Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ceffd188-c03a-4d40-bc0f-a2289b6b4b40.roa
File:                     ceffd188-c03a-4d40-bc0f-a2289b6b4b40.roa (raw, json)
Hash identifier:          NJIRtlzEj9oBjf0qzq0Bwk2qpFt5mcFqzI35iJJ23Os=
Subject key identifier:   4F:C3:72:5E:58:91:1D:36:BC:7F:AD:69:49:42:FC:7D:97:C2:D2:C1
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2BDC86C2082D1B2C2143906BE7C15C561E01E0CA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ceffd188-c03a-4d40-bc0f-a2289b6b4b40.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:dc:86:c2:08:2d:1b:2c:21:43:90:6b:e7:c1:5c:56:1e:01:e0:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=4b39025771044e231d11efc9a91fe4e7bcdf953f6973fb7655fe99ffa38a9ec1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0a:0b:6f:d8:91:6e:13:43:25:98:f9:0a:a0:
                    49:d0:85:b4:77:b3:e5:83:c8:87:94:97:4f:07:6a:
                    02:c6:76:a7:44:01:7c:6d:04:af:35:ca:d3:12:17:
                    3d:6f:0e:34:3b:1f:c0:b5:bc:8b:78:0f:82:f0:f8:
                    ad:e4:68:55:41:2f:31:93:8e:e1:c4:30:4f:8e:4a:
                    07:f8:c4:a4:c0:c1:ea:cd:28:9d:4b:d4:c9:9b:76:
                    55:f5:0b:af:a6:d9:22:e3:c2:28:83:34:8f:6f:ba:
                    a5:78:0b:59:2e:3c:8b:c6:a6:2f:12:06:1d:2c:61:
                    ba:63:0c:de:1d:03:eb:c1:64:02:63:b1:80:e2:ef:
                    64:a9:39:bd:0c:50:4c:f6:9d:83:c1:cc:ed:48:df:
                    3e:a9:dc:08:b2:c5:97:cb:8d:1d:8f:64:59:77:a9:
                    d5:50:11:de:88:76:bf:fd:0b:f8:36:7d:30:c4:86:
                    e0:d4:51:b6:fd:86:c0:23:0a:f6:9b:33:69:bf:6b:
                    ea:ec:eb:e2:35:c2:1d:e1:bf:2d:75:85:04:80:10:
                    bf:7a:9e:a0:7a:f7:38:be:8f:cd:b3:0e:7a:58:c3:
                    24:9c:1f:95:bd:e9:08:38:ca:ed:fc:cc:e6:a0:8e:
                    e9:91:9e:19:72:65:1c:f1:fe:cc:23:e5:4b:0f:a4:
                    9c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C3:72:5E:58:91:1D:36:BC:7F:AD:69:49:42:FC:7D:97:C2:D2:C1
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ceffd188-c03a-4d40-bc0f-a2289b6b4b40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:45:72:41:e9:89:35:ec:12:d6:d6:85:01:fb:37:89:ac:ba:
         ef:3f:31:cc:04:7a:26:23:d8:6a:60:b0:3b:c4:a1:7a:cf:98:
         bd:ba:a6:25:cc:9e:1a:70:ed:92:28:d4:f1:9f:5a:8e:d0:0d:
         ca:bd:d6:f0:c7:df:45:31:a0:ee:e3:0c:3f:63:4b:c9:f2:de:
         10:55:74:4c:64:c1:a0:d6:00:a8:34:46:09:5f:c7:4f:22:40:
         9c:b0:46:69:10:ac:a8:cd:7b:a4:10:fc:17:9f:96:bd:cd:73:
         d8:3a:fd:e3:90:22:d5:46:a0:92:4c:2f:31:01:b9:fb:8d:36:
         85:49:e2:e2:1e:ae:c5:00:2b:1e:09:c3:1d:05:de:42:ca:e5:
         67:a0:3e:79:c1:50:9e:c8:5b:2c:23:34:cf:09:fb:3b:4d:6c:
         48:16:9e:7f:94:aa:1e:ef:83:16:6e:e7:8e:96:2c:81:a6:bf:
         7f:42:cb:02:05:ee:24:e3:e5:f3:7d:22:11:84:9e:80:17:ed:
         0e:18:8e:5e:67:5d:43:60:9d:3b:66:8b:0c:95:70:5d:34:32:
         dd:b9:f2:e4:7c:62:74:36:cb:5b:4f:c5:3a:b5:9f:28:cb:b6:
         4c:89:48:e2:70:4a:6e:51:58:59:3b:4c:59:9d:c1:6b:e4:66:
         e0:23:20:6b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUK9yGwggtGywhQ5Br58FcVh4B4MowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNANGIzOTAyNTc3MTA0NGUyMzFkMTFl
ZmM5YTkxZmU0ZTdiY2RmOTUzZjY5NzNmYjc2NTVmZTk5ZmZhMzhhOWVjMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgoLb9iRbhNDJZj5CqBJ0IW0d7Pl
g8iHlJdPB2oCxnanRAF8bQSvNcrTEhc9bw40Ox/AtbyLeA+C8Pit5GhVQS8xk47h
xDBPjkoH+MSkwMHqzSidS9TJm3ZV9Quvptki48IogzSPb7qleAtZLjyLxqYvEgYd
LGG6YwzeHQPrwWQCY7GA4u9kqTm9DFBM9p2DwcztSN8+qdwIssWXy40dj2RZd6nV
UBHeiHa//Qv4Nn0wxIbg1FG2/YbAIwr2mzNpv2vq7OviNcId4b8tdYUEgBC/ep6g
evc4vo/Nsw56WMMknB+VvekIOMrt/MzmoI7pkZ4ZcmUc8f7MI+VLD6ScOwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFE/Dcl5YkR02vH+taUlC/H2XwtLBMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NlZmZkMTg4LWMwM2EtNGQ0MC1iYzBmLWEyMjg5YjZiNGI0MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+xAwDQYJKoZIhvcNAQELBQADggEBADZFckHpiTXsEtbWhQH7
N4msuu8/McwEeiYj2GpgsDvEoXrPmL26piXMnhpw7ZIo1PGfWo7QDcq91vDH30Ux
oO7jDD9jS8ny3hBVdExkwaDWAKg0Rglfx08iQJywRmkQrKjNe6QQ/Beflr3Nc9g6
/eOQItVGoJJMLzEBufuNNoVJ4uIersUAKx4Jwx0F3kLK5WegPnnBUJ7IWywjNM8J
+ztNbEgWnn+Uqh7vgxZu546WLIGmv39CywIF7iTj5fN9IhGEnoAX7Q4Yjl5nXUNg
nTtmiwyVcF00Mt258uR8YnQ2y1tPxTq1nyjLtkyJSOJwSm5RWFk7TFmdwWvkZuAj
IGs=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:56 2024 by rpki-client on console-fra.rpki-client.org