Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a048e9-67c5-415d-88d4-0acc3454af62.roa
File:                     c7a048e9-67c5-415d-88d4-0acc3454af62.roa (raw, json)
Hash identifier:          rc2/TQCFiDx67bEJd9e3epiKS6qnyf3eBtWNpHP0Fho=
Subject key identifier:   D1:B4:40:56:72:4D:2C:81:B1:0B:AF:99:E6:9D:95:28:E6:8C:78:53
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       50C7BDE42E840761034036753130A75C0971D460
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a048e9-67c5-415d-88d4-0acc3454af62.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafe:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:c7:bd:e4:2e:84:07:61:03:40:36:75:31:30:a7:5c:09:71:d4:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=fda86c34cbbfaa3aeb95c5aae9b86cb9ae8855ce497c71e7bd73d110b8666347, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ed:86:62:9b:0b:a2:d1:98:5d:86:fb:54:5d:
                    7d:c2:ec:29:fd:34:45:62:8a:7c:b5:35:5e:0c:f7:
                    4e:df:bb:96:ce:fa:8b:92:23:2e:64:6f:81:b4:9c:
                    c1:35:c2:65:35:a1:e2:bf:4b:bb:64:18:d3:2a:c2:
                    18:39:2d:c6:85:fd:fe:dc:b9:da:ca:bd:da:d0:8e:
                    27:7b:d1:77:1a:d6:b9:2a:43:06:5b:cb:c0:be:d9:
                    d5:31:2f:db:c9:e5:98:ee:af:94:5b:4b:85:df:13:
                    52:24:a2:e0:00:89:ae:42:18:b3:3f:e4:5a:70:24:
                    ce:c6:3e:87:0e:d6:ef:96:2a:b1:06:b1:84:16:1c:
                    16:45:6c:6a:a1:a9:88:02:77:c5:aa:5f:97:ab:04:
                    bc:5f:17:5c:d1:9d:36:88:b8:58:6d:80:16:43:fc:
                    59:77:81:85:d7:28:d3:ae:23:69:9a:d1:ad:c2:3d:
                    b9:fa:8f:d6:d3:97:d2:13:9d:d4:63:53:53:0d:56:
                    d9:80:10:e7:22:ae:1f:83:23:9c:98:ca:d2:b3:f2:
                    b5:f3:ca:8d:25:af:28:f3:73:4f:0a:91:e7:0f:05:
                    4e:23:36:db:31:a9:c4:c5:15:34:a8:ec:83:6f:fa:
                    14:7e:e8:9c:18:ad:6e:66:f9:99:a7:d1:2f:b0:78:
                    e4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B4:40:56:72:4D:2C:81:B1:0B:AF:99:E6:9D:95:28:E6:8C:78:53
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a048e9-67c5-415d-88d4-0acc3454af62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafe:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:d4:41:05:86:a8:8c:81:cf:8a:9b:b3:51:23:42:a4:10:89:
         26:77:17:aa:63:2f:1b:f9:d4:75:8c:ba:e0:ae:73:a4:5b:8e:
         3b:a0:6e:fe:d7:5a:0e:40:21:2a:8b:3a:6b:96:55:21:dd:e8:
         38:ec:a0:4c:95:d2:a8:ee:6a:f9:fb:c0:dd:3b:f8:4e:88:44:
         bb:fc:90:55:4d:fd:74:f7:fd:9d:3e:df:70:ec:81:5e:74:d3:
         06:63:01:aa:1b:73:82:11:16:87:52:0a:e3:15:be:db:b6:cf:
         c3:93:3f:85:26:02:31:fa:26:c2:da:78:dd:d2:f6:9e:da:0d:
         b4:b3:59:37:27:36:d9:29:5d:6c:aa:38:07:2f:45:25:b8:f4:
         7d:6f:97:b2:08:15:65:22:89:13:92:50:9d:a1:1c:fc:43:b8:
         65:ff:48:49:95:63:a7:3d:c6:17:6f:a3:da:b6:10:da:79:cb:
         b1:26:e7:1e:f0:18:67:b4:3a:b9:72:2a:44:67:f8:5c:5a:f3:
         5d:0b:72:a2:ec:6e:3d:5d:58:00:ef:f3:d8:3d:43:95:48:82:
         1f:e7:d3:a6:8d:ff:57:6c:be:e2:f4:03:87:24:82:32:67:96:
         67:69:ba:31:f0:63:f3:c5:30:3f:94:af:c1:af:1e:8f:24:59:
         e3:5d:f4:d0
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUUMe95C6EB2EDQDZ1MTCnXAlx1GAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAZmRhODZjMzRjYmJmYWEzYWViOTVj
NWFhZTliODZjYjlhZTg4NTVjZTQ5N2M3MWU3YmQ3M2QxMTBiODY2NjM0NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+2GYpsLotGYXYb7VF19wuwp/TRF
Yop8tTVeDPdO37uWzvqLkiMuZG+BtJzBNcJlNaHiv0u7ZBjTKsIYOS3Ghf3+3Lna
yr3a0I4ne9F3Gta5KkMGW8vAvtnVMS/byeWY7q+UW0uF3xNSJKLgAImuQhizP+Ra
cCTOxj6HDtbvliqxBrGEFhwWRWxqoamIAnfFql+XqwS8Xxdc0Z02iLhYbYAWQ/xZ
d4GF1yjTriNpmtGtwj25+o/W05fSE53UY1NTDVbZgBDnIq4fgyOcmMrSs/K188qN
Ja8o83NPCpHnDwVOIzbbManExRU0qOyDb/oUfuicGK1uZvmZp9EvsHjkrwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNG0QFZyTSyBsQuvmeadlSjmjHhTMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2M3YTA0OGU5LTY3YzUtNDE1ZC04OGQ0LTBhY2MzNDU0YWY2Mi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/oAwDQYJKoZIhvcNAQELBQADggEBAALUQQWGqIyBz4qbs1Ej
QqQQiSZ3F6pjLxv51HWMuuCuc6Rbjjugbv7XWg5AISqLOmuWVSHd6DjsoEyV0qju
avn7wN07+E6IRLv8kFVN/XT3/Z0+33DsgV500wZjAaobc4IRFodSCuMVvtu2z8OT
P4UmAjH6JsLaeN3S9p7aDbSzWTcnNtkpXWyqOAcvRSW49H1vl7IIFWUiiROSUJ2h
HPxDuGX/SEmVY6c9xhdvo9q2ENp5y7Em5x7wGGe0OrlyKkRn+Fxa810LcqLsbj1d
WADv89g9Q5VIgh/n06aN/1dsvuL0A4ckgjJnlmdpujHwY/PFMD+Ur8GvHo8kWeNd
9NA=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:46 2023 by rpki-client on console-fra.rpki-client.org