Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
File:                     86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa (raw, json)
Hash identifier:          v1dOHQc7bAIZ0B2k/rVQlllPsN6ztIMruWe5wh7ixzQ=
Subject key identifier:   8A:09:8A:04:C3:B0:A1:0A:59:94:41:87:7B:1B:6B:4D:C3:FB:F4:D4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4D22C289E93B45C52C5B0862642A0758C0C22653
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa
Signing time:             Tue 12 Mar 2024 00:00:00 +0000
ROA not before:           Tue 12 Mar 2024 00:00:00 +0000
ROA not after:            Tue 16 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:22:c2:89:e9:3b:45:c5:2c:5b:08:62:64:2a:07:58:c0:c2:26:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Apr 16 23:59:59 2024 GMT
        Subject: serialNumber=f5b3d9ef336a6eb9e08bea65f4b000efd0b58996214e404a26aefdc08458dd28, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ad:75:36:06:2a:fb:fd:79:73:fe:96:9e:d0:
                    8e:49:a8:ff:ac:5b:5f:41:91:77:f2:94:2b:d9:90:
                    a5:2c:91:f9:f0:7d:b8:ee:43:cd:5f:24:0c:1b:6b:
                    3c:32:dd:c2:3e:99:d6:ff:f9:95:b5:f1:20:29:69:
                    f6:fd:e5:1e:1c:03:ff:e3:d1:b6:31:6f:c4:43:e9:
                    14:89:53:d2:17:a5:8f:51:ca:c3:e3:39:64:5e:30:
                    96:d9:66:5a:88:fe:ea:7a:c6:60:b3:ca:60:02:29:
                    9c:ee:4d:d8:84:0e:46:9c:1d:3c:a2:e6:db:8f:2b:
                    48:a0:e6:8a:dc:87:17:03:0e:f6:64:7d:51:3f:d5:
                    83:82:17:6e:aa:11:3a:2e:ac:84:55:9a:77:1d:bc:
                    4f:9e:4b:72:2f:9d:e6:2f:2f:29:75:b4:a0:95:93:
                    26:ec:cd:ef:4d:fc:63:a7:e8:04:fd:48:b9:96:a2:
                    f0:44:dc:1d:a6:b4:0c:3c:03:49:d1:a8:a8:1c:33:
                    f1:f4:c2:01:70:fd:53:88:a9:8c:8a:72:55:55:74:
                    ed:e1:37:3a:75:03:4d:ac:b6:6c:77:d2:78:c8:98:
                    37:3c:8b:d8:0f:bf:a4:ba:d7:eb:56:d8:8d:40:a3:
                    cb:d5:01:22:61:d4:40:e6:cf:61:0e:cf:64:75:5f:
                    4e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:09:8A:04:C3:B0:A1:0A:59:94:41:87:7B:1B:6B:4D:C3:FB:F4:D4
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86c08b39-5a49-4ee9-baad-a93e86d62b0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2f:e0:0b:44:ff:92:f4:78:86:47:25:16:7f:4b:7e:46:7a:30:
         d7:8c:92:bd:3e:67:06:c2:e1:b2:bc:76:70:8a:cd:ee:cd:d0:
         15:dc:59:b3:d9:5c:9a:77:67:d2:ce:6a:1c:0a:20:4a:e1:fb:
         65:97:8b:ba:75:5c:cf:d0:03:7c:a0:86:ce:b8:cb:7c:d6:37:
         ae:b5:2e:31:df:12:6d:7c:77:b8:e6:c8:00:60:df:54:5c:48:
         d9:83:64:c4:dc:3f:5e:6b:07:9f:cb:46:1a:e5:98:26:ee:04:
         78:a1:ae:71:b2:a3:0c:27:00:bc:e9:bf:b8:1a:89:ae:ab:e8:
         e0:f1:d1:d3:58:2c:e9:ac:03:d6:99:9f:f6:35:1c:08:0c:48:
         4a:71:26:ce:5f:9e:8c:6d:b9:6c:95:61:28:dd:98:0b:49:99:
         77:26:ad:0b:0d:2a:b7:3a:01:5d:c3:56:b3:04:92:49:d2:b0:
         dc:0e:91:f9:3f:eb:46:98:ad:c8:42:8e:6d:45:f5:24:10:7e:
         85:5a:5d:09:15:dd:b6:14:35:ee:a0:ca:c2:92:fc:56:74:91:
         4a:94:69:ee:b5:f9:60:c6:87:80:45:ba:1e:ef:87:99:ba:3a:
         2b:94:07:02:5a:48:57:82:52:b3:1e:64:f8:3d:e1:a2:aa:23:
         3a:84:a8:8d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTSLCiek7RcUsWwhiZCoHWMDCJlMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDMxMjAwMDAwMFoX
DTI0MDQxNjIzNTk1OVowejFJMEcGA1UEBRNAZjViM2Q5ZWYzMzZhNmViOWUwOGJl
YTY1ZjRiMDAwZWZkMGI1ODk5NjIxNGU0MDRhMjZhZWZkYzA4NDU4ZGQyODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoa11NgYq+/15c/6WntCOSaj/rFtf
QZF38pQr2ZClLJH58H247kPNXyQMG2s8Mt3CPpnW//mVtfEgKWn2/eUeHAP/49G2
MW/EQ+kUiVPSF6WPUcrD4zlkXjCW2WZaiP7qesZgs8pgAimc7k3YhA5GnB08oubb
jytIoOaK3IcXAw72ZH1RP9WDghduqhE6LqyEVZp3HbxPnktyL53mLy8pdbSglZMm
7M3vTfxjp+gE/Ui5lqLwRNwdprQMPANJ0aioHDPx9MIBcP1TiKmMinJVVXTt4Tc6
dQNNrLZsd9J4yJg3PIvYD7+kutfrVtiNQKPL1QEiYdRA5s9hDs9kdV9OeQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIoJigTDsKEKWZRBh3sba03D+/TUMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2YzA4YjM5LTVhNDktNGVlOS1iYWFkLWE5M2U4NmQ2MmIwYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8fAwDQYJKoZIhvcNAQELBQADggEBAC/gC0T/kvR4hkclFn9L
fkZ6MNeMkr0+ZwbC4bK8dnCKze7N0BXcWbPZXJp3Z9LOahwKIErh+2WXi7p1XM/Q
A3yghs64y3zWN661LjHfEm18d7jmyABg31RcSNmDZMTcP15rB5/LRhrlmCbuBHih
rnGyowwnALzpv7gaia6r6ODx0dNYLOmsA9aZn/Y1HAgMSEpxJs5fnoxtuWyVYSjd
mAtJmXcmrQsNKrc6AV3DVrMEkknSsNwOkfk/60aYrchCjm1F9SQQfoVaXQkV3bYU
Ne6gysKS/FZ0kUqUae61+WDGh4BFuh7vh5m6OiuUBwJaSFeCUrMeZPg94aKqIzqE
qI0=
-----END CERTIFICATE-----
Generated at Thu Mar 28 00:59:36 2024 by rpki-client on console-fra.rpki-client.org