Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa
File:                     bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa (raw, json)
Hash identifier:          Yiip/ScMQ5QRtYdVll6zDSlo5eoXM5spjWonKbBAt9M=
Subject key identifier:   B6:DF:29:39:E9:E4:B9:17:19:0B:87:87:C6:48:B1:80:08:B9:29:74
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       171463F0C7A0DF29241375180CFDF3D5C123DBF2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daa0:c800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 00:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:14:63:f0:c7:a0:df:29:24:13:75:18:0c:fd:f3:d5:c1:23:db:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=e005b13e72e9b6e2752404c129d4bc313aa29ff8b390bd693e90fe9c92339494, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5c:23:de:82:77:23:2a:d1:6d:6e:e5:b8:47:
                    3d:d2:4c:76:1d:c3:29:d8:93:19:5a:70:eb:de:6f:
                    f4:cc:58:bd:2c:28:b5:87:c2:ef:29:7e:06:7e:da:
                    e1:a7:4d:00:6e:40:d1:58:06:20:fb:b6:05:38:bc:
                    d2:40:87:2f:c2:49:19:4d:bd:ce:c8:48:0e:42:31:
                    c0:8b:87:57:ac:cf:63:f5:ef:3c:d6:a8:31:14:11:
                    c3:71:28:3c:3c:5c:5b:b6:3e:90:3d:df:25:d6:bc:
                    e8:67:ff:18:4d:b3:6a:30:ee:5b:e9:5e:93:6a:9a:
                    3f:58:bc:97:41:4c:bc:41:07:c1:f4:25:a6:83:99:
                    ab:22:c0:d3:4b:ac:9a:07:ba:4b:95:f9:7e:28:38:
                    3a:ff:80:e8:b0:f6:de:09:0d:e9:1b:02:58:9b:50:
                    03:ae:f8:92:de:11:26:36:d3:4f:95:d4:3d:0d:d9:
                    4d:7e:1c:bf:3f:52:7e:b1:1f:b3:aa:66:27:27:65:
                    14:c2:48:a1:73:73:8b:1b:f1:84:14:c6:c9:9f:df:
                    90:7e:6f:93:d7:e3:71:fe:90:18:02:f2:38:eb:32:
                    15:51:fa:2b:e6:3c:41:05:cf:6c:84:4b:ea:06:f9:
                    7a:d9:51:f1:48:a0:23:2f:a6:e7:ca:47:4b:4e:2f:
                    37:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:DF:29:39:E9:E4:B9:17:19:0B:87:87:C6:48:B1:80:08:B9:29:74
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bf7dfcf8-ba0c-47e9-8ddb-6a6d8ec70412.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daa0:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         74:d3:f3:85:20:f4:fb:80:24:b1:12:72:da:7c:28:d2:fc:88:
         1e:52:9a:8e:80:7c:fd:cf:40:18:10:4e:02:31:a2:9f:dc:ff:
         21:78:43:92:95:f1:31:8b:8f:df:da:d3:2c:c9:45:ed:5c:18:
         a0:48:ce:14:99:1f:17:e0:50:0d:dc:b2:40:2f:14:64:89:3e:
         af:1c:bd:08:a1:35:08:00:78:3b:43:26:5e:44:18:bf:b9:6e:
         3d:cb:46:84:62:4d:84:fb:e6:59:e1:7d:1e:e6:7c:cc:6b:ba:
         4a:83:05:41:4e:7c:3c:11:22:0a:02:21:1e:35:c4:04:b8:1b:
         69:f2:90:88:b7:c7:01:5d:f1:44:69:68:a4:6a:be:62:1d:51:
         33:70:10:b4:cd:96:fc:7b:0f:62:a0:26:fe:13:30:3a:58:3b:
         84:68:ac:ab:a7:a2:d4:e3:a1:36:0e:0d:fc:9a:6f:92:b3:c2:
         7f:34:43:59:c6:1c:9a:95:e2:6f:08:e4:1d:1b:01:b5:9f:21:
         d4:c8:9d:3d:11:0f:e7:1c:fd:63:85:8a:15:57:ca:f1:ac:25:
         6e:7e:eb:2d:d1:ce:f3:4e:04:08:30:86:43:33:c9:21:99:bb:
         f4:7f:b8:bc:17:38:1f:42:25:62:97:c0:b0:88:01:a5:49:32:
         8d:18:ed:db
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFxRj8Meg3ykkE3UYDP3z1cEj2/IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNAZTAwNWIxM2U3MmU5YjZlMjc1MjQw
NGMxMjlkNGJjMzEzYWEyOWZmOGIzOTBiZDY5M2U5MGZlOWM5MjMzOTQ5NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01wj3oJ3IyrRbW7luEc90kx2HcMp
2JMZWnDr3m/0zFi9LCi1h8LvKX4Gftrhp00AbkDRWAYg+7YFOLzSQIcvwkkZTb3O
yEgOQjHAi4dXrM9j9e881qgxFBHDcSg8PFxbtj6QPd8l1rzoZ/8YTbNqMO5b6V6T
apo/WLyXQUy8QQfB9CWmg5mrIsDTS6yaB7pLlfl+KDg6/4DosPbeCQ3pGwJYm1AD
rviS3hEmNtNPldQ9DdlNfhy/P1J+sR+zqmYnJ2UUwkihc3OLG/GEFMbJn9+Qfm+T
1+Nx/pAYAvI46zIVUfor5jxBBc9shEvqBvl62VHxSKAjL6bnykdLTi83PwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLbfKTnp5LkXGQuHh8ZIsYAIuSl0MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JmN2RmY2Y4LWJhMGMtNDdlOS04ZGRiLTZhNmQ4ZWM3MDQxMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaoMgwDQYJKoZIhvcNAQELBQADggEBAHTT84Ug9PuAJLESctp8
KNL8iB5Smo6AfP3PQBgQTgIxop/c/yF4Q5KV8TGLj9/a0yzJRe1cGKBIzhSZHxfg
UA3cskAvFGSJPq8cvQihNQgAeDtDJl5EGL+5bj3LRoRiTYT75lnhfR7mfMxrukqD
BUFOfDwRIgoCIR41xAS4G2nykIi3xwFd8URpaKRqvmIdUTNwELTNlvx7D2KgJv4T
MDpYO4RorKunotTjoTYODfyab5Kzwn80Q1nGHJqV4m8I5B0bAbWfIdTInT0RD+cc
/WOFihVXyvGsJW5+6y3RzvNOBAgwhkMzySGZu/R/uLwXOB9CJWKXwLCIAaVJMo0Y
7ds=
-----END CERTIFICATE-----
Generated at Mon Jun 17 15:56:26 2024 by rpki-client on console-fra.rpki-client.org