Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dd3d6020-be78-46ca-9b8a-63fdbfc9da9b.roa
File:                     dd3d6020-be78-46ca-9b8a-63fdbfc9da9b.roa (raw, json)
Hash identifier:          r8d6/9TuIBW8xybEgBbNljae7Ht/Xs6yAL+HqFdYuTo=
Subject key identifier:   F0:9B:A9:3E:D8:AD:47:9A:21:12:4C:B7:C0:DB:51:05:10:9C:81:38
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4657CC415C4DDB58CD0A515FB1EE58223847188B
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dd3d6020-be78-46ca-9b8a-63fdbfc9da9b.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf5:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:57:cc:41:5c:4d:db:58:cd:0a:51:5f:b1:ee:58:22:38:47:18:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=b1f21bf9f107e257804883902e7d70137f20f95d91dc07559325047e9cd1c5c1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:01:8e:75:14:a3:bd:73:d4:37:15:9b:36:37:
                    fb:92:e3:d8:9c:d6:e2:66:a3:91:1f:a8:60:6b:79:
                    a5:c8:ad:eb:ab:85:e4:fc:74:7d:5b:a5:89:13:15:
                    79:8e:d7:cf:87:a0:4e:6d:2c:12:d0:ed:8c:f3:77:
                    f6:ff:80:60:cc:1a:81:2e:13:17:bf:62:23:8e:ee:
                    be:39:4a:12:ae:92:c4:93:e9:ea:c5:58:81:e6:11:
                    7f:6a:fd:b6:07:72:65:00:be:5e:ad:05:6f:f8:0f:
                    55:f1:2a:63:57:d4:00:f3:8f:b2:2d:ac:66:b8:94:
                    5e:36:75:73:0b:73:17:79:ef:a6:c0:76:b6:06:4e:
                    cf:d5:40:b8:0a:4f:4f:8a:a9:52:e5:e7:b2:02:75:
                    f5:58:ed:3d:23:e9:0e:79:fe:f0:df:c7:7f:78:6b:
                    4d:24:af:2c:14:67:7f:92:e9:fb:9b:8c:20:97:f7:
                    de:ac:d0:ce:37:e4:4c:f9:69:c3:d6:bf:61:32:9e:
                    67:39:5e:e0:e3:4a:df:e6:1e:de:49:80:11:0f:32:
                    86:5a:85:71:24:2c:00:ec:a0:f6:f8:12:10:1f:58:
                    c0:f6:05:d3:16:68:85:37:aa:b3:6f:3f:66:38:16:
                    76:e5:15:1e:4a:09:9e:7d:a5:3c:0e:ef:e6:ed:3f:
                    57:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:9B:A9:3E:D8:AD:47:9A:21:12:4C:B7:C0:DB:51:05:10:9C:81:38
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dd3d6020-be78-46ca-9b8a-63fdbfc9da9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf5:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:13:87:e1:95:57:89:31:98:6c:30:50:ee:75:67:f7:9d:63:
         b9:ec:90:56:94:42:62:3d:86:44:a5:ad:9d:f8:5c:0e:5d:b3:
         2e:f4:a7:16:28:e0:a4:c6:ca:0e:b7:c5:e4:c4:2a:ff:7c:87:
         b2:7d:3b:d0:ee:ac:0c:91:c3:a4:8a:22:06:f0:3b:d3:49:f6:
         1c:9c:a3:4b:c4:60:ce:d6:ea:e5:34:57:f5:a8:6a:a6:6c:bd:
         6b:20:73:26:0b:51:7f:47:74:66:86:e1:67:f3:6b:43:2e:c1:
         e2:c9:07:00:ca:e4:29:69:aa:e6:f0:87:cc:be:05:1d:d0:21:
         9f:1c:db:38:6a:b4:09:21:4f:04:9b:a1:4c:93:e3:4f:0e:59:
         d7:eb:d4:e5:14:f9:71:09:6b:2f:32:a3:eb:b5:67:76:51:93:
         1e:d9:fe:2c:ff:ce:a7:6f:a3:d6:08:3a:14:4b:75:04:5a:a4:
         d0:34:95:51:d1:fc:3c:7f:4c:47:10:3c:fc:86:ab:d0:1d:cb:
         77:00:14:97:6c:0d:7e:cf:25:a9:48:cd:b7:65:5b:b6:eb:b7:
         00:1b:56:e9:51:2d:b3:ff:18:e4:19:db:86:44:65:d8:24:18:
         92:a4:e2:1f:d3:60:06:67:4e:cf:20:8b:e6:92:99:71:94:8c:
         a9:e7:35:f7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIURlfMQVxN21jNClFfse5YIjhHGIswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNAYjFmMjFiZjlmMTA3ZTI1NzgwNDg4
MzkwMmU3ZDcwMTM3ZjIwZjk1ZDkxZGMwNzU1OTMyNTA0N2U5Y2QxYzVjMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAGOdRSjvXPUNxWbNjf7kuPYnNbi
ZqORH6hga3mlyK3rq4Xk/HR9W6WJExV5jtfPh6BObSwS0O2M83f2/4BgzBqBLhMX
v2Ijju6+OUoSrpLEk+nqxViB5hF/av22B3JlAL5erQVv+A9V8SpjV9QA84+yLaxm
uJReNnVzC3MXee+mwHa2Bk7P1UC4Ck9PiqlS5eeyAnX1WO09I+kOef7w38d/eGtN
JK8sFGd/kun7m4wgl/ferNDON+RM+WnD1r9hMp5nOV7g40rf5h7eSYARDzKGWoVx
JCwA7KD2+BIQH1jA9gXTFmiFN6qzbz9mOBZ25RUeSgmefaU8Du/m7T9X0QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPCbqT7YrUeaIRJMt8DbUQUQnIE4MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RkM2Q2MDIwLWJlNzgtNDZjYS05YjhhLTYzZmRiZmM5ZGE5Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9SAwDQYJKoZIhvcNAQELBQADggEBAAwTh+GVV4kxmGwwUO51
Z/edY7nskFaUQmI9hkSlrZ34XA5dsy70pxYo4KTGyg63xeTEKv98h7J9O9DurAyR
w6SKIgbwO9NJ9hyco0vEYM7W6uU0V/WoaqZsvWsgcyYLUX9HdGaG4Wfza0MuweLJ
BwDK5Clpqubwh8y+BR3QIZ8c2zhqtAkhTwSboUyT408OWdfr1OUU+XEJay8yo+u1
Z3ZRkx7Z/iz/zqdvo9YIOhRLdQRapNA0lVHR/Dx/TEcQPPyGq9Ady3cAFJdsDX7P
JalIzbdlW7brtwAbVulRLbP/GOQZ24ZEZdgkGJKk4h/TYAZnTs8gi+aSmXGUjKnn
Nfc=
-----END CERTIFICATE-----
Generated at Fri Jun 14 19:06:55 2024 by rpki-client on console-ams.rpki-client.org