Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bcb12c2c-c0ef-4571-926a-88ef42d9a233.roa
File:                     bcb12c2c-c0ef-4571-926a-88ef42d9a233.roa (raw, json)
Hash identifier:          OjjL0anuXxenP+op/WuwLmPwEirbBvnCVVhMRwusQL0=
Subject key identifier:   B3:F0:47:EA:F8:A2:BC:1F:7C:71:82:FE:5B:1F:0A:7E:21:0D:18:CA
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2121A066C0A94D0AF4A4414F0D05C4D3EB6B63E6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bcb12c2c-c0ef-4571-926a-88ef42d9a233.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:7000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:21:a0:66:c0:a9:4d:0a:f4:a4:41:4f:0d:05:c4:d3:eb:6b:63:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=1c7f7ae79b3737f35fc97ea8db497066c9214068766e302b26a9de3feffb2494, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7d:cd:c8:96:1c:34:eb:66:ee:e2:f3:7a:db:
                    48:94:39:8a:9a:80:84:0b:29:62:b6:9d:f5:11:97:
                    07:a0:db:a8:77:a3:28:3e:28:a3:64:60:cd:cd:a0:
                    0e:1c:91:67:4b:3d:86:54:17:b8:09:f4:dc:08:ff:
                    96:80:c6:e8:02:8e:8a:62:42:49:a9:d1:78:ea:6d:
                    c9:aa:5c:c5:7b:6f:db:b9:f5:b2:5b:8b:d0:bc:de:
                    8d:c1:0a:96:1f:25:63:fa:ac:56:fa:39:48:de:86:
                    ce:d6:2c:f7:da:fa:e2:22:d7:21:c5:d8:76:20:6c:
                    d3:b5:96:18:b0:a1:39:01:a7:4d:29:74:cb:6c:7a:
                    12:cc:4c:05:c9:65:e4:07:1b:fb:e8:c8:0c:82:38:
                    71:14:6d:9b:8d:a0:7f:7a:88:21:65:ac:f1:fc:3c:
                    29:6a:72:b3:3a:95:a5:35:1f:8c:03:f5:1d:22:7e:
                    33:b3:1f:9f:44:bd:51:26:a0:5c:92:0a:e4:8f:f7:
                    49:ca:15:66:e2:ac:97:ec:21:63:e9:b1:f9:e0:11:
                    b1:be:28:76:fc:4a:a4:72:9f:84:3a:0e:b3:92:15:
                    05:27:a6:9c:c6:cb:3b:5b:f9:5d:4d:99:60:2f:04:
                    4d:5f:71:9e:fc:d3:4e:f2:87:36:bf:27:b7:fe:29:
                    08:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F0:47:EA:F8:A2:BC:1F:7C:71:82:FE:5B:1F:0A:7E:21:0D:18:CA
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bcb12c2c-c0ef-4571-926a-88ef42d9a233.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         58:e5:46:f8:5a:a6:a8:90:c5:b8:59:d3:2a:1c:00:6b:d5:80:
         60:fc:77:42:a4:9f:fb:bb:8f:b2:1b:b0:27:91:36:33:76:d9:
         e3:4a:fe:26:90:75:f6:07:fa:c4:44:75:30:4e:c6:47:fc:37:
         af:3d:20:a1:c0:bc:d0:0d:8f:67:26:fd:13:c1:50:e5:d5:e4:
         03:39:38:a4:52:b9:65:f8:2a:7f:d7:2d:ef:dc:29:f5:57:4a:
         46:34:8e:f8:7b:8b:ba:16:66:30:2f:f4:ed:a3:18:eb:51:c0:
         e6:98:ae:1e:0d:cf:0f:c9:36:d1:5a:a9:bc:06:00:3c:1e:38:
         22:de:e5:1a:87:ca:55:68:39:03:b1:12:cb:74:be:1c:8a:1b:
         b8:9f:0f:10:71:24:0d:df:08:97:ef:c7:13:a5:63:31:8a:99:
         50:e4:12:79:19:e5:cc:03:94:04:0d:9e:0e:50:a7:3a:a8:c7:
         b3:67:f8:ab:94:20:a8:9c:65:db:1e:e8:90:3c:e3:ff:17:7a:
         e0:d1:56:85:c1:51:7b:13:ab:e9:0c:65:3b:38:f4:fa:57:c9:
         e2:4e:b5:e5:69:09:54:bd:1d:f6:fe:b5:6a:4b:fe:54:01:7b:
         2b:a9:67:fc:9d:e8:0b:31:db:75:39:24:39:00:66:35:40:e3:
         f7:d5:79:62
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUISGgZsCpTQr0pEFPDQXE0+trY+YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAMWM3ZjdhZTc5YjM3MzdmMzVmYzk3
ZWE4ZGI0OTcwNjZjOTIxNDA2ODc2NmUzMDJiMjZhOWRlM2ZlZmZiMjQ5NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq33NyJYcNOtm7uLzettIlDmKmoCE
Cylitp31EZcHoNuod6MoPiijZGDNzaAOHJFnSz2GVBe4CfTcCP+WgMboAo6KYkJJ
qdF46m3JqlzFe2/bufWyW4vQvN6NwQqWHyVj+qxW+jlI3obO1iz32vriItchxdh2
IGzTtZYYsKE5AadNKXTLbHoSzEwFyWXkBxv76MgMgjhxFG2bjaB/eoghZazx/Dwp
anKzOpWlNR+MA/UdIn4zsx+fRL1RJqBckgrkj/dJyhVm4qyX7CFj6bH54BGxvih2
/Eqkcp+EOg6zkhUFJ6acxss7W/ldTZlgLwRNX3Ge/NNO8oc2vye3/ikIEwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLPwR+r4orwffHGC/lsfCn4hDRjKMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JjYjEyYzJjLWMwZWYtNDU3MS05MjZhLTg4ZWY0MmQ5YTIzMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8nAwDQYJKoZIhvcNAQELBQADggEBAFjlRvhapqiQxbhZ0yoc
AGvVgGD8d0Kkn/u7j7IbsCeRNjN22eNK/iaQdfYH+sREdTBOxkf8N689IKHAvNAN
j2cm/RPBUOXV5AM5OKRSuWX4Kn/XLe/cKfVXSkY0jvh7i7oWZjAv9O2jGOtRwOaY
rh4Nzw/JNtFaqbwGADweOCLe5RqHylVoOQOxEst0vhyKG7ifDxBxJA3fCJfvxxOl
YzGKmVDkEnkZ5cwDlAQNng5Qpzqox7Nn+KuUIKicZdse6JA84/8XeuDRVoXBUXsT
q+kMZTs49PpXyeJOteVpCVS9Hfb+tWpL/lQBeyupZ/yd6Asx23U5JDkAZjVA4/fV
eWI=
-----END CERTIFICATE-----
Generated at Tue Jun 25 00:53:11 2024 by rpki-client on console-ams.rpki-client.org