Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d95f55c3-18b5-487c-a688-cab85ad16859.roa
File:                     d95f55c3-18b5-487c-a688-cab85ad16859.roa (raw, json)
Hash identifier:          /AM8I7IjdsvINlRc5/vO8RwYhZ5W82U0esrZtOD4Lqk=
Subject key identifier:   B3:B9:E0:6B:B5:EE:31:34:47:10:A6:1A:AB:36:08:88:E9:8E:FA:A4
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       65033CBA8C8714D5148E3EDF05528A2CEEBDCB7C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d95f55c3-18b5-487c-a688-cab85ad16859.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:03:3c:ba:8c:87:14:d5:14:8e:3e:df:05:52:8a:2c:ee:bd:cb:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=1051b0ef0db1d83773dc35ecc7e03a3b9b96d8c53d225d4ff3de9205c6fd1cc7, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:34:96:97:cd:6c:7d:29:1c:d5:1b:bf:8a:ba:
                    7d:97:02:db:16:f8:c9:5a:f6:c6:c2:35:d7:0d:a1:
                    17:57:a7:46:24:20:31:fa:ae:25:04:ca:05:79:9c:
                    4b:2f:db:40:67:49:ab:f5:05:7b:13:4e:23:f0:12:
                    94:7b:3f:b5:aa:f4:a1:a0:c8:0b:95:d9:46:f0:70:
                    dd:bf:a3:ab:00:5f:6f:a3:83:ed:d0:d1:02:50:96:
                    c9:34:7d:29:d9:6c:59:47:c1:6a:6e:6d:5d:3e:19:
                    f5:b5:d7:bf:a7:63:10:b2:07:ae:52:b2:4f:dd:44:
                    1e:bd:e5:66:8b:e7:48:84:be:89:f5:66:27:55:7b:
                    d1:d5:e9:9c:1a:5c:01:9d:f4:e5:b5:2a:f8:55:d9:
                    43:9d:d2:0b:dc:f4:d0:d2:e4:09:20:90:78:f0:bd:
                    d1:6c:ee:85:d1:86:d8:ac:b4:f6:38:6f:ad:9f:ec:
                    16:2c:20:94:aa:f4:b0:6f:47:b2:72:71:6c:f6:bb:
                    5b:af:f5:68:75:a5:a7:2a:0e:65:7c:ed:61:44:b3:
                    33:34:b3:af:8f:ea:ea:17:71:cc:ec:56:3a:36:4c:
                    67:0b:cd:ba:f7:ac:aa:9e:65:c3:e8:46:b4:8e:dd:
                    13:b0:85:19:6f:aa:b2:c3:5b:b1:1b:c0:7c:52:f1:
                    a5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:B9:E0:6B:B5:EE:31:34:47:10:A6:1A:AB:36:08:88:E9:8E:FA:A4
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d95f55c3-18b5-487c-a688-cab85ad16859.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:3f:79:f6:7c:7d:26:f1:91:26:41:e8:92:3d:ea:06:e3:17:
         41:a6:18:0e:07:90:b7:e8:09:00:91:4d:f9:1b:bd:02:9a:d5:
         78:e0:0c:fb:77:24:7f:65:38:02:98:11:c4:fe:07:7c:47:ce:
         4c:3b:09:a3:cf:9a:33:e9:b8:b3:ef:0f:7b:81:cd:b3:18:0b:
         fb:2b:fc:fb:51:72:dc:d5:0f:0e:30:16:da:ec:ab:b1:f8:68:
         94:b3:d3:96:4e:ba:ee:99:a5:8c:b9:f5:94:bd:35:81:ef:c4:
         b6:9b:63:33:1b:fe:0a:fc:09:6a:dc:30:e3:71:56:10:e8:e5:
         c8:a4:f1:c7:1c:d6:b2:fb:45:b9:85:f6:07:9f:28:bc:b7:13:
         26:cd:98:66:b2:2b:2f:4f:8e:1c:71:07:a5:8d:24:1d:94:8f:
         93:e4:3c:95:f0:35:95:ab:63:7c:7a:b1:10:78:50:a3:a6:14:
         1d:bf:a1:9f:7f:ef:5d:18:18:47:ec:9e:11:1b:64:3e:a9:56:
         49:a9:01:af:bf:8a:88:7b:09:c5:57:29:2e:76:6c:c4:e3:a5:
         58:4d:7b:c1:55:02:92:a7:4a:b6:3a:8b:a1:3e:46:0c:e6:bb:
         85:15:fe:65:3e:dd:41:0f:82:c8:e9:58:09:60:07:22:01:10:
         15:12:e6:61
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZQM8uoyHFNUUjj7fBVKKLO69y3wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAMTA1MWIwZWYwZGIxZDgzNzczZGMz
NWVjYzdlMDNhM2I5Yjk2ZDhjNTNkMjI1ZDRmZjNkZTkyMDVjNmZkMWNjNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjSWl81sfSkc1Ru/irp9lwLbFvjJ
WvbGwjXXDaEXV6dGJCAx+q4lBMoFeZxLL9tAZ0mr9QV7E04j8BKUez+1qvShoMgL
ldlG8HDdv6OrAF9vo4Pt0NECUJbJNH0p2WxZR8Fqbm1dPhn1tde/p2MQsgeuUrJP
3UQeveVmi+dIhL6J9WYnVXvR1emcGlwBnfTltSr4VdlDndIL3PTQ0uQJIJB48L3R
bO6F0YbYrLT2OG+tn+wWLCCUqvSwb0eycnFs9rtbr/VodaWnKg5lfO1hRLMzNLOv
j+rqF3HM7FY6NkxnC82696yqnmXD6Ea0jt0TsIUZb6qyw1uxG8B8UvGlJQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLO54Gu17jE0RxCmGqs2CIjpjvqkMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q5NWY1NWMzLTE4YjUtNDg3Yy1hNjg4LWNhYjg1YWQxNjg1OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYBAwDQYJKoZIhvcNAQELBQADggEBADI/efZ8fSbxkSZB6JI9
6gbjF0GmGA4HkLfoCQCRTfkbvQKa1XjgDPt3JH9lOAKYEcT+B3xHzkw7CaPPmjPp
uLPvD3uBzbMYC/sr/PtRctzVDw4wFtrsq7H4aJSz05ZOuu6ZpYy59ZS9NYHvxLab
YzMb/gr8CWrcMONxVhDo5cik8ccc1rL7RbmF9gefKLy3EybNmGayKy9PjhxxB6WN
JB2Uj5PkPJXwNZWrY3x6sRB4UKOmFB2/oZ9/710YGEfsnhEbZD6pVkmpAa+/ioh7
CcVXKS52bMTjpVhNe8FVApKnSrY6i6E+Rgzmu4UV/mU+3UEPgsjpWAlgByIBEBUS
5mE=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:05:27 2024 by rpki-client on console-ams.rpki-client.org