Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/990a64b7-6f49-49b1-b261-f42f671355cf.roa
File:                     990a64b7-6f49-49b1-b261-f42f671355cf.roa (raw, json)
Hash identifier:          AQMYLFeoK8B2dcPnIckENo2Kw28CY1O96odpK9cxhrA=
Subject key identifier:   7C:05:5D:88:08:13:7B:A6:E4:13:39:A6:7D:D5:07:39:5F:6C:97:55
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7048A3D02A8B66E737109A50412AE3F85C23DECB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/990a64b7-6f49-49b1-b261-f42f671355cf.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 19 Jul 2024 23:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:48:a3:d0:2a:8b:66:e7:37:10:9a:50:41:2a:e3:f8:5c:23:de:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=ecef4e473326c90b022f8a3995631d5e6a4d1a371376df6c1ddb1bc322537734, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:9b:61:1e:76:9d:a1:79:6b:37:15:bd:0f:ec:
                    1c:a7:34:75:c8:ec:a6:06:c5:03:92:a2:d6:90:f8:
                    62:58:79:53:6c:d2:8d:75:70:3a:e0:c2:52:6d:f1:
                    79:92:27:e6:36:7d:24:d4:43:0f:c6:50:92:03:37:
                    bf:e5:95:e5:09:93:c9:80:0b:38:f1:d0:ff:95:ca:
                    3d:7f:19:66:68:01:3b:f0:ce:47:bf:e6:62:58:30:
                    f5:00:32:81:bc:77:ba:af:07:7e:23:75:8f:d3:e9:
                    b6:f5:61:46:5c:9b:c3:39:22:ae:0e:69:62:4f:97:
                    f1:e4:9b:b0:76:3c:56:24:1a:aa:a1:13:e4:f4:01:
                    fe:08:7c:25:56:50:f9:e1:c8:f3:43:12:03:18:27:
                    90:41:93:11:84:76:d2:d0:1a:21:c0:cc:5c:f1:b7:
                    77:a7:5b:47:49:a9:69:b5:89:3c:75:db:7f:ac:c3:
                    43:f5:c9:48:1b:84:a7:4f:35:b5:86:5f:90:45:62:
                    4d:69:4f:f4:99:3b:a6:79:73:8c:56:c9:17:61:12:
                    c2:e6:26:bf:e6:77:26:99:3b:24:85:cd:7c:5a:c4:
                    ba:88:7d:51:ee:3f:a5:48:3e:7b:ca:95:8a:14:14:
                    81:c8:d5:65:af:43:5b:17:9f:bc:6e:32:87:ab:58:
                    df:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:05:5D:88:08:13:7B:A6:E4:13:39:A6:7D:D5:07:39:5F:6C:97:55
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/990a64b7-6f49-49b1-b261-f42f671355cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         30:4f:85:d5:c4:0f:ce:ac:01:5d:6c:04:dd:c8:4a:b7:3f:83:
         df:e0:08:40:1e:6d:ef:ea:d1:e4:52:75:a7:c6:4c:50:56:8c:
         a8:63:f3:32:fd:b8:1d:35:53:63:6b:37:9e:2c:dc:e9:7e:73:
         00:f6:2e:fe:ef:4a:e2:54:75:52:25:13:63:c6:b7:a3:9d:83:
         fc:08:0f:6c:cc:03:a3:39:d6:59:24:c5:68:0a:cf:40:be:61:
         b3:f1:6a:7f:a6:02:62:6c:71:c6:f5:af:55:0a:ea:0b:e9:5f:
         4a:ec:77:7d:95:b3:f5:1c:da:a7:ca:04:5d:37:46:df:87:d9:
         ad:75:4b:fa:14:18:22:7e:8d:f1:e7:eb:dd:b8:e4:46:06:ac:
         b2:05:56:b1:33:c9:a0:df:e7:13:c3:37:37:1d:0f:8d:22:93:
         92:94:ed:59:0f:7b:23:dd:da:0e:4c:95:09:b8:25:c7:91:e6:
         3f:d3:25:e8:d3:88:53:b0:23:56:83:67:3f:a4:b9:b5:01:ac:
         55:95:0e:4d:77:f5:18:66:b4:0b:51:e9:cf:ae:7e:43:90:70:
         94:df:69:94:de:c7:3d:ac:dd:ab:cb:b2:c7:aa:83:03:f2:e5:
         1d:b1:85:d6:3f:b5:63:e8:bb:50:c3:c0:06:14:e0:1d:46:e4:
         58:3c:21:3d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcEij0CqLZuc3EJpQQSrj+Fwj3sswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAZWNlZjRlNDczMzI2YzkwYjAyMmY4
YTM5OTU2MzFkNWU2YTRkMWEzNzEzNzZkZjZjMWRkYjFiYzMyMjUzNzczNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35thHnadoXlrNxW9D+wcpzR1yOym
BsUDkqLWkPhiWHlTbNKNdXA64MJSbfF5kifmNn0k1EMPxlCSAze/5ZXlCZPJgAs4
8dD/lco9fxlmaAE78M5Hv+ZiWDD1ADKBvHe6rwd+I3WP0+m29WFGXJvDOSKuDmli
T5fx5JuwdjxWJBqqoRPk9AH+CHwlVlD54cjzQxIDGCeQQZMRhHbS0BohwMxc8bd3
p1tHSalptYk8ddt/rMND9clIG4SnTzW1hl+QRWJNaU/0mTumeXOMVskXYRLC5ia/
5ncmmTskhc18WsS6iH1R7j+lSD57ypWKFBSByNVlr0NbF5+8bjKHq1jfxQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHwFXYgIE3um5BM5pn3VBzlfbJdVMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk5MGE2NGI3LTZmNDktNDliMS1iMjYxLWY0MmY2NzEzNTVjZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/7AwDQYJKoZIhvcNAQELBQADggEBADBPhdXED86sAV1sBN3I
Src/g9/gCEAebe/q0eRSdafGTFBWjKhj8zL9uB01U2NrN54s3Ol+cwD2Lv7vSuJU
dVIlE2PGt6Odg/wID2zMA6M51lkkxWgKz0C+YbPxan+mAmJsccb1r1UK6gvpX0rs
d32Vs/Uc2qfKBF03Rt+H2a11S/oUGCJ+jfHn69245EYGrLIFVrEzyaDf5xPDNzcd
D40ik5KU7VkPeyPd2g5MlQm4JceR5j/TJejTiFOwI1aDZz+kubUBrFWVDk139Rhm
tAtR6c+ufkOQcJTfaZTexz2s3avLsseqgwPy5R2xhdY/tWPou1DDwAYU4B1G5Fg8
IT0=
-----END CERTIFICATE-----
Generated at Tue Jul 16 02:05:57 2024 by rpki-client on console-fra.rpki-client.org