5a:de:45:89:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep  9 00:00:00 2024 GMT
            Not After : Oct 14 23:59:59 2024 GMT
        Subject: serialNumber=0f3f518e7a73ea37791ee0a07432f2784026eafeef3c2510aa24098ea1422a6e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3e:30:d8:c8:80:4c:97:96:d6:b7:b8:8b:f0:
                    1d:3b:19:92:98:3c:bc:7f:15:eb:15:3f:bb:ce:31:
                    78:20:7e:1b:b4:3e:97:99:21:c2:0f:c2:da:63:da:
                    7b:61:14:1f:53:17:05:9b:66:d7:a5:fa:ae:a5:1e:
                    ba:cf:a2:89:3a:3e:dc:6a:c6:1c:de:e1:0e:cf:07:
                    a8:54:95:8b:07:f9:d7:7b:63:69:ce:0a:9b:98:57:
                    53:4d:4d:11:4a:6c:5d:62:ba:43:4d:8a:47:03:59:
                    18:e8:03:66:d8:e3:6f:cb:58:8c:a7:a1:4c:2f:9b:
                    64:f4:1a:de:20:8a:e0:ca:1f:d1:71:e6:b9:5f:cf:
                    c7:f9:8b:8d:1c:73:a3:74:f6:5f:c6:f9:51:a4:dc:
                    96:bc:62:61:07:74:77:6a:8a:f1:89:eb:31:05:48:
                    b3:9d:41:cb:98:96:d6:b8:2e:3a:78:34:9e:04:c5:
                    f9:ee:9f:83:5a:20:3c:d9:ff:26:f4:4d:d2:c5:db:
                    64:c8:a0:c5:9a:22:d7:e8:b2:95:a9:b7:b7:d8:5c:
                    15:8d:7a:b4:81:a6:11:26:a5:3a:0f:13:48:cf:9d:
                    f8:b4:f5:12:4b:73:d2:82:fd:b1:43:f9:e3:0b:61:
                    12:75:5f:f6:73:96:b2:65:9b:c7:ea:4c:d4:89:4b:
                    2c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:FD:C1:BD:B0:C4:A2:A6:A1:16:39:D8:2C:42:07:4D:A6:AA:07:DF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/863b1d35-6e44-49bf-821c-64a6e5812d58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:d8:44:27:55:24:68:ac:2e:e1:9d:08:5d:5a:6a:d3:c8:76:
         57:2a:0c:eb:63:43:dc:5b:c3:d0:30:d4:98:5f:4c:f6:d6:ee:
         4b:bb:3f:51:ee:fc:47:52:b4:a0:59:cc:fe:cb:3e:dd:c0:ec:
         c4:4d:fe:d1:65:d8:8e:15:ce:f8:5a:ab:eb:54:eb:ea:ed:f0:
         b2:1f:34:11:b8:ff:39:3a:3a:3e:42:37:6e:cb:2c:67:8b:4c:
         28:05:50:2d:dd:2f:70:7d:c7:06:24:70:41:dc:a0:98:b3:8f:
         7e:dc:36:e3:fe:06:b1:7d:70:8b:e4:d0:a6:ce:10:88:a2:d9:
         96:79:3e:ee:e3:0b:ac:1b:03:ff:fb:22:7b:87:6c:67:7d:47:
         eb:62:04:a8:41:e1:7c:c7:8d:02:1f:ba:ed:15:d2:2a:39:5a:
         68:6e:e2:fd:a6:ed:0a:6e:75:62:c2:0e:d7:05:5b:3a:ba:93:
         71:55:37:2b:a3:a3:e4:45:c9:53:4f:3d:06:d9:84:a0:9e:d7:
         b2:73:7b:33:a0:29:62:12:0f:64:b0:16:26:93:a4:dc:18:55:
         e8:df:c7:5e:37:1f:7a:5e:4b:95:12:23:61:83:4a:5f:a1:37:
         2d:0d:5e:22:48:34:7e:8a:40:3a:8b:b1:c8:50:12:dd:42:68:
         2d:24:ce:d3
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMpoHq6paIZ/7B1da8ZwdWt5FidswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDkwOTAwMDAwMFoX
DTI0MTAxNDIzNTk1OVowejFJMEcGA1UEBRNAMGYzZjUxOGU3YTczZWEzNzc5MWVl
MGEwNzQzMmYyNzg0MDI2ZWFmZWVmM2MyNTEwYWEyNDA5OGVhMTQyMmE2ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz4w2MiATJeW1re4i/AdOxmSmDy8
fxXrFT+7zjF4IH4btD6XmSHCD8LaY9p7YRQfUxcFm2bXpfqupR66z6KJOj7casYc
3uEOzweoVJWLB/nXe2NpzgqbmFdTTU0RSmxdYrpDTYpHA1kY6ANm2ONvy1iMp6FM
L5tk9BreIIrgyh/Rcea5X8/H+YuNHHOjdPZfxvlRpNyWvGJhB3R3aorxiesxBUiz
nUHLmJbWuC46eDSeBMX57p+DWiA82f8m9E3SxdtkyKDFmiLX6LKVqbe32FwVjXq0
gaYRJqU6DxNIz534tPUSS3PSgv2xQ/njC2ESdV/2c5ayZZvH6kzUiUssQwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAH9wb2wxKKmoRY52CxCB02mqgffMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2M2IxZDM1LTZlNDQtNDliZi04MjFjLTY0YTZlNTgxMmQ1OC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+7AwDQYJKoZIhvcNAQELBQADggEBAJ3YRCdVJGisLuGdCF1a
atPIdlcqDOtjQ9xbw9Aw1JhfTPbW7ku7P1Hu/EdStKBZzP7LPt3A7MRN/tFl2I4V
zvhaq+tU6+rt8LIfNBG4/zk6Oj5CN27LLGeLTCgFUC3dL3B9xwYkcEHcoJizj37c
NuP+BrF9cIvk0KbOEIii2ZZ5Pu7jC6wbA//7InuHbGd9R+tiBKhB4XzHjQIfuu0V
0io5Wmhu4v2m7QpudWLCDtcFWzq6k3FVNyujo+RFyVNPPQbZhKCe17JzezOgKWIS
D2SwFiaTpNwYVejfx143H3peS5USI2GDSl+hNy0NXiJINH6KQDqLschQEt1CaC0k
ztM=
-----END CERTIFICATE-----
Generated at Sat Sep 14 17:31:02 2024 by rpki-client on console-fra.rpki-client.org