Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a2f37184-69cc-42f7-b4f9-eac706fa0820.roa
File:                     a2f37184-69cc-42f7-b4f9-eac706fa0820.roa (raw, json)
Hash identifier:          ZnNy/jTx2JWXQPWCmxn0oRnlPupUu4qh2naaHyPBVRY=
Subject key identifier:   E3:22:05:B6:DD:E7:3D:31:89:88:19:2A:BF:5D:43:16:F4:D7:E7:82
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       333695890565DA8A2E7C488500BE565FD9BE06BC
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a2f37184-69cc-42f7-b4f9-eac706fa0820.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:36:95:89:05:65:da:8a:2e:7c:48:85:00:be:56:5f:d9:be:06:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=73b9a509a122267f3489d51fed217f89140e489d5b838e3fa1116e549024fbc1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6f:e5:d0:7e:f6:51:52:b1:74:5d:c3:8c:cf:
                    5f:51:ad:b0:42:85:83:c2:0b:c7:99:6f:62:04:77:
                    7f:2c:51:d5:f2:c7:97:1e:7a:89:ee:c8:18:cf:0f:
                    26:17:dd:95:59:20:0c:a3:98:b5:a3:17:64:ae:88:
                    5d:22:ba:ae:bd:06:58:d2:8f:7e:99:f0:77:57:a4:
                    df:09:63:72:36:31:07:9f:f5:78:a8:bc:ee:31:4c:
                    a0:f4:0f:b1:ee:80:5d:18:e7:3c:fe:e9:53:7c:29:
                    69:1e:b6:08:3f:dc:7e:4d:43:1c:8c:1b:e2:2d:63:
                    b8:54:fd:99:d4:a8:16:57:f1:3f:e6:3f:81:a7:f8:
                    6d:7b:c6:c7:e0:56:e9:f7:4f:28:57:d3:00:db:e0:
                    bb:2b:92:1a:48:f3:bb:d1:9f:b8:84:93:d2:9d:17:
                    d4:3c:f5:1e:65:88:3c:89:21:54:9b:1e:df:49:89:
                    f6:39:be:35:81:38:3d:72:70:34:b9:75:00:37:8a:
                    90:5a:b9:7c:99:a5:e4:de:a1:01:cd:40:16:dc:c6:
                    47:a4:eb:08:bb:35:af:26:ef:d8:a2:e9:c0:a0:8c:
                    53:04:51:f5:24:71:6f:36:56:6e:2f:b7:ea:dd:b3:
                    ed:e0:d2:60:4e:d0:3e:28:ca:10:fa:21:5c:df:48:
                    7e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:22:05:B6:DD:E7:3D:31:89:88:19:2A:BF:5D:43:16:F4:D7:E7:82
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a2f37184-69cc-42f7-b4f9-eac706fa0820.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:19:12:74:10:e9:28:06:c0:94:e9:18:0a:52:99:92:99:79:
         25:cf:63:5f:99:70:fa:ac:df:06:aa:97:17:ef:09:25:6a:bf:
         1c:1f:ff:16:88:1f:ec:2b:03:66:63:b0:40:bf:f0:ee:81:4a:
         2a:57:e9:67:c3:ec:05:cb:66:65:f7:74:9d:20:aa:a8:b0:f5:
         1e:08:da:b0:a0:19:9a:32:da:29:a7:d5:77:62:e7:f6:75:49:
         ed:98:21:9d:8c:18:81:6a:fc:63:27:97:86:9d:a9:6a:17:d8:
         95:45:66:99:76:c1:3f:30:71:ac:38:dd:44:38:27:8c:08:f6:
         3c:e5:9d:90:9a:f9:c6:72:58:bc:6e:c1:ad:0a:c7:ff:a2:d8:
         5e:94:f7:39:a8:00:1d:61:9f:3f:08:58:e1:9b:c8:37:74:4c:
         79:38:33:02:7c:59:5b:05:ad:25:06:27:2a:00:2c:b9:20:2e:
         f6:70:98:32:69:a4:fd:5f:db:ab:79:2f:0e:00:a5:1e:54:f1:
         2d:c5:d7:c0:ae:31:ea:82:d5:17:eb:d1:f5:64:51:ea:0c:31:
         90:fc:cd:c1:6a:96:ff:ac:58:52:51:69:dd:97:b5:4d:d1:e9:
         8f:0f:75:c5:9c:4f:1e:09:60:e9:97:a8:24:0a:72:b5:ab:33:
         4f:b9:fd:c6
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMzaViQVl2ooufEiFAL5WX9m+BrwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNANzNiOWE1MDlhMTIyMjY3ZjM0ODlk
NTFmZWQyMTdmODkxNDBlNDg5ZDViODM4ZTNmYTExMTZlNTQ5MDI0ZmJjMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnm/l0H72UVKxdF3DjM9fUa2wQoWD
wgvHmW9iBHd/LFHV8seXHnqJ7sgYzw8mF92VWSAMo5i1oxdkrohdIrquvQZY0o9+
mfB3V6TfCWNyNjEHn/V4qLzuMUyg9A+x7oBdGOc8/ulTfClpHrYIP9x+TUMcjBvi
LWO4VP2Z1KgWV/E/5j+Bp/hte8bH4Fbp908oV9MA2+C7K5IaSPO70Z+4hJPSnRfU
PPUeZYg8iSFUmx7fSYn2Ob41gTg9cnA0uXUAN4qQWrl8maXk3qEBzUAW3MZHpOsI
uzWvJu/YounAoIxTBFH1JHFvNlZuL7fq3bPt4NJgTtA+KMoQ+iFc30h+BwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOMiBbbd5z0xiYgZKr9dQxb01+eCMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2EyZjM3MTg0LTY5Y2MtNDJmNy1iNGY5LWVhYzcwNmZhMDgyMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaACAwDQYJKoZIhvcNAQELBQADggEBADkZEnQQ6SgGwJTpGApS
mZKZeSXPY1+ZcPqs3waqlxfvCSVqvxwf/xaIH+wrA2ZjsEC/8O6BSipX6WfD7AXL
ZmX3dJ0gqqiw9R4I2rCgGZoy2imn1Xdi5/Z1Se2YIZ2MGIFq/GMnl4adqWoX2JVF
Zpl2wT8wcaw43UQ4J4wI9jzlnZCa+cZyWLxuwa0Kx/+i2F6U9zmoAB1hnz8IWOGb
yDd0THk4MwJ8WVsFrSUGJyoALLkgLvZwmDJppP1f26t5Lw4ApR5U8S3F18CuMeqC
1Rfr0fVkUeoMMZD8zcFqlv+sWFJRad2XtU3R6Y8PdcWcTx4JYOmXqCQKcrWrM0+5
/cY=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org