Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
File:                     86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa (raw, json)
Hash identifier:          QLBtpIjL3Wo4jjt4zTlR7vev5TSq0Wed57kZfInaD+E=
Subject key identifier:   DA:CC:3D:47:F3:D3:50:98:B6:C7:EC:D9:63:FB:DB:EB:36:FD:CF:9E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0BC58D45E4E5588FBD9F3366235E3DE48797EE5F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:c5:8d:45:e4:e5:58:8f:bd:9f:33:66:23:5e:3d:e4:87:97:ee:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=40b9821d3962a38025c0ec899fe7382b10b51f90a522dfdc918141a699cf5028, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:51:2e:be:3f:bb:aa:98:d3:21:cc:60:59:44:
                    41:79:44:e5:56:3c:de:fc:2d:b6:32:ba:bb:97:7e:
                    83:96:a2:ed:a5:d3:f3:41:07:37:64:33:0c:a5:d3:
                    3c:fd:7c:59:ab:16:bf:aa:f9:a4:51:2d:4e:9a:0c:
                    34:f1:c2:53:ee:5b:b0:b3:69:82:04:bb:f5:82:1c:
                    9d:92:d2:da:55:43:d6:69:24:c5:52:8a:b7:3c:32:
                    c7:52:e9:cf:78:ca:d2:89:c4:74:7b:8f:24:b4:67:
                    05:14:04:15:10:0d:88:7d:b2:27:95:b2:a6:5a:81:
                    e9:5b:3e:f9:5e:20:8f:52:1f:d5:7d:6f:46:50:36:
                    de:da:86:56:e8:c8:27:c3:2f:c1:c7:a7:a0:4b:fa:
                    21:ee:7c:38:b8:b5:75:1f:e9:a7:41:03:c2:ed:05:
                    04:04:a1:9e:5a:fe:2a:d8:2a:bc:4e:43:55:50:87:
                    51:fc:05:c0:85:5e:22:22:02:27:c2:d4:4e:37:4b:
                    76:93:47:aa:a8:4f:9c:19:de:fb:9f:7b:31:a1:25:
                    ca:fd:bd:d7:17:2d:94:dc:94:ab:23:f3:73:50:9a:
                    c0:df:8c:39:61:d8:46:a7:e7:51:94:9b:7d:90:e0:
                    27:86:b8:7c:f0:8d:d9:9e:dd:37:83:c4:d9:f5:c9:
                    ee:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CC:3D:47:F3:D3:50:98:B6:C7:EC:D9:63:FB:DB:EB:36:FD:CF:9E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:b7:79:06:f8:08:34:98:67:50:b3:dd:64:ad:46:08:b2:61:
         41:8b:00:ef:8f:10:81:08:eb:7c:19:b7:2e:5d:c2:1b:7c:f0:
         6f:70:01:33:7e:19:ff:ff:33:b8:d9:e0:05:62:5d:98:92:02:
         7f:c2:b1:ef:18:7e:7a:62:e9:c7:3e:06:31:9b:cd:96:6e:4f:
         11:c9:b8:36:90:c7:87:c9:7e:f3:5f:8d:1d:be:35:1c:e3:93:
         29:c7:cf:09:83:6f:69:2a:6b:1a:d3:f8:b8:b9:c2:2e:d0:d1:
         3a:99:19:31:e8:54:35:9f:e0:96:04:f4:01:be:19:9b:f9:30:
         ca:a6:cf:8e:ea:06:ad:76:42:b9:36:e1:77:b3:3c:0a:bc:ab:
         2d:26:5a:9b:fc:55:49:31:27:2f:e4:38:26:04:fb:5e:f3:fe:
         e9:f4:09:ac:e9:97:43:d6:d3:f5:b7:10:3d:85:56:79:1c:e8:
         b9:a7:2f:03:2e:28:c4:f4:31:ec:6c:41:23:b9:0e:fb:0b:2b:
         9c:19:19:d6:4c:d2:da:f4:28:a4:a0:04:73:14:03:a3:58:f2:
         c9:bc:17:12:94:86:39:86:d8:f5:ff:b6:67:84:79:cf:b7:a5:
         4d:1d:9a:cf:3e:bf:51:bf:14:d6:52:95:38:9a:a3:cb:70:c2:
         8a:f0:30:05
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUC8WNReTlWI+9nzNmI1495IeX7l8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNANDBiOTgyMWQzOTYyYTM4MDI1YzBl
Yzg5OWZlNzM4MmIxMGI1MWY5MGE1MjJkZmRjOTE4MTQxYTY5OWNmNTAyODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lEuvj+7qpjTIcxgWURBeUTlVjze
/C22Mrq7l36DlqLtpdPzQQc3ZDMMpdM8/XxZqxa/qvmkUS1Omgw08cJT7luws2mC
BLv1ghydktLaVUPWaSTFUoq3PDLHUunPeMrSicR0e48ktGcFFAQVEA2IfbInlbKm
WoHpWz75XiCPUh/VfW9GUDbe2oZW6Mgnwy/Bx6egS/oh7nw4uLV1H+mnQQPC7QUE
BKGeWv4q2Cq8TkNVUIdR/AXAhV4iIgInwtRON0t2k0eqqE+cGd77n3sxoSXK/b3X
Fy2U3JSrI/NzUJrA34w5YdhGp+dRlJt9kOAnhrh88I3Znt03g8TZ9cnuNQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNrMPUfz01CYtsfs2WP72+s2/c+eMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2YzA4YjM5LTVhNDktNGVlOS1iYWFkLWE5M2U4NmQ2MmIwYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8fAwDQYJKoZIhvcNAQELBQADggEBAHa3eQb4CDSYZ1Cz3WSt
RgiyYUGLAO+PEIEI63wZty5dwht88G9wATN+Gf//M7jZ4AViXZiSAn/Cse8Yfnpi
6cc+BjGbzZZuTxHJuDaQx4fJfvNfjR2+NRzjkynHzwmDb2kqaxrT+Li5wi7Q0TqZ
GTHoVDWf4JYE9AG+GZv5MMqmz47qBq12Qrk24XezPAq8qy0mWpv8VUkxJy/kOCYE
+17z/un0Cazpl0PW0/W3ED2FVnkc6LmnLwMuKMT0MexsQSO5DvsLK5wZGdZM0tr0
KKSgBHMUA6NY8sm8FxKUhjmG2PX/tmeEec+3pU0dms8+v1G/FNZSlTiao8twworw
MAU=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:45 2023 by rpki-client on console-fra.rpki-client.org