Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c4d437d8-9f85-4f44-8dad-68b1ce24fa4d.roa
File:                     c4d437d8-9f85-4f44-8dad-68b1ce24fa4d.roa (raw, json)
Hash identifier:          kiPKq5vaOfQOAQSsPpXA/IzKBieBKUawrc5emhtnv+s=
Subject key identifier:   14:DE:64:DC:AD:95:28:A5:07:13:1A:81:2C:85:7C:3D:62:C3:8D:35
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       66F73060F20F556287A75522B01F7DF5C0C1CA85
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c4d437d8-9f85-4f44-8dad-68b1ce24fa4d.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 25 Jun 2024 00:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:f7:30:60:f2:0f:55:62:87:a7:55:22:b0:1f:7d:f5:c0:c1:ca:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=b6d70a54c24fbd065bd7d5d89a5ce265ce7476ea92fda43f0fe7231b897bb529, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ad:2b:89:1e:24:5c:2c:cc:91:94:1e:d8:90:
                    9d:1b:65:6a:6a:b1:b8:52:97:66:d2:9a:fb:17:c7:
                    8a:3b:09:c8:9d:0b:9b:18:fc:17:35:e9:46:d2:56:
                    36:29:9e:56:15:a9:d0:84:8f:52:7a:dd:f6:09:43:
                    ae:aa:24:95:d9:22:e5:2a:68:27:fc:c7:ee:b5:f7:
                    66:e8:3f:61:11:e0:0c:9a:30:e8:be:81:88:7c:1a:
                    52:f9:8f:cf:c2:37:e1:9f:60:e9:2c:17:a5:4f:da:
                    48:0e:fa:f5:8a:41:ee:d0:eb:c0:40:5b:f5:45:54:
                    58:21:f1:07:d8:29:bb:62:ec:53:86:cc:50:1d:24:
                    e0:56:38:83:88:be:55:bb:d6:63:58:13:ca:f1:3a:
                    b2:21:56:3d:6b:f4:bb:49:60:40:e8:7f:62:ad:93:
                    4d:31:78:a4:c1:5f:16:3d:8b:d3:26:7e:e5:e4:03:
                    8d:42:b9:9e:10:63:8d:03:1e:d3:6f:aa:02:b6:5d:
                    33:21:cb:6f:77:f0:85:52:22:44:b8:89:63:d9:6e:
                    44:5d:12:6c:db:c9:66:53:a0:d3:05:1e:93:3e:d5:
                    aa:c3:b1:00:7a:45:09:0d:c7:95:e1:a6:cf:d4:d1:
                    ff:4c:c0:c2:17:cb:58:37:b0:25:48:73:24:ab:0a:
                    a8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DE:64:DC:AD:95:28:A5:07:13:1A:81:2C:85:7C:3D:62:C3:8D:35
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c4d437d8-9f85-4f44-8dad-68b1ce24fa4d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:ce:7d:e8:08:8d:fd:15:ec:45:14:43:ff:30:9b:67:7a:3b:
         79:54:9a:a7:f8:ce:b2:e1:d7:da:b9:88:b7:59:43:64:65:8b:
         dc:b5:48:55:25:0c:cd:39:97:0d:8a:b9:8c:52:8c:13:f5:f3:
         0a:35:e2:9c:57:f6:d7:89:6b:08:55:96:98:90:13:df:74:dc:
         a1:9a:06:5a:c0:39:aa:af:5b:48:2f:c2:ab:6d:62:78:54:03:
         bb:9b:b8:7e:1d:45:9c:02:ff:ba:a6:f8:94:00:3c:1f:c7:48:
         09:e9:44:b9:47:f7:01:f3:c5:e0:4b:08:92:fd:3f:fd:84:cc:
         6d:e7:cb:79:33:36:56:e4:66:fc:f2:db:9a:94:96:49:91:b6:
         23:9a:47:6a:7f:31:b5:00:19:43:10:c6:6c:71:18:dd:ee:d1:
         a8:1d:c9:71:3c:f9:76:86:67:7c:3f:22:07:94:e8:b5:96:14:
         18:ed:b0:51:6d:16:2d:e8:ba:9c:2b:91:4d:db:bc:8a:f6:ce:
         6e:74:f2:83:55:6b:ef:1f:20:45:6d:74:3d:93:b7:b3:fb:a8:
         3c:52:3d:64:ba:23:a6:ce:31:06:40:fd:dd:7a:98:1f:c3:7a:
         b1:09:07:8c:f3:d6:0f:6f:3a:6c:49:12:db:5a:09:a1:a0:1c:
         f4:74:12:56
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZvcwYPIPVWKHp1UisB999cDByoUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAYjZkNzBhNTRjMjRmYmQwNjViZDdk
NWQ4OWE1Y2UyNjVjZTc0NzZlYTkyZmRhNDNmMGZlNzIzMWI4OTdiYjUyOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq0riR4kXCzMkZQe2JCdG2VqarG4
Updm0pr7F8eKOwnInQubGPwXNelG0lY2KZ5WFanQhI9Set32CUOuqiSV2SLlKmgn
/Mfutfdm6D9hEeAMmjDovoGIfBpS+Y/Pwjfhn2DpLBelT9pIDvr1ikHu0OvAQFv1
RVRYIfEH2Cm7YuxThsxQHSTgVjiDiL5Vu9ZjWBPK8TqyIVY9a/S7SWBA6H9irZNN
MXikwV8WPYvTJn7l5AONQrmeEGONAx7Tb6oCtl0zIctvd/CFUiJEuIlj2W5EXRJs
28lmU6DTBR6TPtWqw7EAekUJDceV4abP1NH/TMDCF8tYN7AlSHMkqwqo0QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBTeZNytlSilBxMagSyFfD1iw401MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2M0ZDQzN2Q4LTlmODUtNGY0NC04ZGFkLTY4YjFjZTI0ZmE0ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/IAwDQYJKoZIhvcNAQELBQADggEBAE3OfegIjf0V7EUUQ/8w
m2d6O3lUmqf4zrLh19q5iLdZQ2Rli9y1SFUlDM05lw2KuYxSjBP18wo14pxX9teJ
awhVlpiQE9903KGaBlrAOaqvW0gvwqttYnhUA7ubuH4dRZwC/7qm+JQAPB/HSAnp
RLlH9wHzxeBLCJL9P/2EzG3ny3kzNlbkZvzy25qUlkmRtiOaR2p/MbUAGUMQxmxx
GN3u0agdyXE8+XaGZ3w/IgeU6LWWFBjtsFFtFi3oupwrkU3bvIr2zm508oNVa+8f
IEVtdD2Tt7P7qDxSPWS6I6bOMQZA/d16mB/DerEJB4zz1g9vOmxJEttaCaGgHPR0
ElY=
-----END CERTIFICATE-----
Generated at Fri Jun 21 01:18:45 2024 by rpki-client on console-fra.rpki-client.org