Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a27a6eed-8d4e-4ed8-a0e5-18566991ae5c.roa
File:                     a27a6eed-8d4e-4ed8-a0e5-18566991ae5c.roa (raw, json)
Hash identifier:          3Wwbk5DvpdqItyi0n2cbU8P/gEPJqMRKXuh1KqIYGiM=
Subject key identifier:   29:A1:0A:99:4F:C4:2C:72:DA:69:DC:38:23:4E:00:AE:81:2F:A5:26
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       43F89E31AEFAE7645ACEF9D6B94D8F66BE9A6D49
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a27a6eed-8d4e-4ed8-a0e5-18566991ae5c.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:ff60::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:f8:9e:31:ae:fa:e7:64:5a:ce:f9:d6:b9:4d:8f:66:be:9a:6d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=8a0ea34d65afb288bac9a1e258f8b60c835e4eb2470b4071efc399e0083b7925, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7c:53:a1:17:85:89:9a:81:07:6c:52:6d:61:
                    84:76:41:8b:af:73:2b:d6:06:68:c3:12:0b:e7:35:
                    27:f1:e3:18:59:cb:a7:c1:26:6a:cc:50:67:47:00:
                    82:5c:14:9f:d1:61:d1:57:b8:d1:c0:6c:c1:0c:36:
                    29:01:c9:99:44:d0:3f:c6:40:a1:a5:14:61:63:7f:
                    2b:bd:89:4c:33:25:3e:91:35:47:3b:9c:90:64:bb:
                    0a:fa:57:ea:f5:20:4a:14:3a:d0:cd:80:92:ba:58:
                    40:00:7e:9b:21:d5:f6:ff:73:ac:62:fe:3f:ec:10:
                    ec:72:84:bf:7a:77:27:7a:68:24:9a:2b:ee:8d:cb:
                    2b:6f:1b:b3:b7:50:e0:fa:4d:08:f2:d1:6c:2b:e0:
                    05:f2:45:16:04:3e:ef:9a:7e:92:0f:5b:4c:af:ff:
                    1c:7d:64:ba:77:93:2e:2c:cd:ba:7a:f9:bf:38:67:
                    31:cf:cd:78:1a:b4:e9:c4:15:29:0f:27:69:4e:39:
                    25:b4:73:82:42:74:7c:df:b5:57:06:d9:ae:2a:fe:
                    dd:83:e9:f0:f2:64:70:82:c8:22:c7:9d:2c:72:04:
                    dc:12:96:97:c4:a3:20:c7:9f:ad:61:4a:12:d2:45:
                    f5:94:e3:45:35:b1:b1:04:76:3f:22:fb:a1:78:73:
                    28:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A1:0A:99:4F:C4:2C:72:DA:69:DC:38:23:4E:00:AE:81:2F:A5:26
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a27a6eed-8d4e-4ed8-a0e5-18566991ae5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:ff60::/46

    Signature Algorithm: sha256WithRSAEncryption
         4e:98:ff:7c:0c:10:b9:50:b1:7f:d0:c8:f2:72:a3:91:1a:54:
         04:6e:e3:bf:b0:e1:a5:51:09:f7:9c:a7:9a:04:f9:08:6b:29:
         ab:53:9d:26:16:8b:1f:c9:54:b8:71:b6:48:3f:ec:72:ce:43:
         76:f9:95:bf:5b:a1:9d:57:de:88:d1:64:82:0f:ad:26:8e:5c:
         f5:c5:38:21:d0:21:1c:52:f6:53:7b:38:12:8e:7b:a1:be:39:
         99:43:75:ae:2b:67:84:ad:e1:b3:a7:9f:5a:3f:1a:15:87:b0:
         6a:b8:9c:17:7c:df:bf:82:05:9c:a6:7e:d5:c5:3e:43:79:73:
         88:51:42:ce:12:ec:29:4f:b3:41:f0:c6:cc:f4:8a:41:74:de:
         2b:e5:64:d3:60:31:e6:fa:f5:63:fa:e0:27:66:f7:e3:8e:83:
         02:1f:10:f2:54:59:ff:62:82:f9:68:02:5e:42:ee:c1:f9:3a:
         d0:48:8f:fc:af:40:7a:a5:06:11:26:d7:a0:e2:c9:3a:34:d7:
         6e:06:0f:e0:a5:a5:59:69:a7:31:ee:79:68:ef:97:6c:ae:65:
         f4:42:90:5e:a1:63:9d:e6:1a:0e:3b:be:53:69:88:b7:56:a0:
         c0:68:0a:37:82:51:ef:56:17:ad:81:ea:ee:a1:5e:e7:24:96:
         ac:f6:9d:76
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUQ/ieMa7652RazvnWuU2PZr6abUkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAOGEwZWEzNGQ2NWFmYjI4OGJhYzlh
MWUyNThmOGI2MGM4MzVlNGViMjQ3MGI0MDcxZWZjMzk5ZTAwODNiNzkyNTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HxToReFiZqBB2xSbWGEdkGLr3Mr
1gZowxIL5zUn8eMYWcunwSZqzFBnRwCCXBSf0WHRV7jRwGzBDDYpAcmZRNA/xkCh
pRRhY38rvYlMMyU+kTVHO5yQZLsK+lfq9SBKFDrQzYCSulhAAH6bIdX2/3OsYv4/
7BDscoS/encnemgkmivujcsrbxuzt1Dg+k0I8tFsK+AF8kUWBD7vmn6SD1tMr/8c
fWS6d5MuLM26evm/OGcxz814GrTpxBUpDydpTjkltHOCQnR837VXBtmuKv7dg+nw
8mRwgsgix50scgTcEpaXxKMgx5+tYUoS0kX1lONFNbGxBHY/IvuheHMonQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCmhCplPxCxy2mncOCNOAK6BL6UmMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2EyN2E2ZWVkLThkNGUtNGVkOC1hMGU1LTE4NTY2OTkxYWU1Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba/P9gMA0GCSqGSIb3DQEBCwUAA4IBAQBOmP98DBC5ULF/0Mjy
cqORGlQEbuO/sOGlUQn3nKeaBPkIaymrU50mFosfyVS4cbZIP+xyzkN2+ZW/W6Gd
V96I0WSCD60mjlz1xTgh0CEcUvZTezgSjnuhvjmZQ3WuK2eEreGzp59aPxoVh7Bq
uJwXfN+/ggWcpn7VxT5DeXOIUULOEuwpT7NB8MbM9IpBdN4r5WTTYDHm+vVj+uAn
ZvfjjoMCHxDyVFn/YoL5aAJeQu7B+TrQSI/8r0B6pQYRJteg4sk6NNduBg/gpaVZ
aacx7nlo75dsrmX0QpBeoWOd5hoOO75TaYi3VqDAaAo3glHvVhetgeruoV7nJJas
9p12
-----END CERTIFICATE-----
Generated at Thu Jul 18 02:11:48 2024 by rpki-client on console-fra.rpki-client.org