Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d514cc94-d81f-4850-9ca1-4bd4b7a4b0dc.roa
File:                     d514cc94-d81f-4850-9ca1-4bd4b7a4b0dc.roa (raw, json)
Hash identifier:          Mz7mAoY0ujMLGc5uLSgko8w8apB7f6LqIY3dHf6pA3Q=
Subject key identifier:   D1:B2:07:F4:D3:EC:A7:35:FF:E5:68:E0:86:14:CE:0A:6C:4A:BE:54
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       722B2A0C95F164EF9C89F0923A4C9E2457A75AC9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d514cc94-d81f-4850-9ca1-4bd4b7a4b0dc.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 19 Jul 2024 23:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:2b:2a:0c:95:f1:64:ef:9c:89:f0:92:3a:4c:9e:24:57:a7:5a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=f3c8a4ff3d5e5fa77db3197fd80998d336d7ee7eae790cd9ca1ec445b0a78e12, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b1:f3:6d:17:fe:74:04:39:11:18:ea:49:37:
                    c4:1f:d0:9b:d4:3c:8e:6e:4b:ed:48:a3:3a:33:78:
                    fe:67:70:e1:1e:68:7c:14:87:a6:5f:de:54:79:3b:
                    f2:b0:5c:01:20:ec:92:dc:a8:54:87:f7:a3:a2:d6:
                    16:85:49:d8:2b:0d:d4:b3:e2:6a:6a:1b:fe:4d:7c:
                    2f:26:59:5d:fe:41:72:da:2b:75:17:4f:0f:30:af:
                    52:64:9b:cf:15:7c:63:0d:b1:1c:a9:b3:64:27:e2:
                    6e:0f:a0:f9:8b:92:ef:93:c7:24:86:b5:a9:16:07:
                    2f:48:b2:38:dc:46:24:1e:d0:0c:b6:58:68:b3:bf:
                    f1:2c:e4:3d:1b:c7:c9:2b:d2:fc:18:3b:42:7b:88:
                    6a:80:b2:59:94:69:67:60:09:b7:94:26:26:fa:ed:
                    9f:2b:c3:b1:41:00:26:e2:9b:11:5b:7d:48:a9:be:
                    d1:16:38:92:34:78:3a:3b:a3:1c:85:37:98:c2:79:
                    ee:5b:7f:e6:26:82:e2:71:3d:9e:aa:b0:f3:a0:3f:
                    9b:68:41:d0:6a:c7:7d:b8:bc:17:08:fc:24:aa:78:
                    68:eb:e6:44:65:09:fb:13:d7:09:62:a8:56:af:94:
                    f4:9a:ff:e6:2e:e1:cc:77:6b:f9:2b:b4:7c:42:9a:
                    5e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B2:07:F4:D3:EC:A7:35:FF:E5:68:E0:86:14:CE:0A:6C:4A:BE:54
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d514cc94-d81f-4850-9ca1-4bd4b7a4b0dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3b:58:69:cc:5e:ff:93:d3:77:d8:bd:52:9e:d6:1d:02:e7:a9:
         fd:58:1c:a5:c4:93:64:8d:78:5d:47:5d:32:ca:36:3d:05:8f:
         ac:3b:f4:21:fb:8a:ef:03:8e:73:b1:48:ad:e9:3a:ff:82:4a:
         e0:a2:0e:81:1b:63:45:76:a4:f9:8d:79:31:b9:7e:a6:34:dd:
         ee:13:7c:bd:e7:53:57:a5:97:25:04:b2:42:17:0e:56:89:43:
         6e:4b:0c:3b:a0:db:9d:ee:38:4d:9c:72:13:3b:60:7c:f1:93:
         a2:86:d5:1d:ae:36:55:90:35:e4:87:b8:c4:58:f9:b8:a9:c2:
         d4:dc:be:6d:61:6d:34:a7:fd:08:40:2e:da:cd:25:a5:b7:5d:
         53:4b:bd:87:53:fb:17:dc:d5:bb:ff:9a:ae:26:ec:e1:7d:e9:
         ad:16:50:f4:3c:d4:30:ce:0d:fe:46:42:d9:95:73:b6:fa:56:
         ef:a3:05:ec:7f:80:cb:7b:f6:3a:33:24:f7:61:6c:3d:01:68:
         4e:b3:4e:1b:f5:f6:36:5b:ce:f7:f0:a4:79:2d:d6:88:14:7a:
         d5:28:0c:c5:92:d2:94:3e:ad:cc:cf:1d:ec:d8:fa:35:cb:4d:
         94:8a:12:fa:cd:22:67:25:54:27:e4:ed:21:8f:50:3c:a9:9a:
         93:96:88:b3
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcisqDJXxZO+cifCSOkyeJFenWskwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAZjNjOGE0ZmYzZDVlNWZhNzdkYjMx
OTdmZDgwOTk4ZDMzNmQ3ZWU3ZWFlNzkwY2Q5Y2ExZWM0NDViMGE3OGUxMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrHzbRf+dAQ5ERjqSTfEH9Cb1DyO
bkvtSKM6M3j+Z3DhHmh8FIemX95UeTvysFwBIOyS3KhUh/ejotYWhUnYKw3Us+Jq
ahv+TXwvJlld/kFy2it1F08PMK9SZJvPFXxjDbEcqbNkJ+JuD6D5i5Lvk8ckhrWp
FgcvSLI43EYkHtAMtlhos7/xLOQ9G8fJK9L8GDtCe4hqgLJZlGlnYAm3lCYm+u2f
K8OxQQAm4psRW31Iqb7RFjiSNHg6O6MchTeYwnnuW3/mJoLicT2eqrDzoD+baEHQ
asd9uLwXCPwkqnho6+ZEZQn7E9cJYqhWr5T0mv/mLuHMd2v5K7R8QppemwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNGyB/TT7Kc1/+Vo4IYUzgpsSr5UMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q1MTRjYzk0LWQ4MWYtNDg1MC05Y2ExLTRiZDRiN2E0YjBkYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+4AwDQYJKoZIhvcNAQELBQADggEBADtYacxe/5PTd9i9Up7W
HQLnqf1YHKXEk2SNeF1HXTLKNj0Fj6w79CH7iu8DjnOxSK3pOv+CSuCiDoEbY0V2
pPmNeTG5fqY03e4TfL3nU1ellyUEskIXDlaJQ25LDDug253uOE2cchM7YHzxk6KG
1R2uNlWQNeSHuMRY+bipwtTcvm1hbTSn/QhALtrNJaW3XVNLvYdT+xfc1bv/mq4m
7OF96a0WUPQ81DDODf5GQtmVc7b6Vu+jBex/gMt79jozJPdhbD0BaE6zThv19jZb
zvfwpHkt1ogUetUoDMWS0pQ+rczPHezY+jXLTZSKEvrNImclVCfk7SGPUDypmpOW
iLM=
-----END CERTIFICATE-----
Generated at Tue Jul 16 02:05:58 2024 by rpki-client on console-fra.rpki-client.org