Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cc8e290b-8648-47ee-bd2f-426c31d42b90.roa
File:                     cc8e290b-8648-47ee-bd2f-426c31d42b90.roa (raw, json)
Hash identifier:          0wxa342cbWp2sl/LreYZUnRr1RklGHrG5Cycf8iPiC8=
Subject key identifier:   FA:E8:39:AB:56:FE:C2:80:46:E6:75:D4:E6:29:0E:48:C5:64:97:F8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2BBCF1DEA19BEB24FBB141D99BA7B77B296D472D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cc8e290b-8648-47ee-bd2f-426c31d42b90.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf8:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:bc:f1:de:a1:9b:eb:24:fb:b1:41:d9:9b:a7:b7:7b:29:6d:47:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=58a5e42e1db44e3b6c75baa04d9757c7a10bed516347dad2dd2d1118b71db9c9, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:14:3a:87:d3:6f:ce:f6:05:d4:84:18:70:37:
                    ca:5d:bb:b3:f2:65:39:87:f0:56:3e:7b:9a:20:17:
                    57:00:67:22:69:99:4a:cd:8d:54:9b:fd:8e:ff:5c:
                    20:c1:aa:ed:6e:8b:c7:e7:21:e7:cf:2a:4a:fe:41:
                    20:a1:bf:ae:10:3c:95:51:85:57:b2:85:4f:e4:fc:
                    92:98:b7:cf:1c:86:7b:91:21:d0:b2:f2:21:4e:6a:
                    f1:ec:0d:38:5e:35:2d:12:90:b9:c4:b2:c9:4b:7c:
                    f5:6a:45:2d:50:78:cf:9b:70:03:ae:a2:65:38:10:
                    f1:ed:41:91:19:f8:38:59:a3:91:51:dd:55:df:a2:
                    c6:9d:88:10:88:95:89:20:00:a4:f8:2c:40:4c:54:
                    e7:49:a8:f4:d6:93:10:d9:fe:b2:b0:cf:82:46:a9:
                    a9:3d:3f:31:f4:e8:1f:5e:65:71:2f:5a:94:10:ac:
                    56:a5:4b:a3:66:41:52:3a:37:de:4c:f5:12:f0:ee:
                    c4:58:e7:9d:1c:db:a5:26:de:c6:60:9b:49:92:68:
                    5d:b1:84:67:36:de:56:dd:d8:f6:56:85:15:cc:26:
                    0e:f8:57:da:b7:53:1a:ed:86:3e:81:b3:4c:36:3c:
                    a0:ce:ba:f8:5b:e6:2f:b1:22:39:5f:69:9d:78:ff:
                    03:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:E8:39:AB:56:FE:C2:80:46:E6:75:D4:E6:29:0E:48:C5:64:97:F8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cc8e290b-8648-47ee-bd2f-426c31d42b90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf8:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:e3:95:9f:4f:47:ca:27:97:f5:20:39:02:b3:6c:39:79:37:
         da:c7:de:3f:cf:35:37:6a:8b:1d:03:fa:21:73:10:84:53:e4:
         75:66:e3:6f:59:09:b8:33:ab:1c:64:57:bf:99:97:4e:2f:5e:
         df:5b:04:1e:2c:ec:ae:30:26:2a:24:04:b1:4e:84:10:04:ff:
         42:89:33:97:01:9d:6b:ce:15:5f:80:2f:1f:e4:2c:93:6b:19:
         6d:e5:b8:66:5b:55:fd:0e:75:d6:02:9f:91:5a:71:28:aa:e4:
         a7:d4:2c:a1:5f:71:9b:54:ee:83:0a:30:bb:b8:21:c5:ae:d5:
         4a:c4:26:42:61:b5:cc:f5:bd:ed:35:4b:ec:75:8d:44:8a:6b:
         2c:69:cb:69:40:83:7e:b4:e6:23:0d:87:2e:45:d9:7d:db:5d:
         4c:fa:a0:d4:1c:9f:13:19:55:5d:12:6b:a0:47:fb:51:5e:cf:
         6e:c2:d5:25:dd:57:c9:5e:0a:f2:f3:e9:c3:0c:db:f3:54:ec:
         49:79:4e:12:0a:af:47:a8:56:92:9b:21:d9:74:d3:20:29:31:
         10:7f:fb:f1:de:92:f6:b8:77:63:dc:be:4b:9d:a1:de:ea:fc:
         d8:67:f0:4f:b3:7e:87:65:90:bb:a4:f1:5a:fe:02:da:a1:32:
         9f:e0:4a:ae
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUK7zx3qGb6yT7sUHZm6e3eyltRy0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNANThhNWU0MmUxZGI0NGUzYjZjNzVi
YWEwNGQ5NzU3YzdhMTBiZWQ1MTYzNDdkYWQyZGQyZDExMThiNzFkYjljOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBQ6h9NvzvYF1IQYcDfKXbuz8mU5
h/BWPnuaIBdXAGciaZlKzY1Um/2O/1wgwartbovH5yHnzypK/kEgob+uEDyVUYVX
soVP5PySmLfPHIZ7kSHQsvIhTmrx7A04XjUtEpC5xLLJS3z1akUtUHjPm3ADrqJl
OBDx7UGRGfg4WaORUd1V36LGnYgQiJWJIACk+CxATFTnSaj01pMQ2f6ysM+CRqmp
PT8x9OgfXmVxL1qUEKxWpUujZkFSOjfeTPUS8O7EWOedHNulJt7GYJtJkmhdsYRn
Nt5W3dj2VoUVzCYO+Ffat1Ma7YY+gbNMNjygzrr4W+YvsSI5X2mdeP8D/QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFProOatW/sKARuZ11OYpDkjFZJf4MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NjOGUyOTBiLTg2NDgtNDdlZS1iZDJmLTQyNmMzMWQ0MmI5MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+EAwDQYJKoZIhvcNAQELBQADggEBAAXjlZ9PR8onl/UgOQKz
bDl5N9rH3j/PNTdqix0D+iFzEIRT5HVm429ZCbgzqxxkV7+Zl04vXt9bBB4s7K4w
JiokBLFOhBAE/0KJM5cBnWvOFV+ALx/kLJNrGW3luGZbVf0OddYCn5FacSiq5KfU
LKFfcZtU7oMKMLu4IcWu1UrEJkJhtcz1ve01S+x1jUSKayxpy2lAg3605iMNhy5F
2X3bXUz6oNQcnxMZVV0Sa6BH+1Fez27C1SXdV8leCvLz6cMM2/NU7El5ThIKr0eo
VpKbIdl00yApMRB/+/Hekva4d2Pcvkudod7q/Nhn8E+zfodlkLuk8Vr+AtqhMp/g
Sq4=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:46 2023 by rpki-client on console-fra.rpki-client.org