Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9a9d41bd-0bed-4bc0-8365-34453f074020.roa
File:                     9a9d41bd-0bed-4bc0-8365-34453f074020.roa (raw, json)
Hash identifier:          YJXgqa5DGbaeXQI286FRoUNcGbtvtLh6jajdeH22zZ0=
Subject key identifier:   56:01:65:40:9F:15:75:E5:6C:B8:8E:FD:FA:A9:5B:62:1E:E3:D8:C1
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4E9F39A9E53C4B43040C8EF33D6D0D209EAA0F96
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9a9d41bd-0bed-4bc0-8365-34453f074020.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafe:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:9f:39:a9:e5:3c:4b:43:04:0c:8e:f3:3d:6d:0d:20:9e:aa:0f:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=78d9bb9f05f47e5b1517378488a749135dca5a210760acfb46c431be37205dd1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c2:ee:17:67:c7:af:9d:bd:a5:3d:b8:36:21:
                    cd:fc:a8:ba:ac:40:bb:7e:be:61:16:18:43:49:f2:
                    a1:18:51:78:c6:56:87:c5:9b:d4:bc:c3:d2:69:c0:
                    2e:99:ac:46:14:9a:74:01:6a:e4:cd:16:8c:62:1d:
                    fc:cb:11:e8:82:a2:e7:fe:4f:11:8d:a6:51:0f:17:
                    b0:3f:16:e4:c7:8e:06:2f:50:de:be:85:9c:6a:6c:
                    5e:c6:25:52:e2:8f:1e:d2:77:cf:b8:c1:f3:6c:f0:
                    50:30:0c:ae:6b:0b:46:bd:7c:ec:a8:97:ff:7c:3c:
                    29:04:97:ed:3b:47:2d:f0:62:88:32:59:d0:f7:eb:
                    2f:84:ac:b0:74:76:81:f9:7e:8c:94:d5:2a:5c:40:
                    47:8b:9d:81:be:17:f5:c1:16:43:f4:5e:c3:2a:ec:
                    43:65:e2:9a:55:49:af:ff:6d:9d:8f:40:db:79:20:
                    db:83:29:a0:01:b1:04:25:0a:35:76:77:78:90:67:
                    1a:96:c4:db:1b:6b:b9:17:b2:69:55:1e:4c:cd:2a:
                    8d:51:f4:c8:6b:e0:fa:18:86:2f:25:b2:b2:b2:86:
                    92:d4:c7:de:1c:65:b9:32:a0:ef:cc:72:a0:54:b3:
                    ad:ee:0c:66:a7:db:c9:dc:57:4b:ed:3a:16:80:77:
                    94:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:01:65:40:9F:15:75:E5:6C:B8:8E:FD:FA:A9:5B:62:1E:E3:D8:C1
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9a9d41bd-0bed-4bc0-8365-34453f074020.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafe:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7e:bf:7b:5b:e1:fb:51:89:a0:fd:4e:cf:b4:f6:04:d9:fb:fa:
         c8:c2:0c:62:19:b9:dd:8d:4d:ab:39:3a:6b:37:37:1e:90:8a:
         6a:6e:3d:af:d9:3c:19:f8:94:29:5f:3f:9d:8a:43:af:1f:02:
         a4:e9:ed:f7:d0:67:27:01:c9:e1:73:5e:04:e0:63:4a:6d:a2:
         60:16:2b:c6:0a:f0:dd:97:7b:fa:f6:f7:ee:e2:7f:d5:10:e1:
         ff:eb:f8:51:49:3f:fb:5b:c7:36:c1:70:c9:25:c9:87:24:2c:
         ae:36:00:38:73:71:ff:fc:f1:32:55:a3:0a:67:92:c5:fb:1d:
         64:4c:8d:86:b8:33:87:d1:64:b8:4a:ba:15:f4:c1:82:5d:ef:
         3a:66:93:63:81:6c:48:b9:7a:6e:8f:fd:19:35:da:a8:0c:5c:
         1f:f2:fc:1b:b5:54:9a:4a:16:b2:17:2e:05:41:42:72:04:87:
         7c:5c:36:8a:c1:61:aa:c4:bf:d6:81:32:d4:b2:07:50:ed:44:
         e9:1f:28:25:14:ea:26:2f:96:72:18:51:fa:69:41:7b:c4:a3:
         32:bf:34:fa:19:9a:df:0d:40:15:e7:0e:b8:63:bb:fc:d4:be:
         37:a5:da:9d:72:8f:c0:ef:27:6a:a0:5a:ec:c7:8c:14:a4:2b:
         ae:ff:7d:f1
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTp85qeU8S0MEDI7zPW0NIJ6qD5YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNANzhkOWJiOWYwNWY0N2U1YjE1MTcz
Nzg0ODhhNzQ5MTM1ZGNhNWEyMTA3NjBhY2ZiNDZjNDMxYmUzNzIwNWRkMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMLuF2fHr529pT24NiHN/Ki6rEC7
fr5hFhhDSfKhGFF4xlaHxZvUvMPSacAumaxGFJp0AWrkzRaMYh38yxHogqLn/k8R
jaZRDxewPxbkx44GL1DevoWcamxexiVS4o8e0nfPuMHzbPBQMAyuawtGvXzsqJf/
fDwpBJftO0ct8GKIMlnQ9+svhKywdHaB+X6MlNUqXEBHi52Bvhf1wRZD9F7DKuxD
ZeKaVUmv/22dj0DbeSDbgymgAbEEJQo1dnd4kGcalsTbG2u5F7JpVR5MzSqNUfTI
a+D6GIYvJbKysoaS1MfeHGW5MqDvzHKgVLOt7gxmp9vJ3FdL7ToWgHeUdwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFYBZUCfFXXlbLiO/fqpW2Ie49jBMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzlhOWQ0MWJkLTBiZWQtNGJjMC04MzY1LTM0NDUzZjA3NDAyMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/uAwDQYJKoZIhvcNAQELBQADggEBAH6/e1vh+1GJoP1Oz7T2
BNn7+sjCDGIZud2NTas5Oms3Nx6QimpuPa/ZPBn4lClfP52KQ68fAqTp7ffQZycB
yeFzXgTgY0ptomAWK8YK8N2Xe/r29+7if9UQ4f/r+FFJP/tbxzbBcMklyYckLK42
ADhzcf/88TJVowpnksX7HWRMjYa4M4fRZLhKuhX0wYJd7zpmk2OBbEi5em6P/Rk1
2qgMXB/y/Bu1VJpKFrIXLgVBQnIEh3xcNorBYarEv9aBMtSyB1DtROkfKCUU6iYv
lnIYUfppQXvEozK/NPoZmt8NQBXnDrhju/zUvjel2p1yj8DvJ2qgWuzHjBSkK67/
ffE=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:22:46 2024 by rpki-client on console-fra.rpki-client.org