Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa
File:                     a8746c50-b2c6-438f-ad79-3b608da68b61.roa (raw, json)
Hash identifier:          R7cgfaarSoglQ83/VzPvhVwrd+jtuUyZMv5WY4qz6tk=
Subject key identifier:   A0:51:DE:1B:BC:6F:9A:41:F4:12:D8:D9:CA:82:0A:98:9B:C5:1D:B0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2D9D8A56B21C820B73FE65FB3E498191333DA56F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:9d:8a:56:b2:1c:82:0b:73:fe:65:fb:3e:49:81:91:33:3d:a5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=6ecd839c7c9652225035b3676196d5d9f02d4037f8d88b0af0583d5d682de029, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:43:40:a4:84:39:98:99:86:43:76:e8:f1:bf:
                    94:7c:26:30:b9:b3:c3:bc:06:66:27:8b:4f:72:b7:
                    c5:a1:fe:c2:4c:43:c9:26:cf:85:65:3f:4d:4e:76:
                    f8:ba:70:2c:09:6b:b0:84:fb:47:15:a3:77:c5:a3:
                    06:00:6c:d0:d1:6a:01:6b:ad:e9:74:9b:3c:04:2b:
                    c7:ca:97:b1:e1:48:a0:91:ed:f8:94:65:b0:d8:85:
                    fd:82:9e:60:6d:0f:dc:74:b9:c5:d1:cb:ab:69:e3:
                    1f:1b:df:ef:25:c9:ff:7d:48:16:0e:4e:b9:93:ca:
                    b2:39:be:19:32:6e:6b:89:86:bc:40:fc:04:07:7b:
                    0f:84:e1:e4:52:d0:b7:79:4d:5a:20:e9:77:0d:08:
                    64:8d:12:55:e9:51:26:8f:16:6a:39:5e:d2:e8:21:
                    e8:ab:02:b2:4b:0f:3a:b0:9c:37:1b:ae:1a:24:35:
                    ea:a2:97:25:d1:07:2f:ea:17:3c:db:26:ef:44:d3:
                    99:e0:e2:62:15:ee:20:95:a7:b4:54:aa:fe:81:28:
                    2d:4d:bc:d5:eb:e9:92:64:ab:65:df:e4:92:e2:b5:
                    62:c0:02:4b:18:32:1f:c2:36:05:fc:da:85:87:79:
                    f6:10:0e:06:39:78:44:f1:d5:f1:2d:13:5e:25:40:
                    08:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:51:DE:1B:BC:6F:9A:41:F4:12:D8:D9:CA:82:0A:98:9B:C5:1D:B0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a8746c50-b2c6-438f-ad79-3b608da68b61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         48:5e:30:bb:ef:de:eb:2d:d5:f1:e2:40:a6:af:e6:be:ff:67:
         96:e2:db:b5:7e:f1:1c:9c:75:1d:80:26:5a:79:06:15:f9:ff:
         7e:4c:21:6a:b4:89:56:6a:23:96:80:5e:66:13:ed:27:5e:bc:
         4a:77:e1:3c:0d:f7:17:66:8f:fd:da:df:3e:59:df:73:29:94:
         1a:4f:d7:e6:d8:f6:e6:5b:ce:3e:b5:3b:13:22:9e:f8:e4:28:
         41:d1:fd:38:c5:dd:d3:26:56:e3:64:c2:88:2c:e0:93:1f:d7:
         e3:62:86:8e:59:09:20:30:08:41:35:be:11:ed:b3:66:55:02:
         39:0e:07:0d:c2:5c:1a:04:05:dd:46:2b:21:af:41:30:2e:9f:
         bf:07:20:5e:44:4b:03:2b:36:9c:6e:47:84:78:07:35:3d:16:
         62:b2:f9:32:a0:4d:d2:a6:42:25:f1:d0:4b:70:f5:63:b0:f9:
         c8:bc:55:52:ed:42:4b:58:49:cf:04:d5:6e:23:3c:9a:e9:c8:
         23:21:46:c1:dc:b2:86:df:3d:2b:f8:61:b5:27:f8:42:37:46:
         15:41:76:37:17:5a:19:3f:af:0b:90:e0:94:4f:4b:6e:53:85:
         8e:d3:a7:3f:79:ca:12:51:d1:ea:a2:7d:86:c9:4a:24:35:c0:
         9b:a7:dd:78
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULZ2KVrIcggtz/mX7PkmBkTM9pW8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNANmVjZDgzOWM3Yzk2NTIyMjUwMzVi
MzY3NjE5NmQ1ZDlmMDJkNDAzN2Y4ZDg4YjBhZjA1ODNkNWQ2ODJkZTAyOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkNApIQ5mJmGQ3bo8b+UfCYwubPD
vAZmJ4tPcrfFof7CTEPJJs+FZT9NTnb4unAsCWuwhPtHFaN3xaMGAGzQ0WoBa63p
dJs8BCvHypex4Uigke34lGWw2IX9gp5gbQ/cdLnF0curaeMfG9/vJcn/fUgWDk65
k8qyOb4ZMm5riYa8QPwEB3sPhOHkUtC3eU1aIOl3DQhkjRJV6VEmjxZqOV7S6CHo
qwKySw86sJw3G64aJDXqopcl0Qcv6hc82ybvRNOZ4OJiFe4glae0VKr+gSgtTbzV
6+mSZKtl3+SS4rViwAJLGDIfwjYF/NqFh3n2EA4GOXhE8dXxLRNeJUAIKwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKBR3hu8b5pB9BLY2cqCCpibxR2wMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2E4NzQ2YzUwLWIyYzYtNDM4Zi1hZDc5LTNiNjA4ZGE2OGI2MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaGAwDQYJKoZIhvcNAQELBQADggEBAEheMLvv3ust1fHiQKav
5r7/Z5bi27V+8RycdR2AJlp5BhX5/35MIWq0iVZqI5aAXmYT7SdevEp34TwN9xdm
j/3a3z5Z33MplBpP1+bY9uZbzj61OxMinvjkKEHR/TjF3dMmVuNkwogs4JMf1+Ni
ho5ZCSAwCEE1vhHts2ZVAjkOBw3CXBoEBd1GKyGvQTAun78HIF5ESwMrNpxuR4R4
BzU9FmKy+TKgTdKmQiXx0Etw9WOw+ci8VVLtQktYSc8E1W4jPJrpyCMhRsHcsobf
PSv4YbUn+EI3RhVBdjcXWhk/rwuQ4JRPS25ThY7Tpz95yhJR0eqifYbJSiQ1wJun
3Xg=
-----END CERTIFICATE-----
Generated at Mon Jun 24 01:28:15 2024 by rpki-client on console-ams.rpki-client.org