Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa
File:                     ae920ed2-97d5-458b-804a-81fcd6f09e97.roa (raw, json)
Hash identifier:          aa/KAETn80nv6gbLM6aZVTqTXjUDlQlJ9snKJzOTE/w=
Subject key identifier:   BF:E7:18:89:E5:6A:D4:FB:B4:9C:2E:35:D1:97:10:A3:30:F0:C2:86
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7EF8D6108D601EBB97D53282A664C991FFCD1DE9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:7000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:f8:d6:10:8d:60:1e:bb:97:d5:32:82:a6:64:c9:91:ff:cd:1d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=e82c66f649e27315e7510da2a0139c26f8baf7353a6bd6b4beeff034239b54a3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:08:10:56:36:a1:19:63:af:75:68:d7:5f:97:
                    26:e0:ee:4c:a2:ec:fc:07:87:51:70:14:28:ca:6a:
                    cd:8d:60:31:be:ea:db:17:7f:03:0b:b4:af:50:22:
                    25:b8:5f:97:8d:2f:e9:24:78:af:7a:2a:e5:bd:91:
                    6d:55:46:f8:8f:a8:47:e8:c5:44:c9:e0:ad:c6:a6:
                    a1:60:6a:09:d7:64:0f:f7:da:14:e6:eb:70:97:e5:
                    55:97:95:1c:06:04:c0:bb:ff:8c:69:7b:88:6e:71:
                    23:48:4a:60:b6:b3:74:55:6f:68:59:42:b5:d7:e5:
                    0f:69:20:1a:b7:ab:a6:15:c7:9c:a8:b8:86:0a:b9:
                    00:27:17:1d:3c:aa:66:05:c6:d5:25:75:4f:f4:2f:
                    68:df:44:9e:bd:0e:3e:ce:9e:86:4c:19:79:11:7a:
                    7b:d1:71:e7:77:0f:a5:19:f2:22:56:1b:2b:ac:2e:
                    a8:a2:4c:45:f8:ba:23:cf:55:25:eb:1e:33:55:b5:
                    9e:58:a8:f4:01:d5:ee:00:ea:a2:82:ae:d2:e9:a5:
                    85:82:4c:1c:23:28:b3:05:c8:51:8a:bf:56:a7:7b:
                    16:c1:4c:74:98:c5:18:e8:70:d0:f6:45:a1:8f:93:
                    21:e7:ce:d1:8e:47:8b:ff:1b:4e:a0:6f:7f:31:cb:
                    e5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E7:18:89:E5:6A:D4:FB:B4:9C:2E:35:D1:97:10:A3:30:F0:C2:86
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:55:7f:65:71:7d:42:f3:07:5d:a9:83:f1:2d:06:f9:18:89:
         7a:ac:cd:5c:e9:aa:46:1f:9e:9d:00:9c:35:27:05:0b:2a:4f:
         e5:49:5d:22:0b:fd:cb:b7:20:d2:35:9c:82:4e:b9:9b:53:11:
         41:32:f8:c1:13:f9:78:e8:bc:7c:55:37:22:1f:e4:58:ff:2c:
         1a:89:90:09:df:b5:4d:88:0c:c5:d4:10:ad:eb:c6:9e:5a:14:
         b0:10:43:2d:ff:d1:b9:94:ce:9f:f0:3f:20:ec:1d:6f:70:8d:
         7d:08:ad:5a:6f:bf:f4:c6:05:68:6b:c8:7f:df:ed:8b:de:20:
         ab:9b:22:89:b8:43:73:07:cd:03:c6:5b:7c:97:9a:19:44:a4:
         8b:25:e1:ee:ac:91:18:4e:e7:69:d2:fa:de:65:be:54:ea:87:
         cd:1d:53:a0:bf:37:f7:32:2b:e9:28:8f:d0:f4:00:e7:c3:7b:
         d3:49:4b:67:bd:df:7a:3a:89:c9:ba:30:50:58:7e:44:f8:e2:
         79:66:dd:60:8c:81:b5:a6:09:00:bc:c5:e6:96:53:48:b2:2c:
         69:a7:1c:3a:fc:84:8b:85:c8:d2:26:64:51:87:94:2e:73:75:
         28:a3:b9:ce:36:a0:2e:73:d3:9c:53:c3:c8:1d:cb:0c:f3:29:
         21:5b:20:21
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUfvjWEI1gHruX1TKCpmTJkf/NHekwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAZTgyYzY2ZjY0OWUyNzMxNWU3NTEw
ZGEyYTAxMzljMjZmOGJhZjczNTNhNmJkNmI0YmVlZmYwMzQyMzliNTRhMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoggQVjahGWOvdWjXX5cm4O5Mouz8
B4dRcBQoymrNjWAxvurbF38DC7SvUCIluF+XjS/pJHiveirlvZFtVUb4j6hH6MVE
yeCtxqahYGoJ12QP99oU5utwl+VVl5UcBgTAu/+MaXuIbnEjSEpgtrN0VW9oWUK1
1+UPaSAat6umFcecqLiGCrkAJxcdPKpmBcbVJXVP9C9o30SevQ4+zp6GTBl5EXp7
0XHndw+lGfIiVhsrrC6ookxF+Lojz1Ul6x4zVbWeWKj0AdXuAOqigq7S6aWFgkwc
IyizBchRir9Wp3sWwUx0mMUY6HDQ9kWhj5Mh587RjkeL/xtOoG9/McvlDQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL/nGInlatT7tJwuNdGXEKMw8MKGMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FlOTIwZWQyLTk3ZDUtNDU4Yi04MDRhLTgxZmNkNmYwOWU5Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/HAwDQYJKoZIhvcNAQELBQADggEBAMNVf2VxfULzB12pg/Et
BvkYiXqszVzpqkYfnp0AnDUnBQsqT+VJXSIL/cu3INI1nIJOuZtTEUEy+MET+Xjo
vHxVNyIf5Fj/LBqJkAnftU2IDMXUEK3rxp5aFLAQQy3/0bmUzp/wPyDsHW9wjX0I
rVpvv/TGBWhryH/f7YveIKubIom4Q3MHzQPGW3yXmhlEpIsl4e6skRhO52nS+t5l
vlTqh80dU6C/N/cyK+koj9D0AOfDe9NJS2e933o6icm6MFBYfkT44nlm3WCMgbWm
CQC8xeaWU0iyLGmnHDr8hIuFyNImZFGHlC5zdSijuc42oC5z05xTw8gdywzzKSFb
ICE=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:05:27 2024 by rpki-client on console-ams.rpki-client.org