Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d862707d-98bd-4b24-91cb-070f98bf1ac9.roa
File:                     d862707d-98bd-4b24-91cb-070f98bf1ac9.roa (raw, json)
Hash identifier:          262fyzltpoDyS4PvBHRWxhxnfUHAaUzC9IdQV8JjC4U=
Subject key identifier:   FA:42:C7:21:89:34:C3:C9:E5:33:60:16:0D:25:D7:4E:D9:53:02:9A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       20701772519F3277B2BE94A68F29DFDCDB29DEA9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d862707d-98bd-4b24-91cb-070f98bf1ac9.roa
Signing time:             Mon 24 Jun 2024 00:00:00 +0000
ROA not before:           Mon 24 Jun 2024 00:00:00 +0000
ROA not after:            Mon 29 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf6:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:70:17:72:51:9f:32:77:b2:be:94:a6:8f:29:df:dc:db:29:de:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 24 00:00:00 2024 GMT
            Not After : Jul 29 23:59:59 2024 GMT
        Subject: serialNumber=b36adbdc01ccbb229e273879f025cfe78bfc7e0f55badebc98b377087e9a2303, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:38:6a:ec:ee:0f:03:32:e1:cb:f8:fd:f9:a7:
                    0c:5b:22:39:0d:f3:d9:19:6e:c8:64:20:b6:3f:41:
                    70:49:ee:d7:e3:c6:25:2c:a8:c4:0c:aa:6b:42:14:
                    52:33:86:ce:62:73:51:99:d8:20:fd:f1:f3:24:3b:
                    9b:94:a2:9b:0d:73:8b:b2:1e:10:16:f9:45:f4:29:
                    00:0f:71:4f:87:dd:c2:65:5b:9e:eb:59:fa:c8:af:
                    23:07:2d:f0:f6:b0:b2:8d:3f:15:e5:1d:05:52:f0:
                    30:67:20:7e:17:00:61:b3:14:4e:4b:d6:6c:00:0d:
                    5c:33:cc:8b:aa:71:de:6a:2a:f6:f0:f0:ff:49:99:
                    19:d3:50:a1:85:40:69:3a:6b:14:95:f7:43:a8:18:
                    21:71:b3:da:d7:14:15:89:f0:0d:96:b4:bc:0c:80:
                    ea:0d:cf:3b:1b:24:00:41:06:76:b3:e5:ff:bb:a6:
                    0a:34:e1:cc:99:dc:70:60:6a:0f:92:5b:f7:d4:74:
                    63:dc:9e:38:6f:77:57:c0:9e:8a:30:96:2f:a9:cc:
                    47:98:85:95:26:4d:c5:45:19:d6:31:b5:b8:5a:04:
                    54:92:30:8c:4d:4d:d7:05:f2:5f:80:af:cf:00:7b:
                    9b:ca:f2:db:42:84:e3:c3:48:c7:24:b8:ad:ef:54:
                    53:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:42:C7:21:89:34:C3:C9:E5:33:60:16:0D:25:D7:4E:D9:53:02:9A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d862707d-98bd-4b24-91cb-070f98bf1ac9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf6:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         60:8b:61:31:b5:62:08:92:54:70:72:7b:0d:17:11:e8:82:fe:
         bf:c7:db:bb:ef:c7:99:98:c6:d8:c4:75:20:3e:21:a3:07:9c:
         8c:ee:69:cc:09:4a:77:1c:b1:69:7e:63:05:f2:1e:e5:23:c3:
         76:87:a9:0a:34:95:97:c1:c5:85:32:85:7b:9e:39:8f:4a:e7:
         a9:24:5e:99:a8:2a:c7:f4:61:23:46:ac:8b:3e:95:b8:60:bb:
         04:8f:0a:60:78:c3:23:af:af:95:b2:c0:d4:03:40:35:ac:02:
         90:20:2e:9b:c1:ca:ee:ff:fb:25:ce:7c:54:d0:fc:dd:98:97:
         58:15:b4:24:28:2d:de:76:de:a0:3c:64:fb:67:2c:8e:dd:97:
         a6:03:25:30:c4:99:9b:ed:39:79:46:14:c3:bd:4d:de:f0:b9:
         04:ca:91:2d:ef:ef:3f:a5:38:95:fc:2e:34:26:69:83:0b:be:
         fe:09:e6:76:a6:77:6d:f3:69:30:02:74:0c:fb:b0:00:69:65:
         91:44:b9:c9:b4:5e:fa:54:e9:c3:a5:95:0c:da:72:32:0d:bf:
         17:96:5e:a1:a8:a7:bd:f5:6f:a7:d5:ef:81:d2:7f:d6:42:74:
         61:8f:03:d9:ac:e9:b5:cd:34:a9:80:df:44:d8:20:0f:2e:27:
         78:7c:c5:16
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUIHAXclGfMneyvpSmjynf3Nsp3qkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyNDAwMDAwMFoX
DTI0MDcyOTIzNTk1OVowejFJMEcGA1UEBRNAYjM2YWRiZGMwMWNjYmIyMjllMjcz
ODc5ZjAyNWNmZTc4YmZjN2UwZjU1YmFkZWJjOThiMzc3MDg3ZTlhMjMwMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jhq7O4PAzLhy/j9+acMWyI5DfPZ
GW7IZCC2P0FwSe7X48YlLKjEDKprQhRSM4bOYnNRmdgg/fHzJDublKKbDXOLsh4Q
FvlF9CkAD3FPh93CZVue61n6yK8jBy3w9rCyjT8V5R0FUvAwZyB+FwBhsxROS9Zs
AA1cM8yLqnHeair28PD/SZkZ01ChhUBpOmsUlfdDqBghcbPa1xQVifANlrS8DIDq
Dc87GyQAQQZ2s+X/u6YKNOHMmdxwYGoPklv31HRj3J44b3dXwJ6KMJYvqcxHmIWV
Jk3FRRnWMbW4WgRUkjCMTU3XBfJfgK/PAHubyvLbQoTjw0jHJLit71RTCQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPpCxyGJNMPJ5TNgFg0l107ZUwKaMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q4NjI3MDdkLTk4YmQtNGIyNC05MWNiLTA3MGY5OGJmMWFjOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9ggwDQYJKoZIhvcNAQELBQADggEBAGCLYTG1YgiSVHByew0X
EeiC/r/H27vvx5mYxtjEdSA+IaMHnIzuacwJSnccsWl+YwXyHuUjw3aHqQo0lZfB
xYUyhXueOY9K56kkXpmoKsf0YSNGrIs+lbhguwSPCmB4wyOvr5WywNQDQDWsApAg
LpvByu7/+yXOfFTQ/N2Yl1gVtCQoLd523qA8ZPtnLI7dl6YDJTDEmZvtOXlGFMO9
Td7wuQTKkS3v7z+lOJX8LjQmaYMLvv4J5namd23zaTACdAz7sABpZZFEucm0XvpU
6cOllQzacjINvxeWXqGop731b6fV74HSf9ZCdGGPA9ms6bXNNKmA30TYIA8uJ3h8
xRY=
-----END CERTIFICATE-----
Generated at Tue Jun 25 00:53:11 2024 by rpki-client on console-ams.rpki-client.org