Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af674e28-8a6b-4881-bc24-1bd1d459637c.roa
File:                     af674e28-8a6b-4881-bc24-1bd1d459637c.roa (raw, json)
Hash identifier:          2ywhoZmygvnWqhfNIDIj5ze9ad0eK8zU5j3o5ypEAno=
Subject key identifier:   68:CB:5C:15:E7:1D:28:54:7C:FE:5B:56:DE:91:53:FF:73:24:B6:A0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       12D9F3CFE9BFA927E55C71D09A88D840BD8B143A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af674e28-8a6b-4881-bc24-1bd1d459637c.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daa0:a000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:d9:f3:cf:e9:bf:a9:27:e5:5c:71:d0:9a:88:d8:40:bd:8b:14:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=abbb1dbd49412d9b82888db6b46b5d69d0f6e64ad04a1e0139e0d4f79a6f1ef6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:44:a8:5d:6b:21:10:f3:7b:a0:60:e3:ef:63:
                    85:83:97:d0:f9:42:3b:f6:b1:fb:b9:db:0e:d5:0a:
                    09:02:9e:47:ca:c6:d7:48:db:9e:c6:ec:98:5f:38:
                    d0:67:27:84:4d:ff:74:56:0a:ef:26:ec:c8:16:29:
                    5b:c6:73:63:00:8c:f8:26:98:d5:06:2e:4f:33:a1:
                    f2:69:67:5e:75:91:ae:bc:a8:ca:e4:f1:cb:64:52:
                    1f:72:d2:07:c8:43:92:46:c9:25:d9:b4:8b:71:7a:
                    a2:9d:66:b6:0b:dc:76:45:64:26:9f:2f:cd:0f:04:
                    f6:04:c8:f8:67:72:01:93:17:f2:78:d8:94:2d:6c:
                    f2:95:46:43:dc:6f:9a:48:4d:2c:4c:62:82:93:ff:
                    57:f1:8d:49:ca:72:b1:14:7f:0d:10:62:af:bc:ef:
                    99:78:30:96:d9:84:6a:5a:60:6d:4e:e3:14:95:ff:
                    fe:15:7b:b1:4e:74:97:af:2b:57:05:54:d2:49:d8:
                    42:00:2b:0d:0e:10:1f:1c:b8:ac:e9:67:6c:f8:ea:
                    41:c3:17:cc:ea:29:56:c5:45:c6:db:09:92:27:c8:
                    29:8f:e8:a3:b8:0c:40:a5:4a:e3:15:41:af:36:68:
                    1f:78:f2:68:b5:8c:df:09:ca:25:a9:42:16:38:55:
                    08:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:CB:5C:15:E7:1D:28:54:7C:FE:5B:56:DE:91:53:FF:73:24:B6:A0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/af674e28-8a6b-4881-bc24-1bd1d459637c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daa0:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:b8:5b:9a:d5:6f:89:ee:4f:b2:c6:4c:c1:6c:6b:20:87:79:
         2e:74:c2:b6:ba:8f:cc:97:d0:c8:dd:3e:62:aa:2d:74:d6:a9:
         af:43:4d:0a:07:e8:1d:ac:81:34:19:ba:38:f4:89:e5:3b:3e:
         c1:35:49:38:b3:f2:4c:6f:3c:23:bd:49:57:aa:a5:ca:6d:53:
         02:5d:1f:a1:bf:ca:ea:cb:f3:aa:c8:e0:7b:01:fe:67:ce:a1:
         a8:26:bb:a8:31:5f:dd:2b:a9:2e:aa:3d:9e:fb:14:da:8c:2f:
         48:ab:25:d3:0e:36:be:5b:1d:75:4e:db:92:7e:05:6f:23:70:
         fd:4f:41:a8:63:db:36:98:16:81:31:e4:26:53:87:23:3e:1b:
         14:22:8a:d4:26:56:9b:cd:5e:d1:d4:63:3f:82:6f:9e:1c:d7:
         73:90:0f:6d:76:69:73:4b:89:07:c4:e8:c3:dd:d8:f6:37:54:
         52:50:a1:23:9f:82:26:80:d4:63:00:b4:87:db:7b:a6:1c:e7:
         e9:6f:0f:49:2b:b3:7a:52:df:f6:fe:95:c1:d2:c8:b6:2a:67:
         af:24:67:b6:3e:ec:ae:6f:9b:54:5e:bc:42:1e:a3:23:5c:c3:
         54:9b:5e:d4:6a:b8:a4:9e:1e:76:25:79:cb:c1:91:cf:0e:99:
         f5:9d:d6:35
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUEtnzz+m/qSflXHHQmojYQL2LFDowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAYWJiYjFkYmQ0OTQxMmQ5YjgyODg4
ZGI2YjQ2YjVkNjlkMGY2ZTY0YWQwNGExZTAxMzllMGQ0Zjc5YTZmMWVmNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60SoXWshEPN7oGDj72OFg5fQ+UI7
9rH7udsO1QoJAp5HysbXSNuexuyYXzjQZyeETf90VgrvJuzIFilbxnNjAIz4JpjV
Bi5PM6HyaWdedZGuvKjK5PHLZFIfctIHyEOSRskl2bSLcXqinWa2C9x2RWQmny/N
DwT2BMj4Z3IBkxfyeNiULWzylUZD3G+aSE0sTGKCk/9X8Y1JynKxFH8NEGKvvO+Z
eDCW2YRqWmBtTuMUlf/+FXuxTnSXrytXBVTSSdhCACsNDhAfHLis6Wds+OpBwxfM
6ilWxUXG2wmSJ8gpj+ijuAxApUrjFUGvNmgfePJotYzfCcolqUIWOFUIYwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGjLXBXnHShUfP5bVt6RU/9zJLagMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FmNjc0ZTI4LThhNmItNDg4MS1iYzI0LTFiZDFkNDU5NjM3Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaoKAwDQYJKoZIhvcNAQELBQADggEBAHW4W5rVb4nuT7LGTMFs
ayCHeS50wra6j8yX0MjdPmKqLXTWqa9DTQoH6B2sgTQZujj0ieU7PsE1STiz8kxv
PCO9SVeqpcptUwJdH6G/yurL86rI4HsB/mfOoagmu6gxX90rqS6qPZ77FNqML0ir
JdMONr5bHXVO25J+BW8jcP1PQahj2zaYFoEx5CZThyM+GxQiitQmVpvNXtHUYz+C
b54c13OQD212aXNLiQfE6MPd2PY3VFJQoSOfgiaA1GMAtIfbe6Yc5+lvD0krs3pS
3/b+lcHSyLYqZ68kZ7Y+7K5vm1RevEIeoyNcw1SbXtRquKSeHnYlecvBkc8OmfWd
1jU=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:05:27 2024 by rpki-client on console-ams.rpki-client.org