Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8f3d290f-ba07-44ec-8836-8683ef177077.roa
File:                     8f3d290f-ba07-44ec-8836-8683ef177077.roa (raw, json)
Hash identifier:          6dIqHxwaZhdMS/MT374LAGZX4YNAgdBDcWji4Noci08=
Subject key identifier:   79:AC:7B:20:EF:D5:C1:AF:F5:FA:19:A5:48:AA:55:FB:2D:B8:64:70
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5EFFA512C6604CCC064DD3A5E8A92075CDD71359
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8f3d290f-ba07-44ec-8836-8683ef177077.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ff:a5:12:c6:60:4c:cc:06:4d:d3:a5:e8:a9:20:75:cd:d7:13:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=1e02e26542cfb764262d221f7a2883c04eb55ace8a8ae0a6d8a7f9c7590a33d3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:16:4a:5d:5c:8d:3f:c2:79:65:87:d7:e7:cc:
                    f8:44:fc:9e:ac:d8:57:1f:07:9a:36:ff:c2:cb:74:
                    ce:1a:d0:e9:98:a5:5b:a4:82:cc:65:8e:68:eb:42:
                    87:94:d6:e9:fe:a5:f4:56:7c:2f:60:ab:e1:3c:ff:
                    b8:9d:b6:cb:ad:28:3b:aa:30:7d:0e:20:d9:f7:29:
                    bb:44:fa:90:a8:8d:f0:08:0c:9f:e9:78:c5:91:71:
                    75:fd:0c:e9:04:66:f4:ad:2d:2e:5a:a0:42:76:bd:
                    a5:c6:18:4d:7f:09:fd:e8:f2:94:f7:83:a4:67:39:
                    50:09:89:5a:b3:82:b7:6a:02:f1:23:76:07:50:51:
                    6c:9d:b0:be:1e:5e:49:a4:a9:8d:67:a7:00:72:4f:
                    07:0b:0b:f9:6d:a0:d9:a5:46:23:4a:57:41:37:78:
                    8a:3d:7d:f6:b0:ea:50:c5:ef:70:f6:ee:c0:9b:a9:
                    a0:94:91:17:92:77:0f:49:18:7d:5e:b4:a7:3e:c7:
                    ff:1b:ce:09:a2:a2:24:a1:64:14:f6:4f:36:5b:57:
                    8f:a2:39:3f:c7:26:8b:16:f0:a7:c7:dd:13:1b:4a:
                    76:5e:94:2f:0b:78:81:04:1a:2b:53:e5:a7:7f:bf:
                    1d:bb:6a:5c:31:67:18:34:80:cb:0d:f6:b8:74:82:
                    ca:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AC:7B:20:EF:D5:C1:AF:F5:FA:19:A5:48:AA:55:FB:2D:B8:64:70
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8f3d290f-ba07-44ec-8836-8683ef177077.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c9:6e:b5:d4:cc:5b:c7:fe:d0:8e:72:41:cd:28:bc:a5:d4:44:
         01:8b:03:22:20:d9:23:e8:01:53:5e:47:07:6e:5c:81:4a:85:
         c6:f5:f1:28:a0:0d:d0:60:e2:3a:e2:d5:d5:1f:0b:63:0e:92:
         1c:0b:7b:2a:66:3e:ad:d1:a8:7d:ae:5e:1c:0e:b8:06:06:b4:
         f7:c9:41:5a:c5:de:21:f5:5f:94:2a:92:3e:9c:1b:92:f3:80:
         fc:87:d1:01:9e:06:f8:a3:b6:80:d4:b2:60:c9:44:a1:d0:c9:
         5c:d6:cc:46:b9:dd:09:a2:9d:ac:60:3c:17:a5:47:82:bf:ab:
         82:b7:07:9c:bb:04:18:30:05:5b:fc:8e:a2:8c:d0:22:51:db:
         a4:d0:74:a1:6f:08:91:4e:af:af:c6:37:38:4a:b8:f8:33:dc:
         45:29:2f:41:23:a8:ea:24:07:9f:ae:66:68:fc:a6:79:6b:e4:
         af:1e:1e:ef:50:96:d6:10:1e:ad:ea:68:d0:e5:e2:7c:07:21:
         28:13:87:0b:45:76:19:2d:fd:36:4f:a6:0f:52:36:45:1f:5b:
         f2:a3:a5:75:bc:b0:b8:30:2f:89:f4:85:df:e7:9c:d7:bc:f1:
         43:a9:18:eb:7b:c1:9b:ab:a3:52:09:33:75:ad:f5:34:4f:a1:
         46:20:3f:28
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUXv+lEsZgTMwGTdOl6Kkgdc3XE1kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAMWUwMmUyNjU0MmNmYjc2NDI2MmQy
MjFmN2EyODgzYzA0ZWI1NWFjZThhOGFlMGE2ZDhhN2Y5Yzc1OTBhMzNkMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BZKXVyNP8J5ZYfX58z4RPyerNhX
HweaNv/Cy3TOGtDpmKVbpILMZY5o60KHlNbp/qX0VnwvYKvhPP+4nbbLrSg7qjB9
DiDZ9ym7RPqQqI3wCAyf6XjFkXF1/QzpBGb0rS0uWqBCdr2lxhhNfwn96PKU94Ok
ZzlQCYlas4K3agLxI3YHUFFsnbC+Hl5JpKmNZ6cAck8HCwv5baDZpUYjSldBN3iK
PX32sOpQxe9w9u7Am6mglJEXkncPSRh9XrSnPsf/G84JoqIkoWQU9k82W1ePojk/
xyaLFvCnx90TG0p2XpQvC3iBBBorU+Wnf78du2pcMWcYNIDLDfa4dILKNQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHmseyDv1cGv9foZpUiqVfstuGRwMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhmM2QyOTBmLWJhMDctNDRlYy04ODM2LTg2ODNlZjE3NzA3Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaueAwDQYJKoZIhvcNAQELBQADggEBAMlutdTMW8f+0I5yQc0o
vKXURAGLAyIg2SPoAVNeRwduXIFKhcb18SigDdBg4jri1dUfC2MOkhwLeypmPq3R
qH2uXhwOuAYGtPfJQVrF3iH1X5Qqkj6cG5LzgPyH0QGeBvijtoDUsmDJRKHQyVzW
zEa53QminaxgPBelR4K/q4K3B5y7BBgwBVv8jqKM0CJR26TQdKFvCJFOr6/GNzhK
uPgz3EUpL0EjqOokB5+uZmj8pnlr5K8eHu9QltYQHq3qaNDl4nwHISgThwtFdhkt
/TZPpg9SNkUfW/KjpXW8sLgwL4n0hd/nnNe88UOpGOt7wZuro1IJM3Wt9TRPoUYg
Pyg=
-----END CERTIFICATE-----
Generated at Fri Jun 14 01:28:02 2024 by rpki-client on console-ams.rpki-client.org