Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/be7285bb-f342-4843-b8c8-dad47fe44460.roa
File:                     be7285bb-f342-4843-b8c8-dad47fe44460.roa (raw, json)
Hash identifier:          /B396ptshZtvmyxpdbSyl9lM9OrexyByg7Oc71Yw3pg=
Subject key identifier:   24:FD:9F:A8:C8:EB:9A:EA:AD:D7:48:11:26:53:A1:5E:15:E7:1B:5A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       20D1C7E71C3D870669D8C60717786C2832E8EFD9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/be7285bb-f342-4843-b8c8-dad47fe44460.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:d1:c7:e7:1c:3d:87:06:69:d8:c6:07:17:78:6c:28:32:e8:ef:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=1c41f4e315f7b56a3a34c97ed0de09481ad6e3ff78fc512b2e42321d4c0da760, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:74:6b:af:ae:cc:bd:c8:98:6e:a5:e5:13:d8:
                    be:94:0e:0e:2b:cb:e6:e4:f0:96:e4:16:3d:ec:52:
                    d5:15:6b:b2:56:2a:99:fc:ce:ef:76:c9:70:61:c4:
                    33:48:7b:79:e9:37:56:fd:00:66:a2:16:b0:d5:74:
                    bd:73:a8:92:de:a3:8b:ad:44:cd:09:af:c9:87:82:
                    78:22:eb:25:a0:3d:a9:a2:10:be:2a:14:30:88:34:
                    a3:d6:0c:9a:27:20:83:9a:08:95:dd:bf:27:01:84:
                    0a:d8:4c:64:ff:66:eb:03:c5:0c:3b:ea:78:81:52:
                    10:f0:5f:97:89:15:47:b3:88:eb:0b:b4:05:51:7f:
                    cc:23:dc:0f:3f:5a:06:59:65:fa:5c:05:17:65:77:
                    a5:cf:63:72:64:c2:e4:7d:54:f8:2b:f4:81:37:c2:
                    bf:fe:e5:18:32:26:84:34:e9:82:e5:04:97:24:82:
                    cb:76:e4:cf:e3:1e:81:16:f8:e3:78:d8:3c:d7:0a:
                    23:45:46:1f:ab:e3:80:11:f1:69:03:65:94:70:1a:
                    f2:ad:02:46:80:c1:fe:8f:d4:74:b1:08:1b:2c:c3:
                    3b:a4:2a:3b:87:a1:32:02:5c:7e:17:dd:c2:a1:d2:
                    a1:75:e5:1f:d3:b4:a8:2a:3e:e2:39:5b:0b:d3:92:
                    90:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:FD:9F:A8:C8:EB:9A:EA:AD:D7:48:11:26:53:A1:5E:15:E7:1B:5A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/be7285bb-f342-4843-b8c8-dad47fe44460.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ad:8b:23:73:82:af:16:ea:3a:1f:c6:32:96:ee:18:33:f9:3c:
         cb:80:4c:98:0f:0c:67:f8:0d:ed:9f:d0:80:78:95:6a:65:78:
         45:ad:7c:87:62:9e:0b:e0:3c:af:a9:4c:de:09:ab:ec:b9:40:
         27:27:9f:41:0d:d3:f7:89:db:98:d7:97:1d:29:67:1f:52:21:
         f0:16:31:b9:c8:89:4a:3c:19:4d:98:b3:f5:16:00:d4:36:de:
         a3:92:29:2e:1f:03:16:f6:62:31:2e:39:fb:48:54:25:5c:6c:
         06:28:32:cc:2d:79:75:20:cb:39:5e:79:ad:83:78:dd:91:48:
         9e:d4:cd:85:bd:be:d1:a7:72:58:14:77:46:dd:ea:c1:d2:1f:
         ad:42:8f:14:4e:3a:fd:52:b9:36:af:e8:42:59:a7:74:32:9d:
         05:d8:e3:38:6c:81:b6:ee:d1:3f:f9:08:36:3f:4a:dd:b7:19:
         35:a1:e3:b4:ee:a0:4c:87:b1:9a:90:06:18:a1:68:58:e9:14:
         b4:1a:66:5d:85:14:53:2d:34:e2:20:ae:3d:58:cb:2d:9c:4f:
         3d:8c:00:76:60:07:e8:ab:4b:98:44:e4:14:d1:c1:91:4d:3b:
         d7:97:d6:e2:13:80:54:68:76:fe:5c:b5:25:ae:26:93:b1:3a:
         ee:41:79:19
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUINHH5xw9hwZp2MYHF3hsKDLo79kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAMWM0MWY0ZTMxNWY3YjU2YTNhMzRj
OTdlZDBkZTA5NDgxYWQ2ZTNmZjc4ZmM1MTJiMmU0MjMyMWQ0YzBkYTc2MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3Rrr67MvciYbqXlE9i+lA4OK8vm
5PCW5BY97FLVFWuyViqZ/M7vdslwYcQzSHt56TdW/QBmohaw1XS9c6iS3qOLrUTN
Ca/Jh4J4IusloD2pohC+KhQwiDSj1gyaJyCDmgiV3b8nAYQK2Exk/2brA8UMO+p4
gVIQ8F+XiRVHs4jrC7QFUX/MI9wPP1oGWWX6XAUXZXelz2NyZMLkfVT4K/SBN8K/
/uUYMiaENOmC5QSXJILLduTP4x6BFvjjeNg81wojRUYfq+OAEfFpA2WUcBryrQJG
gMH+j9R0sQgbLMM7pCo7h6EyAlx+F93CodKhdeUf07SoKj7iOVsL05KQ1wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCT9n6jI65rqrddIESZToV4V5xtaMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JlNzI4NWJiLWYzNDItNDg0My1iOGM4LWRhZDQ3ZmU0NDQ2MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaeAwDQYJKoZIhvcNAQELBQADggEBAK2LI3OCrxbqOh/GMpbu
GDP5PMuATJgPDGf4De2f0IB4lWpleEWtfIdingvgPK+pTN4Jq+y5QCcnn0EN0/eJ
25jXlx0pZx9SIfAWMbnIiUo8GU2Ys/UWANQ23qOSKS4fAxb2YjEuOftIVCVcbAYo
MswteXUgyzleea2DeN2RSJ7UzYW9vtGnclgUd0bd6sHSH61CjxROOv1SuTav6EJZ
p3QynQXY4zhsgbbu0T/5CDY/St23GTWh47TuoEyHsZqQBhihaFjpFLQaZl2FFFMt
NOIgrj1Yyy2cTz2MAHZgB+irS5hE5BTRwZFNO9eX1uITgFRodv5ctSWuJpOxOu5B
eRk=
-----END CERTIFICATE-----
Generated at Thu Jul 18 02:11:49 2024 by rpki-client on console-fra.rpki-client.org