Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e24ca53-b855-4655-a239-6bd059a83f61.roa
File:                     8e24ca53-b855-4655-a239-6bd059a83f61.roa (raw, json)
Hash identifier:          wY1ZWVXTe0i92bA6vpFi7Q4QqrenMZBrksKoOWYljlQ=
Subject key identifier:   5A:B3:F6:75:AC:F0:58:D0:5F:2D:DB:4A:73:26:7B:74:2B:7A:3D:FF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       43751E2B7A0C4AFCC9CDB9800C7AD934BD4BEA47
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e24ca53-b855-4655-a239-6bd059a83f61.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 00:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:75:1e:2b:7a:0c:4a:fc:c9:cd:b9:80:0c:7a:d9:34:bd:4b:ea:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=f65fd0d61388ab381269c390a5c52af010aa61a1201b2c39c671174cc1499043, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e3:e0:ce:ef:54:6c:51:12:bb:f7:31:90:d7:
                    75:6a:d7:a3:8f:5a:4f:eb:21:03:61:82:0e:45:b7:
                    b9:b0:a7:39:ad:11:b5:af:fd:e3:39:3c:6f:92:32:
                    d1:1a:bf:63:eb:1a:b9:39:1d:f7:0f:52:f3:02:35:
                    9a:d7:ea:c3:00:3b:04:32:ee:31:8d:04:32:7d:21:
                    d5:12:84:ac:fe:3f:4a:1b:ec:0d:73:9b:18:5a:5a:
                    fb:f0:c9:cb:57:6e:fc:2a:96:54:f6:c9:2d:5f:75:
                    55:e4:bb:ed:28:9e:c6:33:9d:59:64:22:f0:e7:7e:
                    60:a7:d0:84:33:c5:bb:66:e1:74:7e:d7:4f:10:e3:
                    3a:8b:16:e4:cf:0d:7d:26:b7:65:57:66:46:08:f1:
                    32:59:2a:de:79:a4:a4:13:3a:6c:60:e6:be:f1:2d:
                    6c:6d:ec:59:bb:b9:b2:16:6c:14:46:5b:32:eb:27:
                    c4:91:78:06:a9:eb:cd:89:a1:99:a5:28:2d:ee:cc:
                    0d:fc:c6:6d:5f:32:98:ae:7f:a4:31:35:f5:b3:66:
                    c2:29:69:44:ba:3d:46:5f:fc:79:6e:eb:bd:94:13:
                    a0:a0:86:77:fb:4a:4e:bc:2f:30:3a:32:6c:de:2e:
                    a0:31:a3:bf:36:dc:5c:39:bc:72:48:3c:96:42:4a:
                    c1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:B3:F6:75:AC:F0:58:D0:5F:2D:DB:4A:73:26:7B:74:2B:7A:3D:FF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e24ca53-b855-4655-a239-6bd059a83f61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2f:3f:9b:10:d4:60:2f:82:18:b4:9b:14:23:b3:9c:b3:8b:6e:
         07:a4:2b:33:47:c3:7d:52:64:82:89:c4:64:83:46:6d:45:8b:
         d1:da:ca:8e:a8:87:cf:05:ba:14:b2:fe:47:f9:ce:29:04:59:
         58:18:88:7e:b1:2a:7f:de:d7:48:84:ba:1b:23:1e:a3:75:dd:
         1a:dc:8a:95:38:0d:05:48:88:24:93:5a:fd:ee:91:91:1d:7b:
         65:d9:eb:cf:54:00:af:21:d0:d7:4a:11:7e:58:a7:e3:93:87:
         f8:3f:1d:08:1b:34:b3:4e:08:ac:99:d0:56:be:7c:39:92:3e:
         61:22:85:06:c6:f0:89:1b:d1:b4:66:5a:03:12:28:fd:4f:8a:
         76:9a:7c:f9:f4:3f:ed:c4:84:e4:d2:fd:dd:12:d1:55:47:6d:
         0e:a9:64:b9:0a:08:5f:85:4a:63:4a:43:88:ec:64:0c:94:27:
         d9:12:20:4c:c7:4f:39:54:19:dd:26:b9:b1:ca:e2:c2:c4:86:
         7c:0c:45:f7:92:c4:ce:16:84:08:a3:84:5f:29:7f:34:ef:47:
         96:b5:70:c2:9c:5e:43:76:cf:5b:6b:ba:95:99:02:4d:ae:f9:
         7c:fb:4e:85:e9:22:ea:37:b2:42:df:c5:50:c1:e4:1c:99:7f:
         eb:e9:84:2a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQ3UeK3oMSvzJzbmADHrZNL1L6kcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAZjY1ZmQwZDYxMzg4YWIzODEyNjlj
MzkwYTVjNTJhZjAxMGFhNjFhMTIwMWIyYzM5YzY3MTE3NGNjMTQ5OTA0MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuPgzu9UbFESu/cxkNd1atejj1pP
6yEDYYIORbe5sKc5rRG1r/3jOTxvkjLRGr9j6xq5OR33D1LzAjWa1+rDADsEMu4x
jQQyfSHVEoSs/j9KG+wNc5sYWlr78MnLV278KpZU9sktX3VV5LvtKJ7GM51ZZCLw
535gp9CEM8W7ZuF0ftdPEOM6ixbkzw19JrdlV2ZGCPEyWSreeaSkEzpsYOa+8S1s
bexZu7myFmwURlsy6yfEkXgGqevNiaGZpSgt7swN/MZtXzKYrn+kMTX1s2bCKWlE
uj1GX/x5buu9lBOgoIZ3+0pOvC8wOjJs3i6gMaO/NtxcObxySDyWQkrBKwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFqz9nWs8FjQXy3bSnMme3Qrej3/MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhlMjRjYTUzLWI4NTUtNDY1NS1hMjM5LTZiZDA1OWE4M2Y2MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9GAwDQYJKoZIhvcNAQELBQADggEBAC8/mxDUYC+CGLSbFCOz
nLOLbgekKzNHw31SZIKJxGSDRm1Fi9Hayo6oh88FuhSy/kf5zikEWVgYiH6xKn/e
10iEuhsjHqN13RrcipU4DQVIiCSTWv3ukZEde2XZ689UAK8h0NdKEX5Yp+OTh/g/
HQgbNLNOCKyZ0Fa+fDmSPmEihQbG8Ikb0bRmWgMSKP1PinaafPn0P+3EhOTS/d0S
0VVHbQ6pZLkKCF+FSmNKQ4jsZAyUJ9kSIEzHTzlUGd0mubHK4sLEhnwMRfeSxM4W
hAijhF8pfzTvR5a1cMKcXkN2z1trupWZAk2u+Xz7ToXpIuo3skLfxVDB5ByZf+vp
hCo=
-----END CERTIFICATE-----
Generated at Thu Jun 20 01:11:16 2024 by rpki-client on console-fra.rpki-client.org