Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa
File:                     ae920ed2-97d5-458b-804a-81fcd6f09e97.roa (raw, json)
Hash identifier:          ljJFFFaOcAbz7gWgocoS7DH0Rp3STC/ggs11ssbtRs8=
Subject key identifier:   07:58:61:2D:1F:72:2E:E1:44:71:CE:CF:B8:2B:53:1E:83:47:9C:A4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       04EBD2800EF1E47137022E7F724128B7938176EB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa
Signing time:             Mon 27 Mar 2023 00:00:00 +0000
ROA not before:           Mon 27 Mar 2023 00:00:00 +0000
ROA not after:            Mon 01 May 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:7000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 28 Mar 2023 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:eb:d2:80:0e:f1:e4:71:37:02:2e:7f:72:41:28:b7:93:81:76:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 27 00:00:00 2023 GMT
            Not After : May  1 23:59:59 2023 GMT
        Subject: serialNumber=0a4e18931edb3098bc0ab1cbec53e11d82b6040a61ff8f18cad270399aa7f986, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:cb:f7:80:6c:44:bf:d9:3c:be:3a:58:c5:6b:
                    2e:5e:5f:fc:20:e4:0e:fa:02:69:5f:7f:88:3d:17:
                    57:e2:c9:a1:c0:ff:04:b5:0e:b2:cb:5b:a5:c5:ea:
                    83:58:5d:c0:96:60:a8:08:3e:0c:b6:6d:d7:ad:4a:
                    25:e5:9c:bb:df:30:bf:41:f6:77:b6:29:e0:ec:51:
                    d6:56:e0:e5:2a:c7:ae:9b:55:f0:7c:a7:00:7b:d3:
                    3e:5c:20:ac:f5:77:55:5f:20:85:09:17:64:54:d7:
                    a1:ef:e5:b8:46:27:ed:93:9a:17:9d:c5:dd:7c:81:
                    ce:1d:8e:fb:68:9a:35:92:f9:eb:5d:be:be:1a:d9:
                    0f:a3:44:ce:24:6e:f1:63:74:51:91:9a:e8:87:c4:
                    1c:e6:3b:13:c8:63:83:3b:a8:ca:54:37:16:32:1e:
                    73:8c:6d:c9:fe:0c:b1:d7:09:26:bb:0b:9d:d4:0b:
                    4f:0f:19:f7:ba:ef:1a:92:1c:15:e5:c8:e6:41:7f:
                    8e:8b:0a:2c:5e:54:15:3b:e4:47:f7:d6:cd:85:9d:
                    7b:47:4c:9b:b7:2d:21:c3:05:77:a3:63:e1:bc:d9:
                    9e:e4:0d:9b:72:3c:af:c8:68:6a:56:42:8c:db:20:
                    a1:3f:24:17:d6:a9:be:a9:b3:49:28:38:af:f6:17:
                    a5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                07:58:61:2D:1F:72:2E:E1:44:71:CE:CF:B8:2B:53:1E:83:47:9C:A4
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a9:96:87:4b:07:f7:ef:10:83:b7:c7:c7:e5:6b:20:92:ee:75:
         ba:8d:87:15:f9:44:9f:f8:6c:01:e6:c4:5c:ff:d9:d4:35:5d:
         82:89:4c:34:1f:19:14:5f:bf:42:fa:12:8f:99:9a:94:14:71:
         d8:a6:93:3d:25:63:c7:93:cf:8f:bd:ee:d0:f7:92:34:3c:31:
         a9:e2:58:da:39:4c:4a:db:5d:38:05:22:74:aa:10:a1:69:bf:
         66:f5:a4:9c:e6:e7:42:44:fa:10:4a:61:61:37:d3:d1:41:81:
         c2:ab:dd:57:52:2b:4f:1f:82:71:93:17:60:9a:a8:38:8f:2e:
         c0:32:66:2d:28:11:8e:73:f2:d0:38:3a:08:f8:05:a4:76:f5:
         5c:e3:b9:af:c1:b4:dd:7e:3a:67:60:58:7f:a8:d8:65:8a:6e:
         36:ea:69:8d:35:33:0d:d8:33:79:28:ba:0c:2c:6d:30:b8:99:
         6b:9f:bd:ed:36:49:5f:18:b8:4c:90:10:72:fe:b3:35:3d:30:
         ef:c8:dd:e2:3c:32:38:63:d2:64:cc:d8:c7:1e:e9:ea:5d:67:
         3c:25:3e:68:2a:bd:c9:93:1a:e9:88:5a:28:fe:fa:bd:27:30:
         80:68:dd:bd:3e:a0:bd:0e:41:c4:d3:61:0e:b8:95:8c:82:a0:
         e6:64:ff:f5
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUBOvSgA7x5HE3Ai5/ckEot5OBduswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMyNzAwMDAwMFoX
DTIzMDUwMTIzNTk1OVowgaUxSTBHBgNVBAUTQDBhNGUxODkzMWVkYjMwOThiYzBh
YjFjYmVjNTNlMTFkODJiNjA0MGE2MWZmOGYxOGNhZDI3MDM5OWFhN2Y5ODYxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTy/eAbES/2Ty+OljFay5eX/wg5A76Amlf
f4g9F1fiyaHA/wS1DrLLW6XF6oNYXcCWYKgIPgy2bdetSiXlnLvfML9B9ne2KeDs
UdZW4OUqx66bVfB8pwB70z5cIKz1d1VfIIUJF2RU16Hv5bhGJ+2Tmhedxd18gc4d
jvtomjWS+etdvr4a2Q+jRM4kbvFjdFGRmuiHxBzmOxPIY4M7qMpUNxYyHnOMbcn+
DLHXCSa7C53UC08PGfe67xqSHBXlyOZBf46LCixeVBU75Ef31s2FnXtHTJu3LSHD
BXejY+G82Z7kDZtyPK/IaGpWQozbIKE/JBfWqb6ps0koOK/2F6WZAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUB1hhLR9yLuFEcc7PuCtTHoNHnKQwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvYWU5
MjBlZDItOTdkNS00NThiLTgwNGEtODFmY2Q2ZjA5ZTk3LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtr8cDANBgkqhkiG9w0BAQsFAAOCAQEAqZaHSwf37xCDt8fH5Wsgku51
uo2HFflEn/hsAebEXP/Z1DVdgolMNB8ZFF+/QvoSj5malBRx2KaTPSVjx5PPj73u
0PeSNDwxqeJY2jlMSttdOAUidKoQoWm/ZvWknObnQkT6EEphYTfT0UGBwqvdV1Ir
Tx+CcZMXYJqoOI8uwDJmLSgRjnPy0Dg6CPgFpHb1XOO5r8G03X46Z2BYf6jYZYpu
NuppjTUzDdgzeSi6DCxtMLiZa5+97TZJXxi4TJAQcv6zNT0w78jd4jwyOGPSZMzY
xx7p6l1nPCU+aCq9yZMa6YhaKP76vScwgGjdvT6gvQ5BxNNhDriVjIKg5mT/9Q==
-----END CERTIFICATE-----
Generated at Mon Mar 27 00:26:57 2023 by rpki-client on console-fra.rpki-client.org