Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa
File:                     ae920ed2-97d5-458b-804a-81fcd6f09e97.roa (raw, json)
Hash identifier:          pV9SEWLES45/taZc6xeIn5yidGBhfmRRP6AIOd2Z+NM=
Subject key identifier:   7B:B9:38:11:CE:6A:AB:C2:86:83:BF:50:0B:D0:69:98:B2:24:DE:DA
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3712EBBC8DBD67D314A788C00E926DCA1880E892
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:7000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:12:eb:bc:8d:bd:67:d3:14:a7:88:c0:0e:92:6d:ca:18:80:e8:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=6879c12b1b1c5c90f3f7937bc36f0bf4ed8a9cb305748074c5c7333ef6b37ee2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8e:fa:41:84:92:9e:e2:c4:6d:e2:0a:40:52:
                    6f:e8:15:43:43:f8:b1:48:c7:5f:c3:a5:ff:28:29:
                    3e:7c:0c:aa:8f:66:37:18:ee:58:71:35:5b:02:15:
                    41:aa:9d:97:68:88:7b:6e:e1:b8:05:ab:38:7d:2a:
                    bb:6f:05:ba:1f:6d:7d:4f:54:86:f8:61:60:88:df:
                    7e:4e:f5:41:57:6b:b4:2b:0f:13:f4:fe:51:43:f0:
                    10:4a:b7:9c:91:94:e9:40:08:67:3c:6a:98:da:2a:
                    43:d0:e4:6b:e5:49:2b:74:53:59:45:29:b4:06:43:
                    7d:d7:5c:d9:d0:3f:5e:71:3b:6c:65:98:cd:c5:da:
                    aa:50:e4:1d:f4:e2:e9:c8:14:88:ef:26:bd:7f:8c:
                    bd:15:f4:43:b6:c8:7c:fc:55:61:b8:11:a3:17:16:
                    55:a4:85:65:a4:88:25:60:db:d2:d8:19:9c:43:fa:
                    99:30:51:dd:16:42:75:94:ab:c4:6b:b0:e3:03:39:
                    3b:02:91:92:8c:ce:d1:b8:ac:7e:72:ef:d1:ea:4c:
                    db:65:15:ef:d6:9b:7d:13:c2:6c:fb:95:73:88:e1:
                    ba:c1:61:4f:9e:8c:30:5c:35:26:8c:4a:3a:45:c5:
                    43:e5:59:13:d9:ba:61:2f:14:19:83:b6:81:b6:f1:
                    00:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:B9:38:11:CE:6A:AB:C2:86:83:BF:50:0B:D0:69:98:B2:24:DE:DA
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ae920ed2-97d5-458b-804a-81fcd6f09e97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:31:62:bf:0e:05:6b:22:aa:6e:6e:c8:05:19:21:3e:ce:d5:
         e0:be:a2:15:5d:00:9c:38:f3:88:ae:a7:a6:9b:1c:d8:c1:c2:
         6a:95:bd:1b:d2:72:4b:fe:38:ef:25:f6:09:60:f7:4f:08:bd:
         a3:0f:9d:a6:73:d2:02:a3:af:bc:51:51:61:2d:b9:99:2f:89:
         0f:21:c2:04:2f:81:6f:16:2b:5b:fe:d6:6e:1b:40:a5:64:a5:
         af:b5:4b:69:eb:cc:3c:74:d0:6d:e7:18:f2:a3:cd:2c:d6:a4:
         fd:47:db:8d:c9:b6:71:da:a2:ef:41:b0:b9:33:8a:d1:c9:b1:
         dc:55:df:e9:2c:65:0b:46:07:14:f7:4b:85:52:90:e2:83:19:
         2e:2b:48:42:19:85:e7:40:da:b0:6e:1d:0a:f5:5f:be:9b:c8:
         d8:d1:57:ac:8b:cb:67:8b:88:27:d6:64:e0:3a:83:45:34:c0:
         d8:93:8d:e3:48:d6:19:b0:68:3d:22:19:40:64:d5:f3:73:9d:
         41:c6:d8:16:70:1c:65:7e:70:1f:f2:7d:e3:f1:03:90:39:c5:
         11:c0:4f:66:78:fc:f0:37:00:97:20:25:b8:70:d1:05:87:f6:
         fb:09:e2:fd:ce:d8:b0:df:7a:3b:cf:be:a8:b0:2f:a7:db:3b:
         ea:43:80:68
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNxLrvI29Z9MUp4jADpJtyhiA6JIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNANjg3OWMxMmIxYjFjNWM5MGYzZjc5
MzdiYzM2ZjBiZjRlZDhhOWNiMzA1NzQ4MDc0YzVjNzMzM2VmNmIzN2VlMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwo76QYSSnuLEbeIKQFJv6BVDQ/ix
SMdfw6X/KCk+fAyqj2Y3GO5YcTVbAhVBqp2XaIh7buG4Bas4fSq7bwW6H219T1SG
+GFgiN9+TvVBV2u0Kw8T9P5RQ/AQSreckZTpQAhnPGqY2ipD0ORr5UkrdFNZRSm0
BkN911zZ0D9ecTtsZZjNxdqqUOQd9OLpyBSI7ya9f4y9FfRDtsh8/FVhuBGjFxZV
pIVlpIglYNvS2BmcQ/qZMFHdFkJ1lKvEa7DjAzk7ApGSjM7RuKx+cu/R6kzbZRXv
1pt9E8Js+5VziOG6wWFPnowwXDUmjEo6RcVD5VkT2bphLxQZg7aBtvEA3wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHu5OBHOaqvChoO/UAvQaZiyJN7aMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FlOTIwZWQyLTk3ZDUtNDU4Yi04MDRhLTgxZmNkNmYwOWU5Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/HAwDQYJKoZIhvcNAQELBQADggEBACwxYr8OBWsiqm5uyAUZ
IT7O1eC+ohVdAJw484iup6abHNjBwmqVvRvSckv+OO8l9glg908IvaMPnaZz0gKj
r7xRUWEtuZkviQ8hwgQvgW8WK1v+1m4bQKVkpa+1S2nrzDx00G3nGPKjzSzWpP1H
243JtnHaou9BsLkzitHJsdxV3+ksZQtGBxT3S4VSkOKDGS4rSEIZhedA2rBuHQr1
X76byNjRV6yLy2eLiCfWZOA6g0U0wNiTjeNI1hmwaD0iGUBk1fNznUHG2BZwHGV+
cB/yfePxA5A5xRHAT2Z4/PA3AJcgJbhw0QWH9vsJ4v3O2LDfejvPvqiwL6fbO+pD
gGg=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org