Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cbf31b97-a191-4a60-a9de-6f29bbef8b2e.roa
File:                     cbf31b97-a191-4a60-a9de-6f29bbef8b2e.roa (raw, json)
Hash identifier:          CXOtTT88591WMbmb5R7fOEamluhr/LF6P0ca2b7EGKU=
Subject key identifier:   A8:09:51:C1:4E:CC:AC:EA:02:1A:E8:47:18:76:07:02:9A:18:92:50
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2EE3263ECE60F2DB27F421519CAF85989EB5EE9A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cbf31b97-a191-4a60-a9de-6f29bbef8b2e.roa
Signing time:             Tue 28 May 2024 00:00:00 +0000
ROA not before:           Tue 28 May 2024 00:00:00 +0000
ROA not after:            Tue 02 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:c000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:e3:26:3e:ce:60:f2:db:27:f4:21:51:9c:af:85:98:9e:b5:ee:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 28 00:00:00 2024 GMT
            Not After : Jul  2 23:59:59 2024 GMT
        Subject: serialNumber=f0aac7a87a905f37e16ff2b4c0876ed4b52b00428bc14f9254dcee3d9ecd326f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0e:fb:55:42:73:dc:23:ce:26:47:2a:10:21:
                    cb:41:35:a2:5e:d1:57:b5:81:4c:48:f1:56:4d:6c:
                    df:fe:bb:fc:f7:41:09:f7:b0:72:e7:af:84:c8:ae:
                    e1:7a:b2:8f:5f:39:fd:1c:63:c1:02:35:21:b5:d4:
                    24:dc:eb:f2:a4:1a:85:41:90:6e:26:51:b9:85:3b:
                    f6:74:ab:ea:84:9c:01:cf:71:19:30:63:26:58:27:
                    d8:57:4f:ef:b3:87:43:f9:d2:9d:06:62:cf:94:a4:
                    56:8b:65:c8:4d:79:ad:8e:1c:e9:c0:51:3b:0e:78:
                    90:85:d5:97:a8:fb:84:22:11:5c:17:b1:2c:4b:e2:
                    9f:26:92:46:d9:e1:ae:d1:f1:58:c6:61:24:85:c8:
                    bb:c2:fd:22:d2:9d:aa:27:e4:3c:5f:1c:1e:a7:d0:
                    3d:6e:f3:73:f2:da:68:e4:6d:83:b2:37:a1:07:35:
                    23:fc:49:ea:11:45:b7:6f:3d:ba:8e:bc:95:09:66:
                    b3:a3:f3:38:c4:ac:fe:24:33:d9:e5:1e:ba:1d:8f:
                    0b:ca:e0:94:4e:c5:86:6d:62:50:1b:e7:69:4a:45:
                    c3:d7:71:54:bc:1b:8b:88:af:f5:96:b9:dc:e4:d9:
                    e1:a6:2d:0e:95:78:e7:45:17:08:44:88:00:40:89:
                    5f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:09:51:C1:4E:CC:AC:EA:02:1A:E8:47:18:76:07:02:9A:18:92:50
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cbf31b97-a191-4a60-a9de-6f29bbef8b2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:5a:0c:56:99:fa:10:cb:90:cd:82:bb:b6:b8:60:bc:ae:3a:
         b8:aa:ca:a7:9d:6d:27:07:5a:cb:08:cc:5b:69:4e:65:a5:81:
         46:fb:7e:c9:7f:51:6e:6f:46:18:47:97:0c:00:63:eb:b6:79:
         aa:6b:58:63:8c:b5:61:85:ee:fc:1e:d6:2d:ac:99:e7:35:e2:
         a4:03:d7:c1:98:be:bd:e9:86:e3:9c:dd:38:d3:fb:a5:a6:b4:
         bb:e7:3e:32:2d:16:85:5b:f3:f5:98:ca:4d:42:ab:16:f7:e0:
         13:26:22:89:d3:aa:61:97:6e:0a:6f:15:5c:95:c3:f5:6d:c4:
         f1:d3:8a:d6:71:18:75:df:83:67:ba:e9:82:57:38:34:22:bd:
         af:1e:b9:7a:c5:20:16:66:ed:0e:93:ba:14:48:24:0f:57:fc:
         4e:1d:c8:99:b1:2c:12:52:06:fe:f2:32:e7:1f:b2:51:98:78:
         df:40:a7:0a:83:ac:2d:f4:fe:3a:d5:6f:e1:43:e8:c3:1a:a6:
         2a:1a:12:5c:2f:12:60:10:1f:a0:d2:d9:a4:a9:c4:b1:24:30:
         0b:af:87:1b:34:ac:d2:b4:9c:55:5e:1f:ba:38:6d:f8:a8:df:
         b6:2e:9a:db:59:e0:5d:a0:bd:7b:19:3a:f3:b3:6c:ad:f7:c4:
         14:a6:85:0d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULuMmPs5g8tsn9CFRnK+FmJ617powDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyODAwMDAwMFoX
DTI0MDcwMjIzNTk1OVowejFJMEcGA1UEBRNAZjBhYWM3YTg3YTkwNWYzN2UxNmZm
MmI0YzA4NzZlZDRiNTJiMDA0MjhiYzE0ZjkyNTRkY2VlM2Q5ZWNkMzI2ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw77VUJz3CPOJkcqECHLQTWiXtFX
tYFMSPFWTWzf/rv890EJ97By56+EyK7herKPXzn9HGPBAjUhtdQk3OvypBqFQZBu
JlG5hTv2dKvqhJwBz3EZMGMmWCfYV0/vs4dD+dKdBmLPlKRWi2XITXmtjhzpwFE7
DniQhdWXqPuEIhFcF7EsS+KfJpJG2eGu0fFYxmEkhci7wv0i0p2qJ+Q8Xxwep9A9
bvNz8tpo5G2DsjehBzUj/EnqEUW3bz26jryVCWazo/M4xKz+JDPZ5R66HY8LyuCU
TsWGbWJQG+dpSkXD13FUvBuLiK/1lrnc5Nnhpi0OlXjnRRcIRIgAQIlfsQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKgJUcFOzKzqAhroRxh2BwKaGJJQMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NiZjMxYjk3LWExOTEtNGE2MC1hOWRlLTZmMjliYmVmOGIyZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9MAwDQYJKoZIhvcNAQELBQADggEBAHZaDFaZ+hDLkM2Cu7a4
YLyuOriqyqedbScHWssIzFtpTmWlgUb7fsl/UW5vRhhHlwwAY+u2eaprWGOMtWGF
7vwe1i2smec14qQD18GYvr3phuOc3TjT+6WmtLvnPjItFoVb8/WYyk1Cqxb34BMm
IonTqmGXbgpvFVyVw/VtxPHTitZxGHXfg2e66YJXODQiva8euXrFIBZm7Q6TuhRI
JA9X/E4dyJmxLBJSBv7yMucfslGYeN9ApwqDrC30/jrVb+FD6MMapioaElwvEmAQ
H6DS2aSpxLEkMAuvhxs0rNK0nFVeH7o4bfio37YumttZ4F2gvXsZOvOzbK33xBSm
hQ0=
-----END CERTIFICATE-----
Generated at Sun Jun 16 00:53:14 2024 by rpki-client on console-fra.rpki-client.org