Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa
File:                     97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa (raw, json)
Hash identifier:          SGYKWeHtWwKWTxbQEWQBGnWkqa0JBZjm6DokwUbC+aY=
Subject key identifier:   61:24:F2:23:D5:D3:D0:80:71:80:80:27:93:B1:92:35:17:B7:0E:0B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       30B5018AFEA40E8411642026B5087C42A0143190
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da2b::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 Sep 2023 03:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:b5:01:8a:fe:a4:0e:84:11:64:20:26:b5:08:7c:42:a0:14:31:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=db0d4d02fdae624567a20a5b086a76c262130ff99467186c6d4b80de54e05b7e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b4:c6:32:40:93:b7:c8:57:ef:55:25:d1:23:
                    63:fb:44:c7:80:f9:89:ee:e4:fa:70:d6:e3:02:35:
                    93:a1:0e:cc:d2:5c:50:b4:9e:f1:51:00:4f:c4:88:
                    82:25:5b:04:8d:c1:c0:cb:62:84:49:c2:4c:7d:c3:
                    91:83:56:b5:c2:f7:30:bc:76:5d:9e:3f:d0:c9:23:
                    b4:d9:73:c5:a4:c8:40:24:8c:f9:01:c7:db:e7:55:
                    bb:01:e1:45:d9:bf:22:b5:85:42:59:ab:9d:3f:34:
                    71:ba:ed:3f:cb:67:67:32:e0:25:72:86:c3:77:8e:
                    c5:e4:4f:17:18:b4:ec:f6:7a:ab:84:1f:81:4e:79:
                    ce:87:0f:58:d2:c4:6f:d8:e6:db:f5:19:1a:c6:b2:
                    7c:88:d3:29:42:21:5b:57:19:8a:0d:b1:37:35:d1:
                    6d:a6:8e:fd:5d:0b:07:3f:64:9e:2e:18:67:2e:60:
                    4c:3e:ab:34:ec:3c:c8:3c:da:79:f2:54:90:02:ce:
                    d2:bb:16:88:be:aa:06:79:df:9e:69:51:8c:2e:fe:
                    4f:ee:0b:86:d4:5e:d9:b3:a7:2d:2c:7d:ad:20:b4:
                    a7:17:9d:f2:0e:83:67:5c:f7:cc:1f:25:4c:b4:15:
                    ab:7a:11:dd:06:6d:c5:7b:df:6d:3c:33:d0:19:75:
                    83:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:24:F2:23:D5:D3:D0:80:71:80:80:27:93:B1:92:35:17:B7:0E:0B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/97acb09e-a4ac-498b-bfa8-ff2d8da2bf3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da2b::/36

    Signature Algorithm: sha256WithRSAEncryption
         46:f1:78:98:e8:18:39:08:da:46:0a:0f:95:1b:f2:87:d0:a1:
         9c:3e:4b:33:75:94:bc:27:51:87:33:5e:b1:f3:f2:c5:0e:df:
         ee:3b:84:31:c6:a8:97:86:49:9b:67:0f:dc:e6:25:d4:9e:37:
         59:d1:e4:75:d2:b8:ff:47:73:03:1b:a9:16:85:14:8d:f0:b2:
         f6:0f:ed:97:4e:bf:42:e7:59:1e:f2:4b:33:d3:50:ba:87:bb:
         46:f1:2b:3c:17:b6:bd:fa:22:36:5b:a3:2c:c3:cd:64:d9:d4:
         84:8c:d9:40:d1:f4:b9:a5:2f:52:56:20:e7:b2:5e:cd:cd:68:
         87:32:21:49:b0:ee:5d:bf:04:fe:8c:c3:d2:18:f7:ab:e3:ac:
         b9:92:40:6a:c3:83:b9:47:ec:73:49:ba:d7:2f:84:d5:48:9e:
         a4:5b:72:10:79:88:1e:35:aa:89:fa:d1:0c:db:16:ca:e8:e4:
         64:2e:0a:e5:c0:3c:99:0c:80:48:8c:8e:0e:1d:ae:84:04:53:
         52:8e:37:5c:3b:86:19:56:7b:b4:c5:cd:53:ad:0b:d1:84:77:
         2f:3f:05:f3:10:73:78:90:66:c1:94:ee:8c:3f:b2:77:20:07:
         79:b2:d3:0a:85:94:bf:92:c3:87:82:4c:df:0d:23:3e:24:2e:
         a0:53:f3:4c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMLUBiv6kDoQRZCAmtQh8QqAUMZAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxMTAwMDAwMFoX
DTIzMTAxNjIzNTk1OVowejFJMEcGA1UEBRNAZGIwZDRkMDJmZGFlNjI0NTY3YTIw
YTViMDg2YTc2YzI2MjEzMGZmOTk0NjcxODZjNmQ0YjgwZGU1NGUwNWI3ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbTGMkCTt8hX71Ul0SNj+0THgPmJ
7uT6cNbjAjWToQ7M0lxQtJ7xUQBPxIiCJVsEjcHAy2KEScJMfcORg1a1wvcwvHZd
nj/QySO02XPFpMhAJIz5Acfb51W7AeFF2b8itYVCWaudPzRxuu0/y2dnMuAlcobD
d47F5E8XGLTs9nqrhB+BTnnOhw9Y0sRv2Obb9RkaxrJ8iNMpQiFbVxmKDbE3NdFt
po79XQsHP2SeLhhnLmBMPqs07DzIPNp58lSQAs7SuxaIvqoGed+eaVGMLv5P7guG
1F7Zs6ctLH2tILSnF53yDoNnXPfMHyVMtBWrehHdBm3Fe99tPDPQGXWDFwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGEk8iPV09CAcYCAJ5OxkjUXtw4LMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk3YWNiMDllLWE0YWMtNDk4Yi1iZmE4LWZmMmQ4ZGEyYmYzYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaKwAwDQYJKoZIhvcNAQELBQADggEBAEbxeJjoGDkI2kYKD5Ub
8ofQoZw+SzN1lLwnUYczXrHz8sUO3+47hDHGqJeGSZtnD9zmJdSeN1nR5HXSuP9H
cwMbqRaFFI3wsvYP7ZdOv0LnWR7ySzPTULqHu0bxKzwXtr36IjZboyzDzWTZ1ISM
2UDR9LmlL1JWIOeyXs3NaIcyIUmw7l2/BP6Mw9IY96vjrLmSQGrDg7lH7HNJutcv
hNVInqRbchB5iB41qon60QzbFsro5GQuCuXAPJkMgEiMjg4droQEU1KON1w7hhlW
e7TFzVOtC9GEdy8/BfMQc3iQZsGU7ow/sncgB3my0wqFlL+Sw4eCTN8NIz4kLqBT
80w=
-----END CERTIFICATE-----
Generated at Mon Sep 11 15:39:31 2023 by rpki-client on console-ams.rpki-client.org