Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bb98c08c-0f1a-4df4-a80b-caa2918ed856.roa
File:                     bb98c08c-0f1a-4df4-a80b-caa2918ed856.roa (raw, json)
Hash identifier:          OV8jbHBqHTzvrWjlgqN415lGmFjSkvKc3FTdZqmWfxo=
Subject key identifier:   28:6C:3C:63:74:D5:4A:04:03:52:33:1B:13:08:82:14:74:90:39:DF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6B8418E26067152238E8AFE9B4AE1F0C4FBEFC36
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bb98c08c-0f1a-4df4-a80b-caa2918ed856.roa
Signing time:             Wed 01 Mar 2023 00:00:00 +0000
ROA not before:           Wed 01 Mar 2023 00:00:00 +0000
ROA not after:            Wed 05 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:7000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 16 Mar 2023 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:84:18:e2:60:67:15:22:38:e8:af:e9:b4:ae:1f:0c:4f:be:fc:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar  1 00:00:00 2023 GMT
            Not After : Apr  5 23:59:59 2023 GMT
        Subject: serialNumber=639a72f0981d1f3d252324fe8bd906487bddf5576bab504b596b180478ac6b83, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f9:7b:14:48:c4:75:e7:92:ba:7c:9a:b4:a0:
                    82:ef:09:ce:e8:8b:d5:d7:83:f4:e2:31:59:5c:1d:
                    b3:2a:2f:53:12:5c:c8:f5:8b:a0:2e:12:04:82:5c:
                    b7:f1:e9:82:7f:0b:6a:23:6f:79:a5:4c:89:0b:3a:
                    eb:63:ca:d6:74:06:84:4f:13:f6:37:d5:f6:61:71:
                    5c:8f:9f:40:99:d9:c5:a8:02:d2:7d:35:38:fc:b5:
                    95:64:62:ce:05:f3:7d:08:6c:90:10:e0:d4:35:a9:
                    5c:13:db:61:54:eb:39:81:60:dc:30:b3:20:71:f9:
                    b0:dc:7b:89:81:30:2c:45:f4:46:98:21:0c:25:c4:
                    11:e5:27:d3:80:1c:bf:1b:d5:17:41:2a:47:5a:4d:
                    d2:27:b8:cd:33:9b:ea:d6:7a:81:ce:eb:5e:01:16:
                    d3:f2:1b:65:51:c5:20:96:48:9d:b9:4b:f1:56:12:
                    e7:67:d8:1f:f6:29:c6:b3:92:5b:bd:6d:70:79:db:
                    d2:35:6b:54:b8:a6:50:b8:de:b1:43:d7:6c:21:ed:
                    e8:82:22:4b:97:d5:56:1d:da:44:ca:da:ea:48:04:
                    85:4a:90:2b:fa:fe:f3:96:b5:18:00:30:22:0d:6e:
                    3b:83:19:6e:26:59:3a:13:6b:52:38:79:6d:41:f4:
                    08:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                28:6C:3C:63:74:D5:4A:04:03:52:33:1B:13:08:82:14:74:90:39:DF
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bb98c08c-0f1a-4df4-a80b-caa2918ed856.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:c4:cf:00:98:6f:c6:1e:0f:ff:cf:8b:c3:bf:67:41:5a:d1:
         30:25:71:bf:93:20:e8:ef:d4:29:41:60:4c:b3:67:97:d1:52:
         f9:d3:86:62:bb:5f:b4:01:b7:64:b3:8f:1f:a6:f6:95:b2:b8:
         14:8d:7c:2e:71:d3:33:9c:6a:64:6e:64:73:38:27:c4:ec:7c:
         90:4b:7d:73:bf:77:0b:b0:52:14:35:bc:eb:2a:41:e4:05:1c:
         d7:21:05:b3:78:17:f8:ae:ff:bc:8c:cf:bf:20:f7:51:db:1d:
         81:b3:5d:88:17:3a:68:2c:42:d0:7f:d4:49:f7:18:0e:d6:f3:
         37:2a:16:fd:a8:b6:4c:c6:35:2a:2f:7c:8d:80:82:cf:63:8d:
         e1:73:e6:69:ca:f9:92:10:71:07:3b:46:68:b7:8a:83:fe:44:
         bb:69:94:17:24:f6:d7:a9:0a:1c:ed:84:28:c5:a6:91:4e:84:
         e2:e2:f0:79:e3:da:aa:64:8e:b7:a7:b7:5a:c5:28:1c:88:36:
         4e:ef:ee:9a:b2:70:29:3c:33:eb:62:ff:76:d3:57:c8:a6:0a:
         a1:5e:25:fd:95:d5:94:aa:c5:fd:49:f9:b1:fa:bd:0f:75:2e:
         06:89:71:44:81:f0:dd:53:50:e7:b4:e5:2c:84:d8:f2:72:dc:
         e2:6c:fb:60
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUa4QY4mBnFSI46K/ptK4fDE++/DYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMwMTAwMDAwMFoX
DTIzMDQwNTIzNTk1OVowgaUxSTBHBgNVBAUTQDYzOWE3MmYwOTgxZDFmM2QyNTIz
MjRmZThiZDkwNjQ4N2JkZGY1NTc2YmFiNTA0YjU5NmIxODA0NzhhYzZiODMxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDt+XsUSMR155K6fJq0oILvCc7oi9XXg/Ti
MVlcHbMqL1MSXMj1i6AuEgSCXLfx6YJ/C2ojb3mlTIkLOutjytZ0BoRPE/Y31fZh
cVyPn0CZ2cWoAtJ9NTj8tZVkYs4F830IbJAQ4NQ1qVwT22FU6zmBYNwwsyBx+bDc
e4mBMCxF9EaYIQwlxBHlJ9OAHL8b1RdBKkdaTdInuM0zm+rWeoHO614BFtPyG2VR
xSCWSJ25S/FWEudn2B/2Kcazklu9bXB529I1a1S4plC43rFD12wh7eiCIkuX1VYd
2kTK2upIBIVKkCv6/vOWtRgAMCINbjuDGW4mWToTa1I4eW1B9AinAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUKGw8Y3TVSgQDUjMbEwiCFHSQOd8wHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvYmI5
OGMwOGMtMGYxYS00ZGY0LWE4MGItY2FhMjkxOGVkODU2LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtphcDANBgkqhkiG9w0BAQsFAAOCAQEAOMTPAJhvxh4P/8+Lw79nQVrR
MCVxv5Mg6O/UKUFgTLNnl9FS+dOGYrtftAG3ZLOPH6b2lbK4FI18LnHTM5xqZG5k
czgnxOx8kEt9c793C7BSFDW86ypB5AUc1yEFs3gX+K7/vIzPvyD3UdsdgbNdiBc6
aCxC0H/USfcYDtbzNyoW/ai2TMY1Ki98jYCCz2ON4XPmacr5khBxBztGaLeKg/5E
u2mUFyT216kKHO2EKMWmkU6E4uLweePaqmSOt6e3WsUoHIg2Tu/umrJwKTwz62L/
dtNXyKYKoV4l/ZXVlKrF/Un5sfq9D3UuBolxRIHw3VNQ57TlLITY8nLc4mz7YA==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:42:45 2023 by rpki-client on console-ams.rpki-client.org