Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d44b4291-2d06-4a93-85eb-5eb3d0e7a432.roa
File:                     d44b4291-2d06-4a93-85eb-5eb3d0e7a432.roa (raw, json)
Hash identifier:          9FvPr0K9YIhjJYMT2DqtAWWEdnFNhCaqG6ad+gyIIDc=
Subject key identifier:   27:CA:9F:98:2E:E7:4B:4C:CA:FF:59:F6:D8:4E:89:FE:23:8B:1E:B3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3F11F206758746AA4B9514DAB860ED46F90F9A95
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d44b4291-2d06-4a93-85eb-5eb3d0e7a432.roa
Signing time:             Fri 07 Jun 2024 00:00:00 +0000
ROA not before:           Fri 07 Jun 2024 00:00:00 +0000
ROA not after:            Fri 12 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:8800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:11:f2:06:75:87:46:aa:4b:95:14:da:b8:60:ed:46:f9:0f:9a:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun  7 00:00:00 2024 GMT
            Not After : Jul 12 23:59:59 2024 GMT
        Subject: serialNumber=bef503701da6cb0e785b3199251b20bbd59b29eb82a4e8b4cfc780b6f7d7a030, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:27:15:e7:ed:9a:0e:67:a9:7c:f8:55:1e:46:
                    b8:04:49:bb:85:25:38:ad:ac:9c:de:78:56:54:f4:
                    eb:93:f4:bc:73:ab:7c:77:12:06:59:3b:7a:b5:a0:
                    85:8d:63:67:af:70:c4:8e:d2:ea:f7:ca:e6:e9:03:
                    eb:75:52:ae:02:60:95:7c:ba:b3:77:44:78:13:b9:
                    5e:4f:6a:fc:da:b4:64:15:4b:79:48:ff:f9:d8:ad:
                    30:89:ee:cc:1e:76:ce:f5:00:ed:4e:d2:30:10:16:
                    52:03:af:2b:3d:57:2a:dc:6b:1b:71:aa:b2:58:55:
                    5f:b9:24:73:72:cc:11:0a:a3:4c:5f:10:74:ba:9f:
                    fa:f5:51:39:88:5e:e2:0e:20:52:94:2c:55:49:7e:
                    1e:a6:e2:73:81:22:c4:dc:bf:82:b5:d3:0c:55:7d:
                    5d:07:d8:14:ad:e5:87:a7:72:af:18:4d:94:cb:1c:
                    62:a9:92:bf:51:be:b8:ec:17:59:0c:26:69:37:82:
                    37:c6:d0:e8:11:be:d8:4d:cf:b8:51:09:67:27:18:
                    37:70:a5:98:a5:70:5b:ea:f1:bf:af:09:57:69:54:
                    3b:ad:99:49:97:f5:07:1c:ac:b5:fa:43:37:01:df:
                    74:3a:04:87:b6:0d:21:ac:9e:94:dd:a9:9a:9a:40:
                    d9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:CA:9F:98:2E:E7:4B:4C:CA:FF:59:F6:D8:4E:89:FE:23:8B:1E:B3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d44b4291-2d06-4a93-85eb-5eb3d0e7a432.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         69:d9:03:18:c1:e9:83:f2:66:8b:81:4c:37:a7:6c:36:9c:e4:
         36:57:f7:bf:51:fe:51:76:01:b8:a1:c8:80:07:ab:af:ec:df:
         fc:df:c9:35:d8:79:c0:b6:56:2e:31:3e:24:ff:c8:85:22:52:
         69:9e:c7:94:5d:15:91:ca:4a:35:38:48:e4:8a:4d:ef:1b:e2:
         22:be:73:76:8c:05:bc:7b:11:0a:0a:c6:32:aa:21:e5:b2:1c:
         ca:c8:e5:d0:46:4b:bb:99:08:d4:4e:a3:0c:be:22:4d:57:2e:
         16:3a:72:9f:2f:e0:ee:cb:fd:b9:8b:ef:4b:f9:72:d3:df:da:
         76:07:8c:96:10:1f:a0:6f:4f:ce:af:ee:4e:f5:3e:c2:a0:38:
         65:eb:3e:de:15:b6:71:14:28:d0:37:34:d2:78:37:94:3d:a4:
         4a:0f:e1:3c:38:9d:51:7a:63:42:f7:64:f2:5a:20:48:fb:28:
         67:14:e3:4f:e4:51:f4:f7:a6:ab:cc:e8:4f:a5:82:bd:41:33:
         1f:4e:e3:22:f7:08:00:74:c9:bc:1f:f5:07:37:20:ea:56:7c:
         fd:cc:83:89:2b:8b:71:30:32:d2:56:ec:c2:53:8c:5d:4b:94:
         e3:5f:d8:44:72:7a:93:b5:01:12:7e:2c:19:2f:c2:89:ce:d5:
         a8:75:db:00
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUPxHyBnWHRqpLlRTauGDtRvkPmpUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYwNzAwMDAwMFoX
DTI0MDcxMjIzNTk1OVowejFJMEcGA1UEBRNAYmVmNTAzNzAxZGE2Y2IwZTc4NWIz
MTk5MjUxYjIwYmJkNTliMjllYjgyYTRlOGI0Y2ZjNzgwYjZmN2Q3YTAzMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtycV5+2aDmepfPhVHka4BEm7hSU4
rayc3nhWVPTrk/S8c6t8dxIGWTt6taCFjWNnr3DEjtLq98rm6QPrdVKuAmCVfLqz
d0R4E7leT2r82rRkFUt5SP/52K0wie7MHnbO9QDtTtIwEBZSA68rPVcq3Gsbcaqy
WFVfuSRzcswRCqNMXxB0up/69VE5iF7iDiBSlCxVSX4epuJzgSLE3L+CtdMMVX1d
B9gUreWHp3KvGE2UyxxiqZK/Ub647BdZDCZpN4I3xtDoEb7YTc+4UQlnJxg3cKWY
pXBb6vG/rwlXaVQ7rZlJl/UHHKy1+kM3Ad90OgSHtg0hrJ6U3amamkDZqwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCfKn5gu50tMyv9Z9thOif4jix6zMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q0NGI0MjkxLTJkMDYtNGE5My04NWViLTVlYjNkMGU3YTQzMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaIgwDQYJKoZIhvcNAQELBQADggEBAGnZAxjB6YPyZouBTDen
bDac5DZX979R/lF2AbihyIAHq6/s3/zfyTXYecC2Vi4xPiT/yIUiUmmex5RdFZHK
SjU4SOSKTe8b4iK+c3aMBbx7EQoKxjKqIeWyHMrI5dBGS7uZCNROowy+Ik1XLhY6
cp8v4O7L/bmL70v5ctPf2nYHjJYQH6BvT86v7k71PsKgOGXrPt4VtnEUKNA3NNJ4
N5Q9pEoP4Tw4nVF6Y0L3ZPJaIEj7KGcU40/kUfT3pqvM6E+lgr1BMx9O4yL3CAB0
ybwf9Qc3IOpWfP3Mg4kri3EwMtJW7MJTjF1LlONf2ERyepO1ARJ+LBkvwonO1ah1
2wA=
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:51 2024 by rpki-client on console-fra.rpki-client.org