Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cb170b77-8177-4929-971d-9c220aff91d9.roa
File:                     cb170b77-8177-4929-971d-9c220aff91d9.roa (raw, json)
Hash identifier:          Gff3c4JMYnNXRKvFv9Ly1fCK/h9P/jrXbn8WQ7haWWE=
Subject key identifier:   A8:E8:A2:58:C5:CB:40:AA:E1:35:8B:1F:2A:18:08:F7:AA:C4:3F:93
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0768C9AF9B998F9C7FDF7CC30B84B143071959D7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cb170b77-8177-4929-971d-9c220aff91d9.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Sun 30 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:7000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Mar 2023 12:04:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:68:c9:af:9b:99:8f:9c:7f:df:7c:c3:0b:84:b1:43:07:19:59:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Apr 30 23:59:59 2023 GMT
        Subject: serialNumber=03ab538aaa356549b479e31709988a33331c44d1de758e254d6c543ebdc8ff0b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:85:0f:3a:b1:b7:75:57:05:53:f2:e2:93:24:
                    80:eb:92:2e:e3:ef:b0:8f:3b:2d:9b:34:af:66:68:
                    53:e5:15:89:2a:aa:01:5b:f4:83:42:d7:45:83:ff:
                    e6:31:02:a4:9a:55:dc:4c:4e:fe:f4:97:87:ee:d9:
                    e1:83:23:6f:ec:ed:af:3b:40:6d:59:a0:48:e1:75:
                    81:7c:7a:1a:5e:ab:ac:24:62:bd:52:38:47:22:10:
                    7a:51:25:b5:d4:54:03:81:1d:cc:7d:57:27:a3:ee:
                    fb:3f:ed:24:6d:5e:fd:1c:3d:58:1b:ed:b1:43:90:
                    16:3c:20:22:6e:68:f2:1a:9e:fa:1e:c1:df:4a:94:
                    e0:0f:96:0d:8b:90:9d:c6:df:c2:65:81:4b:ff:91:
                    d9:5e:91:63:ae:96:a4:55:67:0f:48:44:17:a8:6e:
                    a7:2b:29:0c:e9:91:6f:05:ba:7c:69:1d:78:dc:0e:
                    2c:97:57:08:14:0f:f0:7a:57:db:d4:3b:8c:20:21:
                    c0:ce:34:d9:33:dc:3c:5c:27:8d:96:87:b7:88:f5:
                    5c:54:93:51:ee:06:9d:6f:6f:e6:ec:42:f3:da:9b:
                    dc:57:06:59:16:90:25:56:81:ee:c8:e1:70:09:0b:
                    cd:07:12:73:d4:04:3f:9c:80:06:ff:3b:77:9e:01:
                    87:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                A8:E8:A2:58:C5:CB:40:AA:E1:35:8B:1F:2A:18:08:F7:AA:C4:3F:93
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cb170b77-8177-4929-971d-9c220aff91d9.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         80:2a:f3:67:f1:b4:cf:73:9e:3d:dc:51:b2:2e:22:a0:1c:be:
         58:e4:8c:bb:26:77:4a:c4:4f:14:c5:5d:97:2b:d2:ef:2d:69:
         07:c1:6c:8f:af:53:11:8f:40:59:e0:12:85:32:e5:7c:cc:08:
         0b:bc:a6:b9:12:be:6b:bf:2a:0c:7d:ce:3a:a8:d8:5d:42:45:
         3a:74:3d:bb:dd:fc:70:ec:23:9c:62:05:b4:7f:da:17:18:58:
         2e:26:43:fb:21:0f:a4:42:b6:18:2e:8c:e3:0f:0b:d8:23:37:
         25:b8:21:93:cf:af:bb:00:bb:22:0e:0f:90:de:de:50:32:cf:
         e2:f6:67:a1:47:7b:34:e3:c0:d3:36:e1:e1:4b:43:65:33:56:
         2d:74:40:71:40:1a:b1:11:61:e4:be:b7:d5:51:f6:97:8a:c5:
         af:f5:d0:b3:17:5e:07:a3:2a:0a:ac:7a:37:b1:69:e0:45:ea:
         38:8b:f3:64:c6:24:01:0f:39:eb:c2:44:11:97:b6:a6:1e:ae:
         ed:19:a6:d9:ff:a9:d2:78:d5:48:04:39:10:30:d0:1b:ba:d8:
         f9:56:90:70:89:fb:8f:31:4d:f6:25:53:96:6a:07:7f:55:5d:
         ad:2e:bf:3a:78:7d:71:85:c9:67:d6:fa:b7:d8:49:23:4e:f3:
         6c:de:4f:f0
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUB2jJr5uZj5x/33zDC4SxQwcZWdcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMyNjAwMDAwMFoX
DTIzMDQzMDIzNTk1OVowgaUxSTBHBgNVBAUTQDAzYWI1MzhhYWEzNTY1NDliNDc5
ZTMxNzA5OTg4YTMzMzMxYzQ0ZDFkZTc1OGUyNTRkNmM1NDNlYmRjOGZmMGIxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5hQ86sbd1VwVT8uKTJIDrki7j77CPOy2b
NK9maFPlFYkqqgFb9INC10WD/+YxAqSaVdxMTv70l4fu2eGDI2/s7a87QG1ZoEjh
dYF8ehpeq6wkYr1SOEciEHpRJbXUVAOBHcx9Vyej7vs/7SRtXv0cPVgb7bFDkBY8
ICJuaPIanvoewd9KlOAPlg2LkJ3G38JlgUv/kdlekWOulqRVZw9IRBeobqcrKQzp
kW8FunxpHXjcDiyXVwgUD/B6V9vUO4wgIcDONNkz3DxcJ42Wh7eI9VxUk1HuBp1v
b+bsQvPam9xXBlkWkCVWge7I4XAJC80HEnPUBD+cgAb/O3eeAYdNAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUqOiiWMXLQKrhNYsfKhgI96rEP5MwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvY2Ix
NzBiNzctODE3Ny00OTI5LTk3MWQtOWMyMjBhZmY5MWQ5LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtpgcDANBgkqhkiG9w0BAQsFAAOCAQEAgCrzZ/G0z3OePdxRsi4ioBy+
WOSMuyZ3SsRPFMVdlyvS7y1pB8Fsj69TEY9AWeAShTLlfMwIC7ymuRK+a78qDH3O
OqjYXUJFOnQ9u938cOwjnGIFtH/aFxhYLiZD+yEPpEK2GC6M4w8L2CM3Jbghk8+v
uwC7Ig4PkN7eUDLP4vZnoUd7NOPA0zbh4UtDZTNWLXRAcUAasRFh5L631VH2l4rF
r/XQsxdeB6MqCqx6N7Fp4EXqOIvzZMYkAQ8568JEEZe2ph6u7Rmm2f+p0njVSAQ5
EDDQG7rY+VaQcIn7jzFN9iVTlmoHf1VdrS6/Onh9cYXJZ9b6t9hJI07zbN5P8A==
-----END CERTIFICATE-----
Generated at Sun Mar 26 00:25:44 2023 by rpki-client on console-fra.rpki-client.org