Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c83c32ac-afed-4df9-a68f-16d5cbe4e134.roa
File:                     c83c32ac-afed-4df9-a68f-16d5cbe4e134.roa (raw, json)
Hash identifier:          qVQvg/SWH1PsJAFfLpv8hs0aQyUQOlT46nu7XfW4Jew=
Subject key identifier:   F5:AE:75:FA:DB:E0:DC:96:15:A9:10:F3:77:38:2D:23:FF:4C:D7:D3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6EEE4B18EE9E05C6A08E7612B7E5F23E3648A8
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c83c32ac-afed-4df9-a68f-16d5cbe4e134.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 00:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:ee:4b:18:ee:9e:05:c6:a0:8e:76:12:b7:e5:f2:3e:36:48:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=9ebcb9b83e545759b5e00123f27ce68437c8247971f574471977e7e574740efc, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3d:02:6b:12:4f:44:92:fd:dd:89:9d:38:1a:
                    c0:ce:48:06:c5:bb:e7:a7:d6:fd:2c:09:77:93:cc:
                    3c:cf:45:e8:d1:f9:31:b6:d6:eb:b0:1e:6b:6b:40:
                    32:bf:2f:69:23:88:71:0f:7f:97:ae:3a:d3:e9:6c:
                    7f:9b:c6:73:8e:13:34:ec:4b:1c:95:b5:b5:20:a8:
                    9b:67:99:7e:d9:3b:53:81:ce:d0:41:ab:6f:82:bc:
                    bf:a5:81:7a:55:61:78:92:db:14:8b:9e:81:ea:ce:
                    7c:ad:92:9c:9c:fa:72:fa:2e:00:6a:49:a1:d6:42:
                    0f:5e:f4:4d:ff:b2:1a:e4:08:5c:a2:db:6c:4d:95:
                    ad:df:1e:74:ab:c5:bd:91:33:dd:39:de:e6:9f:cf:
                    99:15:5f:b9:9d:1a:36:56:0f:70:47:f3:34:c8:b7:
                    0f:a9:40:34:e7:43:12:4e:0f:ea:bf:36:74:06:16:
                    41:f4:e6:73:8e:08:af:a0:b4:46:f1:88:d2:6e:67:
                    88:f7:40:fd:08:f1:f2:aa:e6:ad:d3:81:0e:ad:bd:
                    57:9d:af:b2:e9:b0:71:66:50:fd:af:f9:3f:a5:f3:
                    9f:21:c4:be:d3:e1:45:79:c0:ed:e7:47:fb:fc:4d:
                    16:3e:f7:aa:84:f2:73:db:32:4b:ae:45:2f:ea:0a:
                    bb:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:AE:75:FA:DB:E0:DC:96:15:A9:10:F3:77:38:2D:23:FF:4C:D7:D3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c83c32ac-afed-4df9-a68f-16d5cbe4e134.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:95:c2:7f:89:a3:78:9a:1a:34:4f:b2:c5:51:24:b8:a8:eb:
         83:a9:cf:a5:73:30:f5:9c:68:8d:f0:9b:78:8b:fb:58:fe:c6:
         01:ba:39:65:2e:94:56:bd:26:05:1c:da:e5:93:16:05:c9:94:
         03:5a:31:b9:ba:97:ad:3c:75:b7:62:2d:16:a4:3d:dc:e9:9c:
         c5:4b:56:2b:33:81:dc:00:c3:c9:86:4a:c4:05:92:62:e8:e8:
         00:ce:a4:9a:61:ac:c0:b7:04:ff:ca:a5:49:29:be:ac:89:18:
         11:0c:20:bc:57:a9:9c:c2:7a:6f:66:82:23:c2:c0:4a:7b:b9:
         27:4b:5e:7a:90:03:7f:01:d7:a8:d7:b5:82:c1:2b:b4:45:fb:
         5d:12:e4:b3:94:25:3b:ef:9e:68:40:34:da:c8:d1:e9:29:f4:
         61:e3:8d:89:2b:a7:1b:34:83:df:17:f5:e5:b4:b9:77:1a:2f:
         f5:50:23:cc:68:65:54:8d:1d:82:fc:32:eb:50:26:4f:41:4c:
         b3:04:44:08:94:ad:17:9d:eb:54:92:af:9d:2b:8b:96:2a:a4:
         53:18:7a:e5:2b:c1:f6:3c:1a:62:64:b7:ae:e7:53:8f:30:0c:
         09:ac:8c:7b:45:93:f1:59:b7:82:f7:7f:fc:f6:d3:0e:4f:dd:
         8c:39:b2:30
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgITbu5LGO6eBcagjnYSt+XyPjZIqDANBgkqhkiG9w0BAQsF
ADBKMRUwEwYDVQQDEwxBOTFGNjM1RjAwMDAxMTAvBgNVBAUTKDQwNzY4MjU1MjRE
MkM2NkQyRTEwNDM2RkU2NUU5M0U4QzFCRDRBMzcwHhcNMjQwNTI3MDAwMDAwWhcN
MjQwNzAxMjM1OTU5WjB6MUkwRwYDVQQFE0A5ZWJjYjliODNlNTQ1NzU5YjVlMDAx
MjNmMjdjZTY4NDM3YzgyNDc5NzFmNTc0NDcxOTc3ZTdlNTc0NzQwZWZjMS0wKwYD
VQQDEyRjMGJmMGZlOC03MTdjLTRmNzItOWI0NS1jOWM1MTkxMzJhODEwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9PQJrEk9Ekv3diZ04GsDOSAbFu+en
1v0sCXeTzDzPRejR+TG21uuwHmtrQDK/L2kjiHEPf5euOtPpbH+bxnOOEzTsSxyV
tbUgqJtnmX7ZO1OBztBBq2+CvL+lgXpVYXiS2xSLnoHqznytkpyc+nL6LgBqSaHW
Qg9e9E3/shrkCFyi22xNla3fHnSrxb2RM9053uafz5kVX7mdGjZWD3BH8zTItw+p
QDTnQxJOD+q/NnQGFkH05nOOCK+gtEbxiNJuZ4j3QP0I8fKq5q3TgQ6tvVedr7Lp
sHFmUP2v+T+l858hxL7T4UV5wO3nR/v8TRY+96qE8nPbMkuuRS/qCrvnAgMBAAGj
ggJKMIICRjAdBgNVHQ4EFgQU9a51+tvg3JYVqRDzdzgtI/9M19MwHwYDVR0jBBgw
FoAUQHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUF
BwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBv
c2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RT
eG0wdUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEv
YzgzYzMyYWMtYWZlZC00ZGY5LWE2OGYtMTZkNWNiZTRlMTM0LnJvYTCBlQYDVR0f
BIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFt
YXpvbmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUw
YmVjOTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3Js
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAkBtr0CDANBgkqhkiG9w0BAQsFAAOCAQEANpXCf4mjeJoaNE+yxVEk
uKjrg6nPpXMw9ZxojfCbeIv7WP7GAbo5ZS6UVr0mBRza5ZMWBcmUA1oxubqXrTx1
t2ItFqQ93OmcxUtWKzOB3ADDyYZKxAWSYujoAM6kmmGswLcE/8qlSSm+rIkYEQwg
vFepnMJ6b2aCI8LASnu5J0teepADfwHXqNe1gsErtEX7XRLks5QlO++eaEA02sjR
6Sn0YeONiSunGzSD3xf15bS5dxov9VAjzGhlVI0dgvwy61AmT0FMswRECJStF53r
VJKvnSuLliqkUxh65SvB9jwaYmS3rudTjzAMCayMe0WT8Vm3gvd//PbTDk/djDmy
MA==
-----END CERTIFICATE-----
Generated at Thu Jun 20 01:11:16 2024 by rpki-client on console-fra.rpki-client.org