Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d74980db-a60d-487c-9253-3e131534d8d4.roa
File:                     d74980db-a60d-487c-9253-3e131534d8d4.roa (raw, json)
Hash identifier:          PJmAi+Gu5Zpj/kdSOdPH6juPwTH2PjfEKQlv1KhSbMs=
Subject key identifier:   C7:DD:49:3B:B2:65:0B:27:F5:D0:8F:60:4C:E6:EA:81:E2:2D:8A:96
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       5065FED9F90E8299DC7DD3EE429CC5C5EEA880E4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d74980db-a60d-487c-9253-3e131534d8d4.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 00:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:65:fe:d9:f9:0e:82:99:dc:7d:d3:ee:42:9c:c5:c5:ee:a8:80:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=8b9bcaf4d247f443ba9a04811c80c7bd56cdf8c64d25e693c30a57b7ca67c95a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:8e:31:10:cd:fd:97:b7:5a:b5:17:b4:01:ba:
                    f8:71:af:43:41:bc:23:fe:49:09:f8:0d:3f:e6:d6:
                    70:d6:ac:00:ec:a7:cb:74:8d:b3:51:cf:97:f6:ef:
                    86:e9:b6:35:82:78:e5:23:59:cc:49:b9:a6:e0:5b:
                    1d:15:43:63:3c:80:e0:20:93:e9:4a:ae:b6:9c:93:
                    79:3c:cb:bb:29:12:f5:ce:5a:81:55:4a:b9:84:30:
                    de:84:27:0a:53:b0:73:79:01:27:14:aa:73:3c:46:
                    a4:cf:e1:82:a5:5f:46:a9:95:8d:50:c9:30:76:1d:
                    bd:c7:26:49:0b:da:ff:c3:56:bc:50:86:93:10:fd:
                    3b:3e:f2:b6:0a:f8:23:5c:ef:54:00:02:d4:1c:e1:
                    3b:f5:af:a6:c7:26:64:78:6c:64:78:3a:09:e0:04:
                    66:b3:b6:50:ff:79:d8:44:e5:51:b1:02:7f:49:52:
                    a1:87:cf:71:d0:da:01:e7:44:f4:1c:aa:44:e2:43:
                    83:5e:f1:7d:0f:42:c0:53:b7:35:91:21:4a:b3:64:
                    a2:54:61:17:85:01:4d:cb:7c:ca:32:6e:03:a2:72:
                    4c:df:ea:1c:a4:d8:51:e7:14:46:a7:3f:83:69:f4:
                    a9:e3:65:a3:3f:84:fb:2c:35:cb:30:8f:c1:df:ca:
                    e5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:DD:49:3B:B2:65:0B:27:F5:D0:8F:60:4C:E6:EA:81:E2:2D:8A:96
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d74980db-a60d-487c-9253-3e131534d8d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9b:f9:85:93:24:27:b8:21:83:d2:e3:29:c3:51:16:4a:7d:27:
         a6:9e:17:d9:4c:6a:69:16:78:b5:82:87:fc:d4:72:1f:cf:e8:
         bc:c7:3d:f4:46:d3:f3:ec:49:8f:70:87:f6:3b:a7:f5:9f:b9:
         2d:3d:55:e3:7a:54:10:93:1c:57:ec:39:ba:fe:76:ce:ab:5f:
         77:01:e0:b1:b8:c2:a4:95:84:c2:af:de:a1:c0:03:af:00:fa:
         c3:30:59:53:0d:d3:46:ff:e5:d0:fc:c3:24:2e:b1:f8:3a:bc:
         e7:f5:1f:f0:64:1a:cd:a6:da:70:9c:aa:08:49:73:c5:af:41:
         4f:85:20:3e:db:01:21:79:7b:3a:cb:bf:25:28:bf:76:9c:40:
         78:4a:be:2d:9b:04:97:3e:0e:4b:8a:8b:65:18:b9:c3:08:3b:
         19:b1:91:50:7d:05:6d:92:16:ef:4c:53:78:15:c8:82:f1:1b:
         5c:2e:42:06:b6:c9:23:3b:92:45:fb:28:7c:df:5e:41:12:34:
         77:df:9b:24:3b:a7:cb:bd:ce:4d:9b:26:24:42:02:6f:d5:10:
         20:ef:30:83:49:51:80:04:75:75:8e:a2:e0:30:23:e8:3b:95:
         4f:33:83:9c:f2:32:24:34:90:f9:be:e5:3f:69:57:8d:17:79:
         2e:11:bb:a9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUUGX+2fkOgpncfdPuQpzFxe6ogOQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAOGI5YmNhZjRkMjQ3ZjQ0M2JhOWEw
NDgxMWM4MGM3YmQ1NmNkZjhjNjRkMjVlNjkzYzMwYTU3YjdjYTY3Yzk1YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5I4xEM39l7datRe0Abr4ca9DQbwj
/kkJ+A0/5tZw1qwA7KfLdI2zUc+X9u+G6bY1gnjlI1nMSbmm4FsdFUNjPIDgIJPp
Sq62nJN5PMu7KRL1zlqBVUq5hDDehCcKU7BzeQEnFKpzPEakz+GCpV9GqZWNUMkw
dh29xyZJC9r/w1a8UIaTEP07PvK2CvgjXO9UAALUHOE79a+mxyZkeGxkeDoJ4ARm
s7ZQ/3nYROVRsQJ/SVKhh89x0NoB50T0HKpE4kODXvF9D0LAU7c1kSFKs2SiVGEX
hQFNy3zKMm4DonJM3+ocpNhR5xRGpz+DafSp42WjP4T7LDXLMI/B38rloQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMfdSTuyZQsn9dCPYEzm6oHiLYqWMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q3NDk4MGRiLWE2MGQtNDg3Yy05MjUzLTNlMTMxNTM0ZDhkNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaufAwDQYJKoZIhvcNAQELBQADggEBAJv5hZMkJ7ghg9LjKcNR
Fkp9J6aeF9lMamkWeLWCh/zUch/P6LzHPfRG0/PsSY9wh/Y7p/WfuS09VeN6VBCT
HFfsObr+ds6rX3cB4LG4wqSVhMKv3qHAA68A+sMwWVMN00b/5dD8wyQusfg6vOf1
H/BkGs2m2nCcqghJc8WvQU+FID7bASF5ezrLvyUov3acQHhKvi2bBJc+DkuKi2UY
ucMIOxmxkVB9BW2SFu9MU3gVyILxG1wuQga2ySM7kkX7KHzfXkESNHffmyQ7p8u9
zk2bJiRCAm/VECDvMINJUYAEdXWOouAwI+g7lU8zg5zyMiQ0kPm+5T9pV40XeS4R
u6k=
-----END CERTIFICATE-----
Generated at Mon Jun 17 15:56:26 2024 by rpki-client on console-fra.rpki-client.org