Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/aa0d983a-95e1-4b43-a953-b6dc2c882c45.roa
File:                     aa0d983a-95e1-4b43-a953-b6dc2c882c45.roa (raw, json)
Hash identifier:          xUEQMGbsF68F6+IvZyAp5qxrRC5es50OvKN7rx4w9NQ=
Subject key identifier:   59:83:46:C4:1D:67:B9:9C:B7:29:8E:D1:5E:D5:FD:A0:93:6B:DE:7C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6ECB2443538372A6DA6CF72B2A494EA2EF04A636
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/aa0d983a-95e1-4b43-a953-b6dc2c882c45.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:cb:24:43:53:83:72:a6:da:6c:f7:2b:2a:49:4e:a2:ef:04:a6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=97083043a5bb6444b48d15a1c4dcaedab2b1c199c721222ca0e07c073fc25184, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:64:14:08:61:f6:30:09:6d:4c:be:19:49:81:
                    fb:a5:84:fa:6a:d1:4a:a2:e6:80:9b:17:88:eb:8e:
                    ba:af:21:4c:95:1e:9d:2b:3a:75:09:f0:51:85:63:
                    9b:3d:33:21:67:1d:75:a1:10:c3:ac:bf:99:46:13:
                    b9:a6:34:5a:99:3b:a6:84:ea:36:62:38:61:dd:b9:
                    52:1b:d9:63:5a:cc:6d:4d:b3:a4:b3:14:25:ec:b4:
                    09:78:18:9b:94:00:00:f9:3d:a7:0a:8f:a2:6c:21:
                    b0:9a:92:49:58:ca:b6:10:ae:1b:03:c0:c3:9f:a0:
                    46:22:16:bb:9d:ba:e3:7b:86:ee:8b:b7:a5:79:4c:
                    0c:dd:1c:9f:60:61:a9:6b:e0:dd:4b:6e:91:b1:8d:
                    66:c5:f7:e7:49:5b:37:60:b9:c3:35:32:1a:2d:d0:
                    8d:4e:2e:93:9f:0f:7c:d2:a9:68:6f:67:05:eb:3f:
                    f5:ac:32:1f:cb:da:d3:2d:98:64:f1:9b:c7:e2:fd:
                    0f:92:b7:eb:4b:dd:ad:56:10:da:e6:70:51:15:e5:
                    a3:55:5d:0e:34:11:e0:83:79:bc:7a:56:b7:f4:69:
                    00:14:fc:bc:12:77:40:12:22:47:49:09:de:53:28:
                    5c:db:f4:d2:df:b6:d3:02:85:a0:ee:7b:6d:90:33:
                    18:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:83:46:C4:1D:67:B9:9C:B7:29:8E:D1:5E:D5:FD:A0:93:6B:DE:7C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/aa0d983a-95e1-4b43-a953-b6dc2c882c45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b7:27:74:9b:00:31:91:1b:80:13:10:b3:17:6e:7e:07:3e:ce:
         cf:d5:f1:de:dd:fa:7f:c5:58:95:59:cd:a8:3b:9f:75:cb:ae:
         ce:15:0e:73:89:41:fb:bf:3f:71:25:d5:a7:11:a0:50:8c:38:
         f4:3e:c7:23:e2:2c:cc:36:41:d1:56:d8:7e:ac:eb:4c:d8:7e:
         65:c6:d3:6b:f1:c6:15:c4:0d:67:d3:d0:81:8f:fb:63:d8:ee:
         5b:75:0f:db:8c:1b:b5:19:01:05:b6:7d:a7:c8:f0:92:8c:dd:
         51:8a:d5:cd:52:12:e5:92:70:22:f2:30:e2:38:ba:d0:06:f8:
         99:89:db:62:59:21:2f:2c:29:76:e8:76:cf:19:f1:20:8a:77:
         35:cc:db:71:5a:d2:83:00:d1:98:76:3b:74:48:4a:26:06:97:
         41:b9:40:7b:0f:4c:d6:54:f5:a6:b7:98:e5:64:23:08:a9:3d:
         ac:6c:1b:45:f6:79:b6:84:24:d3:52:55:f7:31:28:a9:a0:e2:
         5c:09:65:45:1f:5f:90:c8:50:6d:ae:da:81:e3:06:4e:17:0a:
         92:b4:af:88:9b:82:be:f4:2d:f1:da:a7:10:a5:92:1b:80:3d:
         57:5f:64:0e:ed:c4:d9:9e:99:8d:d1:06:eb:f8:08:6c:f3:b1:
         10:94:58:9c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbsskQ1ODcqbabPcrKklOou8EpjYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAOTcwODMwNDNhNWJiNjQ0NGI0OGQx
NWExYzRkY2FlZGFiMmIxYzE5OWM3MjEyMjJjYTBlMDdjMDczZmMyNTE4NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02QUCGH2MAltTL4ZSYH7pYT6atFK
ouaAmxeI6466ryFMlR6dKzp1CfBRhWObPTMhZx11oRDDrL+ZRhO5pjRamTumhOo2
Yjhh3blSG9ljWsxtTbOksxQl7LQJeBiblAAA+T2nCo+ibCGwmpJJWMq2EK4bA8DD
n6BGIha7nbrje4bui7eleUwM3RyfYGGpa+DdS26RsY1mxffnSVs3YLnDNTIaLdCN
Ti6Tnw980qlob2cF6z/1rDIfy9rTLZhk8ZvH4v0PkrfrS92tVhDa5nBRFeWjVV0O
NBHgg3m8ela39GkAFPy8EndAEiJHSQneUyhc2/TS37bTAoWg7nttkDMYPwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFmDRsQdZ7mctymO0V7V/aCTa958MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FhMGQ5ODNhLTk1ZTEtNGI0My1hOTUzLWI2ZGMyYzg4MmM0NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba96AwDQYJKoZIhvcNAQELBQADggEBALcndJsAMZEbgBMQsxdu
fgc+zs/V8d7d+n/FWJVZzag7n3XLrs4VDnOJQfu/P3El1acRoFCMOPQ+xyPiLMw2
QdFW2H6s60zYfmXG02vxxhXEDWfT0IGP+2PY7lt1D9uMG7UZAQW2fafI8JKM3VGK
1c1SEuWScCLyMOI4utAG+JmJ22JZIS8sKXbods8Z8SCKdzXM23Fa0oMA0Zh2O3RI
SiYGl0G5QHsPTNZU9aa3mOVkIwipPaxsG0X2ebaEJNNSVfcxKKmg4lwJZUUfX5DI
UG2u2oHjBk4XCpK0r4ibgr70LfHapxClkhuAPVdfZA7txNmemY3RBuv4CGzzsRCU
WJw=
-----END CERTIFICATE-----
Generated at Fri Jun 14 01:28:02 2024 by rpki-client on console-ams.rpki-client.org