Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c017ae6c-65e9-495c-a109-f29969b4159f.roa
File:                     c017ae6c-65e9-495c-a109-f29969b4159f.roa (raw, json)
Hash identifier:          kC+KlbsmRSzTLWjAnBISvbXQ2QVHaLl2DcgprKc5JsM=
Subject key identifier:   79:4B:ED:8B:B4:38:18:8C:E0:FA:4B:58:87:1C:1B:03:A1:0E:46:1C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       107489EFC97A90CE5D5CC2BC1A3D65632FFE1FE2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c017ae6c-65e9-495c-a109-f29969b4159f.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafa:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 19 Jul 2024 23:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:74:89:ef:c9:7a:90:ce:5d:5c:c2:bc:1a:3d:65:63:2f:fe:1f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=f719d2c26443aa9b788ee46f2c5731829b8e4d812a29fbf04d73c7b2e4d90461, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e5:42:96:75:91:f6:75:0e:c5:84:8e:15:6c:
                    1b:33:6d:90:53:44:1a:c2:de:44:a3:d7:3c:f0:fb:
                    a9:4c:b1:58:07:4b:a6:42:a2:d8:fe:92:48:7d:e4:
                    47:5a:bb:d7:9a:a7:ef:6c:4d:9d:5d:1e:32:27:4b:
                    14:57:8d:f5:ae:a6:dc:b0:7b:d1:69:92:bc:fc:9a:
                    ff:de:19:03:9f:fc:a6:2d:27:7c:c3:ea:ac:5b:2f:
                    bb:cd:bf:26:0e:b5:11:fa:fc:cd:55:d5:50:e6:0c:
                    2e:1c:72:c9:7b:b3:0d:31:e2:40:ef:dd:36:ab:39:
                    10:46:2a:41:e6:05:0e:8a:a1:6c:95:0f:3c:2f:ff:
                    35:35:5d:3f:fa:09:e5:30:49:98:89:17:29:36:0c:
                    08:5b:a0:32:6b:e9:98:86:14:34:70:de:c1:77:98:
                    a4:e5:e3:7f:78:ed:f9:d9:c7:41:15:e5:e5:0f:72:
                    54:f5:59:b6:39:c6:ad:98:71:6b:23:52:69:36:30:
                    e4:49:4b:b3:4f:f8:f2:5f:05:9f:87:98:e7:bb:03:
                    c0:dd:d1:58:b1:a3:50:c1:fd:c9:f8:24:4a:5e:b5:
                    e3:8a:8e:c9:5c:2a:c5:b2:04:3a:1f:10:74:ab:6f:
                    ad:d3:f8:00:f1:d6:ad:ab:d1:c2:dc:5d:ec:b1:14:
                    6f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:4B:ED:8B:B4:38:18:8C:E0:FA:4B:58:87:1C:1B:03:A1:0E:46:1C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c017ae6c-65e9-495c-a109-f29969b4159f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafa:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b6:5b:82:76:31:c0:07:2e:cd:17:91:11:90:91:c7:bd:88:5e:
         ee:81:9f:77:23:44:40:2e:d4:1d:ba:0b:6f:5a:97:7c:f1:28:
         0c:c1:24:b5:d2:c6:a2:32:8f:af:6d:80:7d:a3:92:23:39:dc:
         11:3a:18:b4:9d:61:20:30:1b:e4:00:09:74:4c:d7:82:ab:4e:
         15:ea:eb:03:b7:c1:1c:aa:13:4f:78:74:dc:75:c0:f0:69:da:
         a8:28:ef:be:16:1c:57:17:20:6b:e2:cb:de:d9:70:f3:42:5b:
         92:d0:91:1d:2c:c2:2e:52:e6:ce:1b:08:36:36:e2:79:61:af:
         05:92:64:97:79:a3:08:f7:a9:c1:e4:00:06:5b:6a:87:03:23:
         d1:ff:f2:74:61:03:9b:a9:e1:6f:ff:94:fd:17:e5:45:b2:7c:
         fc:58:25:2b:df:db:35:cd:ea:ca:25:ce:db:13:88:c6:95:5b:
         76:ba:a9:f4:4f:7d:f3:d3:79:31:11:57:33:9f:37:38:17:29:
         34:b1:9c:60:0a:13:2c:f1:ea:91:da:01:62:9a:36:0b:08:47:
         16:4c:98:c7:d9:72:bb:57:87:70:24:2e:ea:c7:2a:01:a1:fe:
         e4:a8:60:df:bc:f0:d2:7a:55:02:92:42:9e:e3:8e:23:68:45:
         76:02:38:b5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUEHSJ78l6kM5dXMK8Gj1lYy/+H+IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAZjcxOWQyYzI2NDQzYWE5Yjc4OGVl
NDZmMmM1NzMxODI5YjhlNGQ4MTJhMjlmYmYwNGQ3M2M3YjJlNGQ5MDQ2MTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+VClnWR9nUOxYSOFWwbM22QU0Qa
wt5Eo9c88PupTLFYB0umQqLY/pJIfeRHWrvXmqfvbE2dXR4yJ0sUV431rqbcsHvR
aZK8/Jr/3hkDn/ymLSd8w+qsWy+7zb8mDrUR+vzNVdVQ5gwuHHLJe7MNMeJA7902
qzkQRipB5gUOiqFslQ88L/81NV0/+gnlMEmYiRcpNgwIW6Aya+mYhhQ0cN7Bd5ik
5eN/eO352cdBFeXlD3JU9Vm2OcatmHFrI1JpNjDkSUuzT/jyXwWfh5jnuwPA3dFY
saNQwf3J+CRKXrXjio7JXCrFsgQ6HxB0q2+t0/gA8datq9HC3F3ssRRvCQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHlL7Yu0OBiM4PpLWIccGwOhDkYcMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MwMTdhZTZjLTY1ZTktNDk1Yy1hMTA5LWYyOTk2OWI0MTU5Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+iAwDQYJKoZIhvcNAQELBQADggEBALZbgnYxwAcuzReREZCR
x72IXu6Bn3cjREAu1B26C29al3zxKAzBJLXSxqIyj69tgH2jkiM53BE6GLSdYSAw
G+QACXRM14KrThXq6wO3wRyqE094dNx1wPBp2qgo774WHFcXIGviy97ZcPNCW5LQ
kR0swi5S5s4bCDY24nlhrwWSZJd5owj3qcHkAAZbaocDI9H/8nRhA5up4W//lP0X
5UWyfPxYJSvf2zXN6solztsTiMaVW3a6qfRPffPTeTERVzOfNzgXKTSxnGAKEyzx
6pHaAWKaNgsIRxZMmMfZcrtXh3AkLurHKgGh/uSoYN+88NJ6VQKSQp7jjiNoRXYC
OLU=
-----END CERTIFICATE-----
Generated at Tue Jul 16 03:59:24 2024 by rpki-client on console-ams.rpki-client.org