Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa
File:                     cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa (raw, json)
Hash identifier:          y3nDpr/TFU/kRO9Slzm+is9g9hogLt0HE879R+GO6SA=
Subject key identifier:   CF:80:69:50:20:71:2E:D9:AB:8D:30:2C:43:F6:D7:17:44:08:B4:3F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       73F9756BA1128FD1ACC8A4E24B0991606BA98084
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:f9:75:6b:a1:12:8f:d1:ac:c8:a4:e2:4b:09:91:60:6b:a9:80:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=39dd9a0e7dfd8c42008c49de158d8e53b3c385155694112e596c2e4815967b31, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:1c:ab:5a:a3:65:d8:cf:d2:05:cc:c2:1d:99:
                    e6:4f:96:f5:8b:99:85:a4:50:05:22:65:93:cc:af:
                    87:0a:e3:87:ba:a6:4a:b5:4b:ca:2c:7b:24:ef:de:
                    a4:56:2d:98:4e:ae:22:fb:54:d2:70:c5:21:e4:47:
                    a6:7d:25:28:a3:8f:72:af:6e:3d:27:5d:01:38:8d:
                    e8:7f:1c:97:59:c1:57:79:2c:2b:0b:d3:1f:a4:5d:
                    66:9b:22:b2:ae:16:d3:b2:58:be:94:31:af:e2:6e:
                    ca:47:8b:28:f9:8a:03:85:90:93:76:9f:f0:c8:2f:
                    b0:b0:5e:ef:f3:03:21:3e:96:01:54:17:04:f2:fb:
                    20:66:15:d4:5d:5e:aa:d8:ed:d3:3c:81:ae:0f:79:
                    45:69:c2:79:50:56:15:a5:96:d5:6c:70:8f:0e:f0:
                    a3:b7:ec:e4:48:2a:21:77:38:6b:4f:ed:85:52:cc:
                    5d:48:0f:13:40:2f:ba:c4:da:72:bb:17:3c:a0:43:
                    25:55:d8:40:90:15:f4:2f:0d:8e:e4:7e:8e:28:9c:
                    5d:03:e8:86:5a:52:ea:00:97:fb:51:46:61:f3:ed:
                    08:ee:10:00:5e:e4:59:6c:16:73:ea:b4:f7:57:86:
                    16:10:d4:ba:48:56:45:43:04:fb:85:27:30:9b:7b:
                    1a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:80:69:50:20:71:2E:D9:AB:8D:30:2C:43:F6:D7:17:44:08:B4:3F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfb3ce63-3d0a-4724-acc7-374b5da711f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:6d:28:a5:0e:97:51:25:16:19:8a:f2:63:c7:85:26:ab:38:
         6b:b4:f6:23:94:35:39:1e:08:a4:1e:62:4e:f0:8b:14:03:91:
         7a:aa:74:1d:e0:44:ce:05:9a:00:88:41:8f:7f:5c:51:b4:c9:
         90:5d:89:9e:9c:3f:9a:b4:04:c1:cb:2c:a1:f5:2b:a4:4c:d2:
         96:a6:a7:c5:24:d0:19:0f:36:86:be:4c:63:7d:3d:c6:cf:cc:
         e0:53:89:bb:9b:b9:d3:7a:df:19:04:e6:9b:ac:b1:88:c9:3e:
         1e:b0:d1:dd:da:44:76:b9:6a:e5:8e:f0:ac:bb:2e:6e:7d:ca:
         3e:95:fa:96:cc:0f:a6:fb:c9:2c:cc:1d:99:f9:fc:7b:62:d2:
         7a:45:07:e1:be:6c:73:51:f9:0b:4f:03:d1:5a:dc:3e:bf:d8:
         03:80:f3:64:f5:af:8a:ef:0d:8f:00:60:b4:c0:d7:cf:40:31:
         e9:90:75:86:79:a5:33:a0:97:0d:99:d8:e3:82:a2:c4:03:fa:
         25:9d:a4:bd:2d:43:b5:af:ea:f1:10:66:b7:89:e8:f8:f5:b5:
         c0:e2:4d:1e:ac:39:0f:e1:66:74:1d:25:fd:65:95:4b:9b:c9:
         56:c4:a2:ef:33:68:e8:ac:09:9f:e1:29:38:5c:01:70:73:fd:
         35:b7:55:a7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUc/l1a6ESj9GsyKTiSwmRYGupgIQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAMzlkZDlhMGU3ZGZkOGM0MjAwOGM0
OWRlMTU4ZDhlNTNiM2MzODUxNTU2OTQxMTJlNTk2YzJlNDgxNTk2N2IzMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyByrWqNl2M/SBczCHZnmT5b1i5mF
pFAFImWTzK+HCuOHuqZKtUvKLHsk796kVi2YTq4i+1TScMUh5EemfSUoo49yr249
J10BOI3ofxyXWcFXeSwrC9MfpF1mmyKyrhbTsli+lDGv4m7KR4so+YoDhZCTdp/w
yC+wsF7v8wMhPpYBVBcE8vsgZhXUXV6q2O3TPIGuD3lFacJ5UFYVpZbVbHCPDvCj
t+zkSCohdzhrT+2FUsxdSA8TQC+6xNpyuxc8oEMlVdhAkBX0Lw2O5H6OKJxdA+iG
WlLqAJf7UUZh8+0I7hAAXuRZbBZz6rT3V4YWENS6SFZFQwT7hScwm3saFwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFM+AaVAgcS7Zq40wLEP21xdECLQ/MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NmYjNjZTYzLTNkMGEtNDcyNC1hY2M3LTM3NGI1ZGE3MTFmMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOLAwDQYJKoZIhvcNAQELBQADggEBACFtKKUOl1ElFhmK8mPH
hSarOGu09iOUNTkeCKQeYk7wixQDkXqqdB3gRM4FmgCIQY9/XFG0yZBdiZ6cP5q0
BMHLLKH1K6RM0pamp8Uk0BkPNoa+TGN9PcbPzOBTibubudN63xkE5pussYjJPh6w
0d3aRHa5auWO8Ky7Lm59yj6V+pbMD6b7ySzMHZn5/Hti0npFB+G+bHNR+QtPA9Fa
3D6/2AOA82T1r4rvDY8AYLTA189AMemQdYZ5pTOglw2Z2OOCosQD+iWdpL0tQ7Wv
6vEQZreJ6Pj1tcDiTR6sOQ/hZnQdJf1llUubyVbEou8zaOisCZ/hKThcAXBz/TW3
Vac=
-----END CERTIFICATE-----
Generated at Fri Jun 14 19:06:55 2024 by rpki-client on console-ams.rpki-client.org