Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c6ac1a0f-d49c-46c6-8787-267094ee9f47.roa
File:                     c6ac1a0f-d49c-46c6-8787-267094ee9f47.roa (raw, json)
Hash identifier:          b7nJhliB0pPzj+PEgeKfqppTHFGIzwsb8iKJpEYPXOs=
Subject key identifier:   7C:4A:D2:34:32:5F:17:D1:C3:15:AD:8B:A1:D1:71:57:AE:96:68:BE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       160E36C6C0E3B2F347B3CFD72DE198E95EB9BC56
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c6ac1a0f-d49c-46c6-8787-267094ee9f47.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 00:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:0e:36:c6:c0:e3:b2:f3:47:b3:cf:d7:2d:e1:98:e9:5e:b9:bc:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=1210b85f178d9b75fa74b418caee96782dbbe73cbc6502ea8a1d1e3a9411bc9e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:46:ad:bc:ac:8e:e0:47:06:9d:be:bd:1c:1a:
                    c6:3a:c8:23:26:c4:31:9a:4d:87:1b:a5:92:c6:1d:
                    23:00:16:aa:24:3f:fd:3b:93:46:5c:71:23:ba:ac:
                    5c:da:19:72:1d:1b:bd:8f:d3:81:44:93:a6:1e:ac:
                    79:77:5b:31:93:d6:c5:5e:c4:d1:b1:f6:30:cf:5b:
                    cd:83:98:4a:74:9c:ea:33:b9:ff:eb:43:2c:10:e1:
                    01:a6:27:e9:b1:a6:7a:e5:25:7b:26:d1:20:46:85:
                    f9:8a:4c:9c:dc:b4:4d:61:7c:4a:92:c3:89:41:3f:
                    9f:7a:9e:81:72:fb:9d:31:7b:aa:69:b4:68:85:6b:
                    30:f6:25:fc:bf:3b:30:e2:48:f9:91:97:ba:35:4e:
                    62:46:54:2c:45:41:db:5a:f4:33:dd:74:51:e0:5f:
                    0d:2f:33:d8:c9:91:51:fd:32:fa:25:9e:91:a1:8b:
                    7e:91:4d:35:d2:08:52:0c:61:00:93:e0:e2:b0:f3:
                    35:77:f3:db:af:c5:f2:a4:0c:41:55:2c:21:74:26:
                    d4:a7:18:f6:45:49:f8:fd:09:77:96:98:6f:d4:46:
                    82:1b:4c:fb:f2:44:f2:75:6d:84:27:29:64:a4:1d:
                    29:46:7a:1b:8e:05:00:67:99:cb:28:aa:bc:8b:72:
                    62:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:4A:D2:34:32:5F:17:D1:C3:15:AD:8B:A1:D1:71:57:AE:96:68:BE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c6ac1a0f-d49c-46c6-8787-267094ee9f47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         80:b1:5f:80:e9:b0:b7:01:92:bf:3c:16:31:9f:44:0a:9a:53:
         a2:df:ef:3f:d7:3b:a3:88:4b:90:7e:2b:d0:73:48:dc:b9:47:
         28:ab:5e:cd:b5:0c:ec:7a:43:b6:db:c4:08:ef:be:fd:0e:41:
         b1:b6:d0:95:f3:74:f2:72:e5:8e:81:af:de:41:6a:9e:9a:67:
         56:d8:2a:2d:48:f4:6a:bf:24:18:d1:d7:49:79:96:ff:9c:80:
         51:3a:b3:6a:80:64:1b:02:b3:ae:a6:0b:14:c0:1a:32:9a:f9:
         ce:4d:23:aa:a0:3c:04:6a:77:5c:57:6e:31:92:15:71:31:fb:
         75:d1:4b:1b:b7:0a:f2:8d:d0:23:9a:69:82:fd:5a:75:70:68:
         48:46:3e:51:48:dd:f7:99:93:a1:6f:4d:d8:6c:4a:be:ec:fd:
         04:7f:06:28:c4:59:37:5c:b9:a5:82:26:9f:a1:50:22:16:3d:
         2c:7c:e2:b8:64:6c:e7:e2:bd:27:a6:a3:34:aa:17:7f:f2:81:
         84:f4:5f:99:86:a9:60:0b:44:ee:3e:02:31:d3:78:95:9d:b8:
         c1:dd:6f:e5:3e:e7:39:d8:11:83:5e:53:3e:5e:83:b0:1f:bc:
         7d:26:eb:cd:fe:e2:98:21:df:3b:93:88:67:42:86:77:6e:74:
         7e:90:c9:37
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFg42xsDjsvNHs8/XLeGY6V65vFYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAMTIxMGI4NWYxNzhkOWI3NWZhNzRi
NDE4Y2FlZTk2NzgyZGJiZTczY2JjNjUwMmVhOGExZDFlM2E5NDExYmM5ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EatvKyO4EcGnb69HBrGOsgjJsQx
mk2HG6WSxh0jABaqJD/9O5NGXHEjuqxc2hlyHRu9j9OBRJOmHqx5d1sxk9bFXsTR
sfYwz1vNg5hKdJzqM7n/60MsEOEBpifpsaZ65SV7JtEgRoX5ikyc3LRNYXxKksOJ
QT+fep6BcvudMXuqabRohWsw9iX8vzsw4kj5kZe6NU5iRlQsRUHbWvQz3XRR4F8N
LzPYyZFR/TL6JZ6RoYt+kU010ghSDGEAk+DisPM1d/Pbr8XypAxBVSwhdCbUpxj2
RUn4/Ql3lphv1EaCG0z78kTydW2EJylkpB0pRnobjgUAZ5nLKKq8i3JiuwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHxK0jQyXxfRwxWti6HRcVeulmi+MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2M2YWMxYTBmLWQ0OWMtNDZjNi04Nzg3LTI2NzA5NGVlOWY0Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOGAwDQYJKoZIhvcNAQELBQADggEBAICxX4DpsLcBkr88FjGf
RAqaU6Lf7z/XO6OIS5B+K9BzSNy5RyirXs21DOx6Q7bbxAjvvv0OQbG20JXzdPJy
5Y6Br95Bap6aZ1bYKi1I9Gq/JBjR10l5lv+cgFE6s2qAZBsCs66mCxTAGjKa+c5N
I6qgPARqd1xXbjGSFXEx+3XRSxu3CvKN0COaaYL9WnVwaEhGPlFI3feZk6FvTdhs
Sr7s/QR/BijEWTdcuaWCJp+hUCIWPSx84rhkbOfivSemozSqF3/ygYT0X5mGqWAL
RO4+AjHTeJWduMHdb+U+5znYEYNeUz5eg7AfvH0m683+4pgh3zuTiGdChndudH6Q
yTc=
-----END CERTIFICATE-----
Generated at Mon Jun 17 18:19:40 2024 by rpki-client on console-ams.rpki-client.org