Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa
File:                     a8746c50-b2c6-438f-ad79-3b608da68b61.roa (raw, json)
Hash identifier:          mA6FeWekQfz1tdZOyZvHNkuH0l4I9zZRiibV9eTJUCo=
Subject key identifier:   EC:63:81:7F:78:C9:66:BD:1B:FA:27:61:EE:04:43:16:7D:DB:5C:76
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1ABD37B782C0DB8DFB014D2862CB300715ABD11E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa
Signing time:             Wed 01 Mar 2023 00:00:00 +0000
ROA not before:           Wed 01 Mar 2023 00:00:00 +0000
ROA not after:            Wed 05 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 16 Mar 2023 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:bd:37:b7:82:c0:db:8d:fb:01:4d:28:62:cb:30:07:15:ab:d1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar  1 00:00:00 2023 GMT
            Not After : Apr  5 23:59:59 2023 GMT
        Subject: serialNumber=7dd60864c3c3fa815368ece6b00bd9dc4cee74452e423aa70a7cc6e8a83f3b53, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ae:c2:5f:93:0b:0f:91:f0:af:2c:0c:cd:09:
                    d5:30:4e:bb:89:cd:ed:c4:3c:c5:06:c7:49:67:b0:
                    92:c8:d4:00:eb:b8:ea:42:1d:a3:ba:11:30:47:26:
                    b4:3d:82:15:1d:55:2e:ac:39:dc:74:67:d3:c9:2d:
                    f2:bc:d0:fd:5c:21:0c:f3:3d:05:16:13:24:d1:ac:
                    7d:86:84:3d:7c:4b:b7:68:be:94:0c:79:bd:ea:4f:
                    b5:9c:b3:7b:7f:ed:96:a7:44:85:d0:06:cc:63:6e:
                    60:7b:07:b5:d6:3d:e2:73:eb:3e:1f:f3:41:67:f4:
                    ac:b5:78:8e:1c:98:60:2d:d9:83:bb:59:48:9b:df:
                    1b:13:7c:ac:a0:66:65:0b:26:71:6a:bf:00:3e:4e:
                    20:1a:36:91:3f:7f:31:d4:5b:93:14:3a:0b:71:d1:
                    2c:fe:dc:6a:8b:31:c0:e9:72:e0:aa:cf:11:60:25:
                    2a:97:ad:f8:4c:c6:9f:64:35:a1:3e:80:6d:1b:10:
                    5e:75:44:6d:64:63:2e:03:76:ff:97:bd:68:de:58:
                    e3:e8:66:53:11:8e:96:cf:b0:cf:ca:ae:15:06:0a:
                    ed:59:86:c5:07:b9:63:e2:11:b5:a4:4b:66:ad:63:
                    93:3a:e9:d2:87:f3:ff:b0:ae:a2:85:f7:eb:29:4f:
                    a5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                EC:63:81:7F:78:C9:66:BD:1B:FA:27:61:EE:04:43:16:7D:DB:5C:76
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9e:42:d2:41:e7:ad:8a:80:3e:67:29:ef:cc:31:21:b1:e9:5b:
         fb:ed:fd:d7:73:29:35:6e:0a:bd:97:29:cb:92:28:1d:b5:96:
         5d:65:dd:e7:80:f4:c9:b1:08:4e:8a:0a:8b:53:82:0e:7c:34:
         af:d1:35:93:94:35:ae:7c:98:e1:6c:66:85:cd:4c:b7:45:98:
         fc:0b:9b:fb:fc:ad:68:57:25:6a:7b:07:71:da:f8:e3:1d:4e:
         6b:bc:ee:11:d8:bd:ad:9b:30:1a:81:87:d5:26:66:ce:55:2c:
         98:c3:7c:0b:ff:a4:73:91:fd:3c:59:9c:54:f8:2c:3b:f8:eb:
         3c:1f:b2:2d:22:2f:77:d9:52:d5:18:e8:fc:ac:32:88:5a:c6:
         b0:f9:ec:6f:73:23:09:98:c5:10:79:2a:a9:92:b0:b2:b9:4d:
         8a:3f:a7:fa:bb:f0:77:21:52:fd:27:e0:1d:ef:b1:05:6d:79:
         4e:00:e7:c7:a8:1b:d6:4f:33:2b:8a:64:a5:61:48:18:1d:ed:
         54:18:b1:d6:70:49:2c:5d:cf:39:e6:a9:7f:08:94:d3:db:e0:
         ed:19:64:71:51:ff:59:01:a9:f4:6d:8b:cd:74:9a:1e:e8:d3:
         63:7f:ee:1c:01:b4:5f:29:b6:3c:c0:33:fb:f0:30:fa:92:d4:
         ee:71:6b:e9
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUGr03t4LA2437AU0oYsswBxWr0R4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMwMTAwMDAwMFoX
DTIzMDQwNTIzNTk1OVowgaUxSTBHBgNVBAUTQDdkZDYwODY0YzNjM2ZhODE1MzY4
ZWNlNmIwMGJkOWRjNGNlZTc0NDUyZTQyM2FhNzBhN2NjNmU4YTgzZjNiNTMxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1rsJfkwsPkfCvLAzNCdUwTruJze3EPMUG
x0lnsJLI1ADruOpCHaO6ETBHJrQ9ghUdVS6sOdx0Z9PJLfK80P1cIQzzPQUWEyTR
rH2GhD18S7dovpQMeb3qT7Wcs3t/7ZanRIXQBsxjbmB7B7XWPeJz6z4f80Fn9Ky1
eI4cmGAt2YO7WUib3xsTfKygZmULJnFqvwA+TiAaNpE/fzHUW5MUOgtx0Sz+3GqL
McDpcuCqzxFgJSqXrfhMxp9kNaE+gG0bEF51RG1kYy4Ddv+XvWjeWOPoZlMRjpbP
sM/KrhUGCu1ZhsUHuWPiEbWkS2atY5M66dKH8/+wrqKF9+spT6W1AgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQU7GOBf3jJZr0b+idh7gRDFn3bXHYwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvYTg3
NDZjNTAtYjJjNi00MzhmLWFkNzktM2I2MDhkYTY4YjYxLnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtpoYDANBgkqhkiG9w0BAQsFAAOCAQEAnkLSQeetioA+ZynvzDEhselb
++3913MpNW4KvZcpy5IoHbWWXWXd54D0ybEITooKi1OCDnw0r9E1k5Q1rnyY4Wxm
hc1Mt0WY/Aub+/ytaFclansHcdr44x1Oa7zuEdi9rZswGoGH1SZmzlUsmMN8C/+k
c5H9PFmcVPgsO/jrPB+yLSIvd9lS1Rjo/KwyiFrGsPnsb3MjCZjFEHkqqZKwsrlN
ij+n+rvwdyFS/SfgHe+xBW15TgDnx6gb1k8zK4pkpWFIGB3tVBix1nBJLF3POeap
fwiU09vg7RlkcVH/WQGp9G2LzXSaHujTY3/uHAG0Xym2PMAz+/Aw+pLU7nFr6Q==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:52:18 2023 by rpki-client on console-fra.rpki-client.org