Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c2d40877-6bad-4811-bf05-3515b26fc91b.roa
File:                     c2d40877-6bad-4811-bf05-3515b26fc91b.roa (raw, json)
Hash identifier:          tvPkpPjHjhmpb5ox9nVhSEi/gKXGLRh6bp/JoiGTO58=
Subject key identifier:   72:6A:C0:85:B0:3B:6B:66:C8:C3:FE:A0:23:EC:9A:F1:3F:8C:98:F5
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6E63BC79FD0FA5D979D008F77916E0E4FF692D15
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c2d40877-6bad-4811-bf05-3515b26fc91b.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:4800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:63:bc:79:fd:0f:a5:d9:79:d0:08:f7:79:16:e0:e4:ff:69:2d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=ecf74bd2d8aba5ab2fb3422b16fc1e44d1d805a9b9d26ed0d7675d4c317b2fd7, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d7:17:11:77:51:4f:e9:31:8a:69:65:eb:3e:
                    e7:b8:7f:cf:82:ec:fd:c9:ea:a6:10:e8:b4:4d:2b:
                    c2:74:b4:4e:bc:3b:ae:dc:74:c3:7d:9c:e2:64:38:
                    a2:8b:9e:aa:41:05:6c:03:8e:e3:3d:33:c4:3f:25:
                    3c:a1:05:34:89:f0:bd:b1:fc:82:2f:c6:40:d7:f2:
                    c9:83:4e:ca:e8:80:59:44:c7:25:5e:fc:83:e1:f2:
                    ef:59:e3:cf:aa:6d:70:71:2d:d6:bf:ef:58:c2:06:
                    47:23:d2:eb:52:90:2c:28:7e:c7:75:48:49:37:e6:
                    9e:70:36:1d:bb:3a:67:37:3d:bc:e4:01:57:17:99:
                    d8:24:48:34:c1:8c:94:f6:c8:ce:8a:54:f3:7e:de:
                    8a:cd:58:29:8a:93:98:20:ff:00:5f:cd:3a:05:78:
                    4e:7c:6e:ff:6c:5e:82:23:db:50:ec:70:d2:41:77:
                    1b:9e:b2:88:ca:ef:f6:f4:1d:2f:a6:e4:da:27:0a:
                    21:94:c8:c2:d4:2e:5d:a8:13:3c:0f:9b:0c:70:f8:
                    63:da:98:32:57:dc:dd:05:ce:aa:47:12:48:35:f3:
                    aa:2f:45:88:4c:6d:df:6b:ce:52:32:1d:ba:98:38:
                    ec:e6:c2:71:bc:9e:9c:27:d3:83:00:3d:63:3d:29:
                    84:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:6A:C0:85:B0:3B:6B:66:C8:C3:FE:A0:23:EC:9A:F1:3F:8C:98:F5
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c2d40877-6bad-4811-bf05-3515b26fc91b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         ac:3f:8d:80:e6:66:b2:fa:08:0f:5d:ec:28:0a:6f:e8:05:d8:
         81:d0:02:8c:35:c3:c6:a9:07:29:74:ed:cd:81:c5:d9:b6:46:
         84:7c:2c:be:93:d0:b4:52:d4:41:92:ae:7b:c4:34:05:43:34:
         ea:91:78:d8:5f:e9:9a:7a:7a:84:c9:e7:f9:1e:b0:cf:8a:be:
         9e:51:0b:67:78:20:48:cc:e7:1b:ca:f7:26:da:3a:ef:79:68:
         f2:57:cd:1c:51:86:f8:1f:41:73:8e:5e:f2:d7:9c:46:68:74:
         56:60:99:c9:ef:d4:61:cc:5a:86:3c:ca:ac:36:36:cb:2f:f2:
         a0:57:27:34:92:07:7e:77:b8:97:5f:69:84:98:36:65:39:36:
         0c:ab:26:bb:f6:bf:e8:0b:bd:bb:39:71:39:14:1a:f2:c3:0f:
         68:0f:22:7b:85:e8:7c:6f:db:73:1c:2b:42:aa:9f:8f:f6:39:
         36:b1:f2:5d:f9:db:cc:b0:13:34:f0:b5:ee:85:4f:2c:5f:63:
         32:46:6c:0c:b2:9c:e4:4c:d2:b8:cf:d9:87:d8:5b:03:7f:46:
         56:d5:00:7f:9b:d1:89:59:16:db:c7:5b:ad:de:3e:ff:dc:b3:
         97:43:95:0e:83:69:67:aa:6f:e3:0c:0b:7f:7f:f8:be:c1:05:
         9b:e6:6d:9f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbmO8ef0Ppdl50Aj3eRbg5P9pLRUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAZWNmNzRiZDJkOGFiYTVhYjJmYjM0
MjJiMTZmYzFlNDRkMWQ4MDVhOWI5ZDI2ZWQwZDc2NzVkNGMzMTdiMmZkNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9cXEXdRT+kximll6z7nuH/Pguz9
yeqmEOi0TSvCdLROvDuu3HTDfZziZDiii56qQQVsA47jPTPEPyU8oQU0ifC9sfyC
L8ZA1/LJg07K6IBZRMclXvyD4fLvWePPqm1wcS3Wv+9YwgZHI9LrUpAsKH7HdUhJ
N+aecDYduzpnNz285AFXF5nYJEg0wYyU9sjOilTzft6KzVgpipOYIP8AX806BXhO
fG7/bF6CI9tQ7HDSQXcbnrKIyu/29B0vpuTaJwohlMjC1C5dqBM8D5sMcPhj2pgy
V9zdBc6qRxJINfOqL0WITG3fa85SMh26mDjs5sJxvJ6cJ9ODAD1jPSmEqQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHJqwIWwO2tmyMP+oCPsmvE/jJj1MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MyZDQwODc3LTZiYWQtNDgxMS1iZjA1LTM1MTViMjZmYzkxYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOEgwDQYJKoZIhvcNAQELBQADggEBAKw/jYDmZrL6CA9d7CgK
b+gF2IHQAow1w8apByl07c2Bxdm2RoR8LL6T0LRS1EGSrnvENAVDNOqReNhf6Zp6
eoTJ5/kesM+Kvp5RC2d4IEjM5xvK9ybaOu95aPJXzRxRhvgfQXOOXvLXnEZodFZg
mcnv1GHMWoY8yqw2Nssv8qBXJzSSB353uJdfaYSYNmU5NgyrJrv2v+gLvbs5cTkU
GvLDD2gPInuF6Hxv23McK0Kqn4/2OTax8l3528ywEzTwte6FTyxfYzJGbAyynORM
0rjP2YfYWwN/RlbVAH+b0YlZFtvHW63ePv/cs5dDlQ6DaWeqb+MMC39/+L7BBZvm
bZ8=
-----END CERTIFICATE-----
Generated at Mon Jun 24 01:28:15 2024 by rpki-client on console-ams.rpki-client.org