Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
File:                     86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa (raw, json)
Hash identifier:          bgIKvLlI1uWRL2wucRBP+kD5eTlMDCKju1UypXU/fnY=
Subject key identifier:   36:98:5D:E9:32:55:66:A6:BA:6C:45:0E:B7:59:2A:70:B6:7E:EF:CD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6E6DC5C137AD2BB251416921FB786F69D117CC6F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:6d:c5:c1:37:ad:2b:b2:51:41:69:21:fb:78:6f:69:d1:17:cc:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=b9c416bb57445805eb14d949237e94820acf9b62281162cbe919b42c981d2d7f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:38:c3:cd:17:b4:0c:09:38:2e:f5:d2:ad:ed:
                    f7:b1:c0:ec:8e:14:8d:26:df:59:e5:21:30:36:f7:
                    2d:c9:3c:eb:74:57:e5:f9:1c:bc:2e:0c:1e:91:e3:
                    2b:91:50:12:72:20:40:1d:1d:a0:b5:da:25:f6:54:
                    9f:52:e8:51:41:6f:88:79:2c:ec:2e:fb:64:d7:b4:
                    12:fd:b5:69:48:7a:82:bc:ca:7a:06:a6:df:48:a1:
                    65:83:02:9c:71:44:e8:db:db:dd:d1:17:65:42:81:
                    c2:f6:58:2d:e1:c8:78:81:03:89:6f:82:98:c1:3b:
                    e1:59:7e:e1:bc:10:b4:fb:48:8b:c9:64:08:d0:be:
                    bc:26:57:b5:fe:3e:8d:f5:22:98:e4:0a:fc:ce:e1:
                    33:0d:8d:24:75:c5:c6:f9:92:a6:cf:3c:04:3e:08:
                    c7:d5:e6:ee:d6:4b:3e:d5:f4:21:6a:10:1b:32:c2:
                    39:53:4e:51:f3:db:30:97:64:46:c2:29:d4:be:e3:
                    17:f7:80:23:63:6b:71:08:c7:64:93:e2:ae:7c:b3:
                    4d:41:99:45:95:17:dc:b8:e6:87:45:c8:1e:44:ef:
                    78:57:ff:40:e3:83:0c:38:37:19:29:8a:87:0a:54:
                    aa:af:0a:d5:60:d5:f1:28:7b:df:69:0b:0d:73:d2:
                    ba:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:98:5D:E9:32:55:66:A6:BA:6C:45:0E:B7:59:2A:70:B6:7E:EF:CD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         44:31:91:8a:37:9c:6b:36:12:4e:e1:7b:ca:9f:03:0a:a3:46:
         5d:ff:d2:3e:85:cf:52:c9:a9:00:b4:0a:a0:e9:15:80:ee:2f:
         86:8d:0a:34:f6:db:8c:41:35:f3:78:0c:42:82:55:28:32:8d:
         fd:7f:22:d2:d3:41:85:db:41:66:85:19:37:46:40:88:3a:3d:
         43:65:e8:d7:14:ad:b9:3c:0b:20:38:11:ba:f0:20:3e:0d:da:
         e6:3f:d7:92:20:e9:6f:19:f5:c7:c7:f1:36:fa:9e:32:d0:99:
         4c:46:04:22:de:66:9b:ea:ee:3e:61:12:c3:8b:f2:b9:2d:d6:
         a9:63:d1:28:13:57:f6:41:98:bb:bf:70:06:87:4b:b4:c4:05:
         74:f6:d1:bd:9b:58:cf:66:1a:6e:39:2f:04:45:1c:db:c0:5f:
         e3:b6:c9:38:d8:fc:44:41:2b:a4:75:fd:f3:c4:f9:95:14:68:
         bc:08:5c:7b:f6:99:09:70:0d:fa:e1:6f:ed:35:5b:39:c0:f8:
         d5:0f:41:93:ff:c5:2a:95:02:40:75:84:5e:62:8d:b5:31:ff:
         1e:c6:3b:c3:fa:65:e7:f5:1d:33:cd:ad:c8:30:be:bb:49:33:
         a1:75:3a:de:15:3d:c1:1a:57:71:90:e1:16:e8:6c:9c:0e:85:
         a1:d5:d0:f5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbm3FwTetK7JRQWkh+3hvadEXzG8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAYjljNDE2YmI1NzQ0NTgwNWViMTRk
OTQ5MjM3ZTk0ODIwYWNmOWI2MjI4MTE2MmNiZTkxOWI0MmM5ODFkMmQ3ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTjDzRe0DAk4LvXSre33scDsjhSN
Jt9Z5SEwNvctyTzrdFfl+Ry8LgwekeMrkVASciBAHR2gtdol9lSfUuhRQW+IeSzs
Lvtk17QS/bVpSHqCvMp6BqbfSKFlgwKccUTo29vd0RdlQoHC9lgt4ch4gQOJb4KY
wTvhWX7hvBC0+0iLyWQI0L68Jle1/j6N9SKY5Ar8zuEzDY0kdcXG+ZKmzzwEPgjH
1ebu1ks+1fQhahAbMsI5U05R89swl2RGwinUvuMX94AjY2txCMdkk+KufLNNQZlF
lRfcuOaHRcgeRO94V/9A44MMODcZKYqHClSqrwrVYNXxKHvfaQsNc9K6YwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDaYXekyVWamumxFDrdZKnC2fu/NMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2YzA4YjM5LTVhNDktNGVlOS1iYWFkLWE5M2U4NmQ2MmIwYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8fAwDQYJKoZIhvcNAQELBQADggEBAEQxkYo3nGs2Ek7he8qf
AwqjRl3/0j6Fz1LJqQC0CqDpFYDuL4aNCjT224xBNfN4DEKCVSgyjf1/ItLTQYXb
QWaFGTdGQIg6PUNl6NcUrbk8CyA4EbrwID4N2uY/15Ig6W8Z9cfH8Tb6njLQmUxG
BCLeZpvq7j5hEsOL8rkt1qlj0SgTV/ZBmLu/cAaHS7TEBXT20b2bWM9mGm45LwRF
HNvAX+O2yTjY/ERBK6R1/fPE+ZUUaLwIXHv2mQlwDfrhb+01WznA+NUPQZP/xSqV
AkB1hF5ijbUx/x7GO8P6Zef1HTPNrcgwvrtJM6F1Ot4VPcEaV3GQ4RbobJwOhaHV
0PU=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:22:46 2024 by rpki-client on console-fra.rpki-client.org