Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a048e9-67c5-415d-88d4-0acc3454af62.roa
File:                     c7a048e9-67c5-415d-88d4-0acc3454af62.roa (raw, json)
Hash identifier:          CNSGrIGYuOSDuRkYnFecHUrFrjNMJhhHSwJwBjpHbow=
Subject key identifier:   2D:FC:0B:66:02:23:BA:78:4D:0D:B1:2E:92:39:A1:47:72:29:2B:5B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       36FA9BCEAD4EAB77043BD31F7C272B482EEC6DA3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a048e9-67c5-415d-88d4-0acc3454af62.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafe:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:fa:9b:ce:ad:4e:ab:77:04:3b:d3:1f:7c:27:2b:48:2e:ec:6d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=e95c93a2b9bd53811ee7aee0da9af7bcd54caae2893c2d52ffacd571a463a857, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f2:02:a7:8a:33:e5:0e:fc:7c:f6:e8:ed:c0:
                    d4:13:39:cf:65:a5:fc:e1:99:86:3b:dc:f2:50:64:
                    03:02:ba:10:f1:52:db:15:77:64:67:57:c1:6d:3b:
                    2c:5c:43:06:a8:77:d2:3c:27:7a:ad:51:22:77:b1:
                    0c:f0:c4:63:d8:f2:52:24:98:5f:67:11:6a:64:63:
                    ba:a4:98:6c:24:27:85:67:f7:7e:3d:db:9e:2b:6c:
                    39:1f:e1:7d:66:62:ee:71:fe:e6:e4:1e:da:f4:8d:
                    db:eb:32:90:c8:76:38:69:39:1a:a8:d3:da:b2:21:
                    b8:fc:23:f6:19:cf:f5:70:49:ea:b4:3d:4e:1e:9d:
                    57:98:82:10:98:c4:0a:a8:d2:2a:2a:2b:c5:58:a3:
                    5b:8c:85:a7:b6:db:86:e0:2a:00:e3:09:37:38:53:
                    0a:06:4e:7b:15:5f:cf:b6:b7:d8:41:1b:a4:77:11:
                    f7:f0:02:ab:b6:32:6d:41:01:7e:01:14:8e:2a:4e:
                    7d:4c:7c:b7:1d:3e:b3:03:e8:99:6c:7e:8b:2f:d3:
                    00:56:b5:e5:aa:ca:d5:cf:55:fe:52:55:5a:10:d7:
                    70:83:b6:74:88:43:49:2f:8d:f9:a2:21:7a:54:cb:
                    d2:18:02:75:e3:4c:52:a5:b1:a4:88:68:5f:c2:78:
                    cb:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FC:0B:66:02:23:BA:78:4D:0D:B1:2E:92:39:A1:47:72:29:2B:5B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c7a048e9-67c5-415d-88d4-0acc3454af62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafe:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         41:70:76:9a:1e:71:1f:60:66:39:12:94:7b:11:1c:42:f7:35:
         8f:95:91:b7:da:7c:fb:4a:2e:d7:f8:8a:e3:bf:00:fd:40:95:
         2b:05:a6:ba:c0:f5:28:62:b0:14:59:ef:51:cb:d3:6c:a0:18:
         43:95:c8:ef:f8:11:93:2d:a6:f8:1d:c8:5a:13:83:62:3c:5a:
         3e:38:dc:b5:4f:43:99:0f:4a:6a:57:45:cb:8d:e5:8c:55:b9:
         68:47:5e:14:b0:d0:60:47:7d:f5:60:44:c2:70:75:94:c3:cc:
         5d:39:5d:4a:c5:be:e0:68:4f:61:e2:fa:2a:47:54:97:a4:24:
         ad:ff:bd:db:af:f1:25:df:37:51:14:eb:0d:5c:9b:4a:aa:49:
         bd:1e:9b:14:dc:84:fa:35:3e:ed:42:51:62:8c:a4:81:32:a4:
         9f:10:84:de:69:fd:5a:0a:b9:f3:64:3f:1c:f5:77:6d:90:1d:
         4f:6c:a7:b6:60:18:57:66:42:1a:fd:94:fa:29:f3:e3:ec:8d:
         ea:4b:16:af:64:d9:3a:42:e3:13:51:bf:41:23:6d:9f:21:c9:
         c3:b0:6d:88:b2:56:79:d0:17:e0:9b:03:2e:63:10:e9:ef:bf:
         eb:05:5a:a7:b6:24:b5:fb:a4:96:ac:31:8f:61:f5:26:79:44:
         a9:da:aa:e2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNvqbzq1Oq3cEO9MffCcrSC7sbaMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAZTk1YzkzYTJiOWJkNTM4MTFlZTdh
ZWUwZGE5YWY3YmNkNTRjYWFlMjg5M2MyZDUyZmZhY2Q1NzFhNDYzYTg1NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfICp4oz5Q78fPbo7cDUEznPZaX8
4ZmGO9zyUGQDAroQ8VLbFXdkZ1fBbTssXEMGqHfSPCd6rVEid7EM8MRj2PJSJJhf
ZxFqZGO6pJhsJCeFZ/d+PdueK2w5H+F9ZmLucf7m5B7a9I3b6zKQyHY4aTkaqNPa
siG4/CP2Gc/1cEnqtD1OHp1XmIIQmMQKqNIqKivFWKNbjIWnttuG4CoA4wk3OFMK
Bk57FV/PtrfYQRukdxH38AKrtjJtQQF+ARSOKk59THy3HT6zA+iZbH6LL9MAVrXl
qsrVz1X+UlVaENdwg7Z0iENJL435oiF6VMvSGAJ140xSpbGkiGhfwnjLpwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFC38C2YCI7p4TQ2xLpI5oUdyKStbMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2M3YTA0OGU5LTY3YzUtNDE1ZC04OGQ0LTBhY2MzNDU0YWY2Mi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/oAwDQYJKoZIhvcNAQELBQADggEBAEFwdpoecR9gZjkSlHsR
HEL3NY+VkbfafPtKLtf4iuO/AP1AlSsFprrA9ShisBRZ71HL02ygGEOVyO/4EZMt
pvgdyFoTg2I8Wj443LVPQ5kPSmpXRcuN5YxVuWhHXhSw0GBHffVgRMJwdZTDzF05
XUrFvuBoT2Hi+ipHVJekJK3/vduv8SXfN1EU6w1cm0qqSb0emxTchPo1Pu1CUWKM
pIEypJ8QhN5p/VoKufNkPxz1d22QHU9sp7ZgGFdmQhr9lPop8+PsjepLFq9k2TpC
4xNRv0EjbZ8hycOwbYiyVnnQF+CbAy5jEOnvv+sFWqe2JLX7pJasMY9h9SZ5RKna
quI=
-----END CERTIFICATE-----
Generated at Thu Jul 18 02:11:49 2024 by rpki-client on console-fra.rpki-client.org