Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8fd06079-670b-45e2-8241-18b7a6b8c031.roa
File:                     8fd06079-670b-45e2-8241-18b7a6b8c031.roa (raw, json)
Hash identifier:          9SXNUPsvqu4XTlMwHHNzwNYt6iMF37vMjYk8DPmUc5E=
Subject key identifier:   E0:4A:8C:B0:36:9A:B8:1D:EE:A5:37:0A:68:D9:B9:16:CF:D8:EF:89
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       34C5A106D0BBB6EC8C8003D58470066955ED4ADE
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8fd06079-670b-45e2-8241-18b7a6b8c031.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf6:4800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 00:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:c5:a1:06:d0:bb:b6:ec:8c:80:03:d5:84:70:06:69:55:ed:4a:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=bf5caf3d40bff639e80e0e027264c0f2f721b77386ceb1a97ad3a9cbd4a43f5f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fe:69:eb:a8:a3:97:6c:3f:35:e7:a6:12:bb:
                    15:b3:e9:b6:73:ff:99:3c:83:ed:61:4e:fc:25:19:
                    34:e8:38:a7:3c:fb:17:cc:89:32:d9:c1:f5:6d:d4:
                    43:df:0f:47:c7:52:88:a1:1a:b1:5d:45:0a:57:91:
                    0a:0a:0f:49:b6:0e:f5:84:2c:ff:c1:e9:29:ba:74:
                    31:2a:e8:f5:4a:08:51:bc:89:b8:03:a8:1e:44:6b:
                    2e:77:0a:a3:bd:20:10:ac:38:01:77:43:6a:0c:5c:
                    51:67:70:ae:cb:59:82:87:09:b6:ff:d2:4c:28:27:
                    c1:b2:b5:cd:09:51:fb:ee:ae:d4:68:5f:8e:2c:a1:
                    91:77:57:b9:b5:7f:16:76:ce:03:74:89:5e:8f:c0:
                    89:a1:1c:81:11:34:d2:07:e6:f5:ce:29:3e:e9:7d:
                    48:9c:64:6c:14:1c:2e:70:0f:54:9a:2b:32:c5:ff:
                    76:29:c5:e8:00:1b:be:a0:a2:03:d1:4f:55:de:96:
                    1f:20:f2:76:72:93:bb:4e:5f:f8:48:01:9a:5e:9d:
                    67:76:aa:f8:03:7b:37:28:3b:70:0a:0d:b8:99:36:
                    42:fc:f6:48:62:0e:a2:b2:0c:b8:cb:50:31:3b:8a:
                    81:c0:66:c6:26:38:02:aa:a2:14:07:e2:fe:21:9b:
                    38:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:4A:8C:B0:36:9A:B8:1D:EE:A5:37:0A:68:D9:B9:16:CF:D8:EF:89
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8fd06079-670b-45e2-8241-18b7a6b8c031.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf6:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         1f:62:51:f1:e0:4f:41:1a:9a:a9:0b:87:e3:b7:12:1c:b8:1b:
         cf:0f:85:85:fa:66:bc:0f:26:c3:d9:c6:14:99:ba:f2:ae:d2:
         2a:b3:d6:db:98:d0:ad:4c:c4:f9:85:31:51:d0:cb:e3:98:60:
         a0:33:03:fc:34:0c:d7:3c:64:77:78:6b:17:44:e4:2e:ba:ab:
         aa:3d:e5:c8:83:d8:3d:2e:b0:4f:67:64:94:2b:85:64:c6:5f:
         6f:2a:31:5c:fd:d3:f1:25:2d:5b:9c:c0:19:d4:0a:e4:36:72:
         15:e0:55:2a:09:78:7a:ab:d9:20:a6:47:c9:ac:07:f0:da:4c:
         88:5e:fd:5a:37:bd:f8:1c:f5:74:04:eb:92:35:24:83:92:ac:
         6b:49:8e:2d:dc:69:26:8e:cd:69:2c:50:30:a0:3b:ab:2e:8b:
         06:0b:f9:04:87:d8:5e:10:7d:14:40:a4:b9:73:00:a2:29:19:
         51:c1:27:d8:73:0a:93:a9:e1:ba:bd:d5:1a:59:2c:dc:8b:c2:
         c0:4c:d4:cd:9c:72:67:98:ed:2b:1a:96:55:c2:25:38:f2:85:
         5d:bb:57:2c:05:f0:82:92:b5:3d:aa:03:4d:15:5e:d3:ad:4d:
         41:fb:4b:1a:f3:73:a3:fe:82:f1:bb:ed:fa:e5:0b:b3:eb:43:
         1c:c5:23:07
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNMWhBtC7tuyMgAPVhHAGaVXtSt4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAYmY1Y2FmM2Q0MGJmZjYzOWU4MGUw
ZTAyNzI2NGMwZjJmNzIxYjc3Mzg2Y2ViMWE5N2FkM2E5Y2JkNGE0M2Y1ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP5p66ijl2w/NeemErsVs+m2c/+Z
PIPtYU78JRk06DinPPsXzIky2cH1bdRD3w9Hx1KIoRqxXUUKV5EKCg9Jtg71hCz/
wekpunQxKuj1SghRvIm4A6geRGsudwqjvSAQrDgBd0NqDFxRZ3Cuy1mChwm2/9JM
KCfBsrXNCVH77q7UaF+OLKGRd1e5tX8Wds4DdIlej8CJoRyBETTSB+b1zik+6X1I
nGRsFBwucA9Umisyxf92KcXoABu+oKID0U9V3pYfIPJ2cpO7Tl/4SAGaXp1ndqr4
A3s3KDtwCg24mTZC/PZIYg6isgy4y1AxO4qBwGbGJjgCqqIUB+L+IZs4NwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOBKjLA2mrgd7qU3CmjZuRbP2O+JMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhmZDA2MDc5LTY3MGItNDVlMi04MjQxLTE4YjdhNmI4YzAzMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9kgwDQYJKoZIhvcNAQELBQADggEBAB9iUfHgT0EamqkLh+O3
Ehy4G88PhYX6ZrwPJsPZxhSZuvKu0iqz1tuY0K1MxPmFMVHQy+OYYKAzA/w0DNc8
ZHd4axdE5C66q6o95ciD2D0usE9nZJQrhWTGX28qMVz90/ElLVucwBnUCuQ2chXg
VSoJeHqr2SCmR8msB/DaTIhe/Vo3vfgc9XQE65I1JIOSrGtJji3caSaOzWksUDCg
O6suiwYL+QSH2F4QfRRApLlzAKIpGVHBJ9hzCpOp4bq91RpZLNyLwsBM1M2ccmeY
7SsallXCJTjyhV27VywF8IKStT2qA00VXtOtTUH7Sxrzc6P+gvG77frlC7PrQxzF
Iwc=
-----END CERTIFICATE-----
Generated at Mon Jun 17 18:19:40 2024 by rpki-client on console-ams.rpki-client.org