Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d4f84930-308c-4801-a06d-2566101f31dd.roa
File:                     d4f84930-308c-4801-a06d-2566101f31dd.roa (raw, json)
Hash identifier:          /4yTIhi3PIGTpp0LEloX+bF1oeUXmL3N38ZqcbHt1Bk=
Subject key identifier:   E1:18:F5:8E:84:2B:8D:F5:5C:42:0E:50:13:E2:12:FC:FD:10:FF:D8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1B08AF497E3639B97927097DEF1472A60BDFED36
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d4f84930-308c-4801-a06d-2566101f31dd.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:08:af:49:7e:36:39:b9:79:27:09:7d:ef:14:72:a6:0b:df:ed:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=ce964f3a7ba5c2d91590674b2a18a3599db9473851ae6bab0319f51b5c2b7397, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:52:b7:8a:1b:1b:d0:c1:ca:12:71:ab:b6:38:
                    80:65:aa:5b:19:91:42:5c:49:63:d3:b5:76:72:d7:
                    7f:f8:a9:c9:df:c9:3a:78:94:0f:3b:2b:77:bc:f1:
                    48:19:63:6a:cb:12:aa:a2:d8:4e:2a:c6:18:66:a3:
                    ea:11:ce:82:01:ea:43:63:36:81:40:67:0d:31:7f:
                    a1:57:cd:59:75:a1:f5:d3:8b:b3:55:40:68:ae:b2:
                    a8:20:bd:eb:db:1f:2e:1a:af:d4:25:0b:db:4c:e0:
                    08:ef:b7:9c:ec:7f:11:4b:6c:0b:96:47:0c:53:5a:
                    58:dd:6f:61:0a:3b:7e:bd:19:d6:98:5e:1e:eb:2e:
                    4d:61:81:0d:34:54:0e:42:7d:1b:aa:5a:ca:8d:c4:
                    f0:66:4f:90:7c:50:3a:67:5b:a2:09:6b:c4:32:85:
                    14:46:a5:a4:f9:68:ee:6e:f8:27:6a:d4:eb:39:ad:
                    89:bd:7d:d7:e2:af:18:57:79:fc:10:8a:58:a5:fd:
                    85:33:6d:1a:ed:02:f1:16:81:44:ff:66:a7:34:33:
                    a0:e3:5b:10:52:16:9c:95:b9:97:77:a8:51:e6:80:
                    92:07:35:d4:72:60:96:6d:23:75:61:38:9f:aa:c1:
                    64:9e:0d:00:df:d5:e5:3d:91:35:63:d5:11:8e:66:
                    c4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:18:F5:8E:84:2B:8D:F5:5C:42:0E:50:13:E2:12:FC:FD:10:FF:D8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d4f84930-308c-4801-a06d-2566101f31dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:29:d4:a7:de:e0:7f:89:b9:87:c6:1a:89:14:ec:16:0f:cf:
         48:da:47:ff:42:67:73:1d:62:39:a4:d4:65:0a:c4:42:e4:77:
         f5:64:8c:b2:d3:94:34:df:ec:4d:b3:f9:7c:28:76:9d:61:b4:
         e4:b1:4f:2d:5f:8f:3a:8c:c7:e9:b2:1f:8f:dd:4d:58:a6:b2:
         ad:b6:8e:8b:5f:4f:de:0d:81:e5:c1:74:73:fb:e1:f9:4c:a4:
         82:9e:59:49:9a:c5:ac:6e:f4:0d:73:f4:02:f5:f9:3b:83:9a:
         58:39:50:8b:a6:d3:1f:08:64:38:da:1e:06:d7:ec:33:98:51:
         fb:eb:70:b5:74:85:9f:26:b7:0c:1f:f6:a2:a3:ea:23:02:9c:
         88:08:49:ba:07:91:ae:a4:71:86:51:d8:22:51:31:6a:60:1b:
         da:5d:cd:26:2e:b9:4d:61:b2:23:0c:30:88:9a:66:d4:3e:0b:
         e5:b8:8c:b6:2f:8c:4f:15:09:05:43:db:b7:4e:06:f8:5b:7b:
         b2:b3:27:6d:4a:a2:05:a9:2b:2b:ec:2c:41:34:f3:dd:3d:7f:
         7a:a6:44:25:93:36:a0:7d:0f:b3:5b:af:49:81:7c:07:42:ec:
         1c:38:e2:e5:40:ed:78:37:eb:c3:fa:76:39:eb:b9:e3:70:bc:
         c9:b9:1b:f1
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUGwivSX42Obl5Jwl97xRypgvf7TYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAY2U5NjRmM2E3YmE1YzJkOTE1OTA2
NzRiMmExOGEzNTk5ZGI5NDczODUxYWU2YmFiMDMxOWY1MWI1YzJiNzM5NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1K3ihsb0MHKEnGrtjiAZapbGZFC
XElj07V2ctd/+KnJ38k6eJQPOyt3vPFIGWNqyxKqothOKsYYZqPqEc6CAepDYzaB
QGcNMX+hV81ZdaH104uzVUBorrKoIL3r2x8uGq/UJQvbTOAI77ec7H8RS2wLlkcM
U1pY3W9hCjt+vRnWmF4e6y5NYYENNFQOQn0bqlrKjcTwZk+QfFA6Z1uiCWvEMoUU
RqWk+WjubvgnatTrOa2JvX3X4q8YV3n8EIpYpf2FM20a7QLxFoFE/2anNDOg41sQ
UhaclbmXd6hR5oCSBzXUcmCWbSN1YTifqsFkng0A39XlPZE1Y9URjmbEiQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOEY9Y6EK431XEIOUBPiEvz9EP/YMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q0Zjg0OTMwLTMwOGMtNDgwMS1hMDZkLTI1NjYxMDFmMzFkZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+/AwDQYJKoZIhvcNAQELBQADggEBAHUp1Kfe4H+JuYfGGokU
7BYPz0jaR/9CZ3MdYjmk1GUKxELkd/VkjLLTlDTf7E2z+Xwodp1htOSxTy1fjzqM
x+myH4/dTVimsq22jotfT94NgeXBdHP74flMpIKeWUmaxaxu9A1z9AL1+TuDmlg5
UIum0x8IZDjaHgbX7DOYUfvrcLV0hZ8mtwwf9qKj6iMCnIgISboHka6kcYZR2CJR
MWpgG9pdzSYuuU1hsiMMMIiaZtQ+C+W4jLYvjE8VCQVD27dOBvhbe7KzJ21KogWp
KyvsLEE08909f3qmRCWTNqB9D7Nbr0mBfAdC7Bw44uVA7Xg368P6djnrueNwvMm5
G/E=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org