Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfe3a555-0f98-4f6b-b088-c1fcdf199c26.roa
File:                     cfe3a555-0f98-4f6b-b088-c1fcdf199c26.roa (raw, json)
Hash identifier:          /nnc1ayvODQAdIb4hH+N7+KXJwN5vDbFH90euOkGbnc=
Subject key identifier:   BE:FA:9D:1A:E9:1D:DA:34:45:1C:BD:54:6A:C2:40:E3:4F:EA:E3:08
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       645FCAF9077E4F17BB82D6BD55415BED41839400
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfe3a555-0f98-4f6b-b088-c1fcdf199c26.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da30:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:5f:ca:f9:07:7e:4f:17:bb:82:d6:bd:55:41:5b:ed:41:83:94:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=cc94ae9310c18f2e3441f80ffb301f9e696bec19087dd4dc02149298f37a328b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:71:57:25:95:ae:1c:6b:e0:7c:9c:d4:52:11:
                    70:2e:f9:b9:cd:ed:0a:ec:ae:8d:ea:53:ab:19:98:
                    d5:5a:10:86:28:2e:ee:72:1f:05:94:c2:8d:6d:bb:
                    ab:b6:fb:35:d4:cf:21:c2:75:83:b3:3a:bd:22:70:
                    82:59:42:c4:34:b4:d4:d1:28:d5:cc:cb:47:2e:7f:
                    af:b9:dc:a1:e7:e2:cf:d4:64:4e:33:bd:9f:1f:65:
                    78:3e:20:5c:9a:d2:b7:34:8a:89:9e:ce:dd:8e:09:
                    89:d1:33:b1:4b:15:fc:90:72:70:7d:d5:a3:29:6a:
                    3f:87:70:ce:9c:9c:45:34:98:e8:5c:18:a3:40:20:
                    ba:6b:62:0b:b8:cf:88:6b:b2:69:fc:8e:8b:13:b7:
                    fe:fa:ff:65:3c:0b:2b:fe:5e:7b:c9:9e:9f:79:03:
                    ad:14:42:b9:0e:be:34:0c:a9:00:7f:87:07:ac:65:
                    66:c7:79:38:a9:8d:22:84:4e:dc:27:ed:45:dc:10:
                    3c:59:78:4b:82:c5:c6:ad:84:58:30:88:81:50:6e:
                    d0:67:0e:d6:9f:56:df:31:15:66:70:7b:68:2c:5c:
                    d3:97:61:ab:10:f9:62:49:bd:f4:d3:5c:dc:7b:a5:
                    6a:8d:d1:16:40:e1:ee:4e:be:e6:7b:58:7a:af:e4:
                    19:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:FA:9D:1A:E9:1D:DA:34:45:1C:BD:54:6A:C2:40:E3:4F:EA:E3:08
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cfe3a555-0f98-4f6b-b088-c1fcdf199c26.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da30:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         10:da:d1:1e:b3:2b:3a:f1:75:78:a5:97:95:e2:c0:48:14:4b:
         4f:5c:80:69:fa:58:c8:61:8d:39:26:15:4f:cf:3d:e0:67:f9:
         e9:46:74:2b:3e:26:a0:27:80:fd:23:74:5e:67:c5:fe:f4:77:
         e1:8e:75:63:3d:13:ad:2d:45:c0:57:2f:64:0c:45:d7:4f:9e:
         01:e9:17:09:10:49:c0:a5:31:c7:9e:e6:6b:43:42:3e:e4:81:
         a7:fc:43:3d:c4:a6:75:ed:a8:01:46:34:81:8e:07:79:da:40:
         9b:7c:18:8f:18:b4:6b:ff:77:8c:7b:7f:e2:9e:8d:d9:a4:1a:
         07:c6:5f:32:0b:b6:28:f3:f9:90:6c:49:fe:60:36:d0:86:f5:
         57:fb:57:62:cf:c1:d6:98:6d:a9:9b:f9:eb:de:b9:b4:db:c3:
         10:ad:a8:f2:04:31:eb:6b:9c:4a:50:5d:bd:11:4b:5e:4d:85:
         bb:ab:10:a8:aa:c3:f8:de:a2:02:fa:28:c0:ad:b2:da:c9:f7:
         c9:9d:39:e9:75:7f:96:a9:e4:a1:fe:04:af:c9:61:f9:b7:d0:
         f8:c9:a0:f7:1c:d2:20:c6:44:85:02:cf:f0:aa:24:dd:1f:8c:
         50:6a:52:28:99:fa:d3:b9:73:15:fe:ea:6f:9f:95:b5:7b:aa:
         83:7a:c5:3a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZF/K+Qd+Txe7gta9VUFb7UGDlAAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAY2M5NGFlOTMxMGMxOGYyZTM0NDFm
ODBmZmIzMDFmOWU2OTZiZWMxOTA4N2RkNGRjMDIxNDkyOThmMzdhMzI4YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3FXJZWuHGvgfJzUUhFwLvm5ze0K
7K6N6lOrGZjVWhCGKC7uch8FlMKNbburtvs11M8hwnWDszq9InCCWULENLTU0SjV
zMtHLn+vudyh5+LP1GROM72fH2V4PiBcmtK3NIqJns7djgmJ0TOxSxX8kHJwfdWj
KWo/h3DOnJxFNJjoXBijQCC6a2ILuM+Ia7Jp/I6LE7f++v9lPAsr/l57yZ6feQOt
FEK5Dr40DKkAf4cHrGVmx3k4qY0ihE7cJ+1F3BA8WXhLgsXGrYRYMIiBUG7QZw7W
n1bfMRVmcHtoLFzTl2GrEPliSb3001zce6VqjdEWQOHuTr7me1h6r+QZfQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL76nRrpHdo0RRy9VGrCQONP6uMIMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NmZTNhNTU1LTBmOTgtNGY2Yi1iMDg4LWMxZmNkZjE5OWMyNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaMBAwDQYJKoZIhvcNAQELBQADggEBABDa0R6zKzrxdXill5Xi
wEgUS09cgGn6WMhhjTkmFU/PPeBn+elGdCs+JqAngP0jdF5nxf70d+GOdWM9E60t
RcBXL2QMRddPngHpFwkQScClMcee5mtDQj7kgaf8Qz3EpnXtqAFGNIGOB3naQJt8
GI8YtGv/d4x7f+KejdmkGgfGXzILtijz+ZBsSf5gNtCG9Vf7V2LPwdaYbamb+eve
ubTbwxCtqPIEMetrnEpQXb0RS15NhburEKiqw/jeogL6KMCtstrJ98mdOel1f5ap
5KH+BK/JYfm30PjJoPcc0iDGRIUCz/CqJN0fjFBqUiiZ+tO5cxX+6m+flbV7qoN6
xTo=
-----END CERTIFICATE-----
Generated at Fri Jun 14 19:06:55 2024 by rpki-client on console-ams.rpki-client.org