Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a43b74f5-9892-450a-af1e-3dfde7877fa2.roa
File:                     a43b74f5-9892-450a-af1e-3dfde7877fa2.roa (raw, json)
Hash identifier:          oOIm8s4MuGJqoa7qmNQPUZS18rjrR5jG6SvmUwWM1XM=
Subject key identifier:   5F:E3:A9:AF:FE:3A:19:6F:7D:5D:1F:E2:37:D7:1D:B6:1F:E7:02:A8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       18262FAFB697BFB9B13A5DA92FEE9CA5025D220C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a43b74f5-9892-450a-af1e-3dfde7877fa2.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:c800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:26:2f:af:b6:97:bf:b9:b1:3a:5d:a9:2f:ee:9c:a5:02:5d:22:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=7bac6f70031eeda45b603d34e37fec93cedd7b2818e52e32b4f6612e4c7a7246, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:96:9a:6c:b0:f3:93:e8:e2:69:33:ca:f0:13:
                    60:64:68:af:a9:34:53:ea:5f:bf:bd:c6:4c:61:da:
                    81:e9:c1:1c:14:91:f3:0a:7c:9d:4b:a3:64:25:35:
                    f8:50:f7:7a:bc:a2:df:79:0c:99:bb:f7:a4:34:13:
                    38:22:b9:55:bb:ff:76:0f:54:74:75:91:e5:9a:a8:
                    d5:b6:dd:82:87:78:ce:86:43:59:f4:51:43:1a:93:
                    08:50:31:24:84:1d:83:cf:7f:38:03:8a:13:a0:97:
                    9c:4f:a6:86:17:3c:26:98:4f:03:e7:8a:91:91:69:
                    bb:47:fe:73:1c:f5:66:82:fd:f1:3c:74:b9:07:f4:
                    4b:0a:ba:49:f2:20:37:ea:2a:2c:b2:12:07:00:e7:
                    cc:96:c8:89:e6:ca:a7:db:8a:29:e9:7e:f3:3a:5c:
                    8d:3f:d4:7d:d9:29:b6:d0:ee:fe:66:a2:c0:4c:88:
                    2a:a2:a8:85:83:b0:9f:5e:70:3d:d7:04:73:b3:20:
                    f4:97:fa:67:a6:53:da:72:35:c8:6e:9d:b3:73:87:
                    26:cb:33:08:52:cb:79:70:44:5e:f8:c1:d6:7d:fa:
                    79:67:e0:7c:31:6e:27:da:eb:4a:4e:7f:7a:01:66:
                    6b:6b:5a:40:d9:5f:36:56:ae:3a:36:82:51:c9:b5:
                    87:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E3:A9:AF:FE:3A:19:6F:7D:5D:1F:E2:37:D7:1D:B6:1F:E7:02:A8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a43b74f5-9892-450a-af1e-3dfde7877fa2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:6d:4d:3a:5b:10:b9:06:3a:5a:e6:f7:10:4f:46:0f:7b:65:
         fa:63:f8:7a:78:31:d0:ea:d3:b1:c0:e8:19:3b:5e:2c:6a:b5:
         d7:f0:1c:af:75:4c:2c:7b:75:62:72:41:96:c1:f7:b1:83:d6:
         58:e0:ed:f2:8a:11:74:11:32:ec:b3:17:08:87:37:bc:7f:68:
         49:92:b4:40:53:7b:e6:ff:aa:23:8e:14:2a:c1:d6:bc:7d:26:
         a0:a6:95:0c:3d:de:1a:b6:28:11:34:db:fe:80:6f:4c:30:27:
         e7:cf:dc:51:fc:45:96:37:71:76:a1:7c:c4:cf:f5:e8:e4:90:
         22:01:7e:0d:73:62:70:8b:d9:82:ff:f9:f5:58:f3:21:a2:24:
         6b:4b:0a:51:a8:4c:42:e3:f2:56:cc:e2:6d:a8:d4:d5:4e:64:
         b5:9c:36:0d:e7:0c:9f:05:33:c6:de:d5:a2:18:3b:42:a4:af:
         18:47:2a:bd:f4:6b:31:26:88:be:b5:9d:23:9a:63:90:8f:d4:
         e5:24:e5:0f:84:9e:83:d0:d2:6d:52:1c:de:eb:9a:9b:e0:4a:
         7b:38:d9:84:cb:62:79:6d:43:e5:d1:3e:d0:ef:61:ba:2c:ff:
         1b:a2:d4:e9:b6:2d:f7:6b:01:63:d3:3f:5f:1b:0b:34:80:64:
         8f:b5:bb:2d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUGCYvr7aXv7mxOl2pL+6cpQJdIgwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNAN2JhYzZmNzAwMzFlZWRhNDViNjAz
ZDM0ZTM3ZmVjOTNjZWRkN2IyODE4ZTUyZTMyYjRmNjYxMmU0YzdhNzI0NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0paabLDzk+jiaTPK8BNgZGivqTRT
6l+/vcZMYdqB6cEcFJHzCnydS6NkJTX4UPd6vKLfeQyZu/ekNBM4IrlVu/92D1R0
dZHlmqjVtt2Ch3jOhkNZ9FFDGpMIUDEkhB2Dz384A4oToJecT6aGFzwmmE8D54qR
kWm7R/5zHPVmgv3xPHS5B/RLCrpJ8iA36iosshIHAOfMlsiJ5sqn24op6X7zOlyN
P9R92Sm20O7+ZqLATIgqoqiFg7CfXnA91wRzsyD0l/pnplPacjXIbp2zc4cmyzMI
Ust5cERe+MHWffp5Z+B8MW4n2utKTn96AWZra1pA2V82Vq46NoJRybWHGQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFF/jqa/+OhlvfV0f4jfXHbYf5wKoMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2E0M2I3NGY1LTk4OTItNDUwYS1hZjFlLTNkZmRlNzg3N2ZhMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaacgwDQYJKoZIhvcNAQELBQADggEBAFFtTTpbELkGOlrm9xBP
Rg97Zfpj+Hp4MdDq07HA6Bk7XixqtdfwHK91TCx7dWJyQZbB97GD1ljg7fKKEXQR
MuyzFwiHN7x/aEmStEBTe+b/qiOOFCrB1rx9JqCmlQw93hq2KBE02/6Ab0wwJ+fP
3FH8RZY3cXahfMTP9ejkkCIBfg1zYnCL2YL/+fVY8yGiJGtLClGoTELj8lbM4m2o
1NVOZLWcNg3nDJ8FM8be1aIYO0KkrxhHKr30azEmiL61nSOaY5CP1OUk5Q+EnoPQ
0m1SHN7rmpvgSns42YTLYnltQ+XRPtDvYbos/xui1Om2LfdrAWPTP18bCzSAZI+1
uy0=
-----END CERTIFICATE-----
Generated at Sun Jun 16 00:53:14 2024 by rpki-client on console-fra.rpki-client.org