Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df283100-6f05-4533-89fd-648b23de2ce4.roa
File:                     df283100-6f05-4533-89fd-648b23de2ce4.roa (raw, json)
Hash identifier:          fGy0lwvO8kPeLw3Odieq1xihHcF+9CsXEjJ1VURJIns=
Subject key identifier:   2B:C1:22:8C:13:77:83:5C:6C:54:88:3D:26:A5:79:20:6C:AC:CE:7F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       10B816CA350A6B47C790CC0D583270767842FDD0
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df283100-6f05-4533-89fd-648b23de2ce4.roa
Signing time:             Mon 23 Sep 2024 00:00:00 +0000
ROA not before:           Mon 23 Sep 2024 00:00:00 +0000
ROA not after:            Mon 28 Oct 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da25::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 15 Oct 2024 00:05:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:b8:16:ca:35:0a:6b:47:c7:90:cc:0d:58:32:70:76:78:42:fd:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 23 00:00:00 2024 GMT
            Not After : Oct 28 23:59:59 2024 GMT
        Subject: serialNumber=01816042fe39377441f6ac0d19df77f65fda01d23bae03553c7adea39649a83b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d5:93:fc:6b:91:fa:89:d2:ef:ae:8a:09:15:
                    f7:6c:9b:b2:cf:2e:3b:3a:50:15:5e:0c:50:5a:7e:
                    f4:4b:01:42:61:2a:3e:8f:23:16:1a:2e:ee:02:29:
                    a2:97:de:de:c9:c1:b2:d8:32:ef:0a:26:27:c0:b4:
                    10:4a:2d:d4:f4:94:57:f7:e4:0e:3b:55:b2:c8:8c:
                    ab:cb:5b:f0:36:ad:53:ad:01:1c:1b:cb:bc:f7:46:
                    70:35:37:86:2a:d7:94:08:82:8b:a9:1f:fd:64:ee:
                    07:c1:be:b4:9f:88:03:6d:20:27:8f:b4:c9:11:aa:
                    9d:5b:f6:67:ab:d1:cb:33:19:a5:38:ec:bc:d9:c4:
                    a0:a5:22:86:d3:de:91:4a:2d:a2:6b:f7:23:f0:31:
                    3f:29:fb:8a:95:6c:a7:42:f1:08:86:ba:b5:6a:78:
                    5d:04:f8:b0:ab:2f:9c:1a:b9:3f:03:d2:f8:7a:f0:
                    50:e3:12:7c:27:f5:79:4c:48:9d:97:d1:46:a2:5a:
                    5c:50:9e:00:27:ea:54:c0:48:b3:93:57:39:38:03:
                    13:04:d6:d0:03:a7:49:b6:34:21:10:3d:6b:10:c3:
                    df:96:36:5f:ff:1d:fb:7e:4e:44:de:25:56:ee:9a:
                    88:f1:ac:ca:08:0d:4f:c6:5f:67:60:c5:29:30:42:
                    77:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C1:22:8C:13:77:83:5C:6C:54:88:3D:26:A5:79:20:6C:AC:CE:7F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df283100-6f05-4533-89fd-648b23de2ce4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da25::/36

    Signature Algorithm: sha256WithRSAEncryption
         7f:b3:bf:9e:08:7b:1c:77:aa:0a:fe:61:04:e1:51:22:e1:64:
         73:03:9a:f9:8c:cc:20:a1:f7:15:7d:1f:68:38:c2:47:15:d0:
         e1:f8:21:30:c8:20:9a:2a:a8:91:46:aa:7d:47:9b:9d:fe:c2:
         6b:cd:93:63:e7:18:ad:dd:0d:db:e3:1b:ac:a5:bd:27:ed:8a:
         be:3a:cd:7f:56:55:76:dc:ef:be:fc:75:b9:5a:ca:ba:ae:f8:
         71:03:7c:d2:d4:b4:f3:7f:72:80:d2:28:73:de:2c:2a:aa:c0:
         10:b6:3b:4a:4a:d4:db:69:3c:f6:4b:3c:5a:01:58:52:eb:2e:
         1b:48:28:a1:dc:92:da:82:d8:47:1e:5d:7a:03:28:ca:02:d5:
         59:39:40:b7:92:0f:b7:dc:ab:de:bb:24:2f:8e:c2:f1:c6:17:
         04:63:6b:1e:4e:6f:8f:6a:10:40:28:bf:f8:76:46:56:53:81:
         f1:7b:14:a5:8e:f4:1e:41:a4:aa:9d:90:0f:7b:dc:97:1c:5b:
         ba:9e:00:4d:a7:54:bd:64:c8:c2:b5:6c:9a:6f:b6:d1:d2:45:
         05:c8:9b:b9:1b:3d:bb:a2:3f:92:7c:ab:70:1b:0d:c7:0b:4b:
         5a:47:44:c1:4e:52:8a:9e:bb:2e:a3:08:7c:f2:7f:ac:35:20:
         ed:1c:a5:0d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUELgWyjUKa0fHkMwNWDJwdnhC/dAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDkyMzAwMDAwMFoX
DTI0MTAyODIzNTk1OVowejFJMEcGA1UEBRNAMDE4MTYwNDJmZTM5Mzc3NDQxZjZh
YzBkMTlkZjc3ZjY1ZmRhMDFkMjNiYWUwMzU1M2M3YWRlYTM5NjQ5YTgzYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdWT/GuR+onS766KCRX3bJuyzy47
OlAVXgxQWn70SwFCYSo+jyMWGi7uAimil97eycGy2DLvCiYnwLQQSi3U9JRX9+QO
O1WyyIyry1vwNq1TrQEcG8u890ZwNTeGKteUCIKLqR/9ZO4Hwb60n4gDbSAnj7TJ
EaqdW/Znq9HLMxmlOOy82cSgpSKG096RSi2ia/cj8DE/KfuKlWynQvEIhrq1anhd
BPiwqy+cGrk/A9L4evBQ4xJ8J/V5TEidl9FGolpcUJ4AJ+pUwEizk1c5OAMTBNbQ
A6dJtjQhED1rEMPfljZf/x37fk5E3iVW7pqI8azKCA1Pxl9nYMUpMEJ3wQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCvBIowTd4NcbFSIPSaleSBsrM5/MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RmMjgzMTAwLTZmMDUtNDUzMy04OWZkLTY0OGIyM2RlMmNlNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaJQAwDQYJKoZIhvcNAQELBQADggEBAH+zv54Iexx3qgr+YQTh
USLhZHMDmvmMzCCh9xV9H2g4wkcV0OH4ITDIIJoqqJFGqn1Hm53+wmvNk2PnGK3d
DdvjG6ylvSftir46zX9WVXbc7778dblayrqu+HEDfNLUtPN/coDSKHPeLCqqwBC2
O0pK1NtpPPZLPFoBWFLrLhtIKKHcktqC2EceXXoDKMoC1Vk5QLeSD7fcq967JC+O
wvHGFwRjax5Ob49qEEAov/h2RlZTgfF7FKWO9B5BpKqdkA973JccW7qeAE2nVL1k
yMK1bJpvttHSRQXIm7kbPbuiP5J8q3AbDccLS1pHRMFOUoqeuy6jCHzyf6w1IO0c
pQ0=
-----END CERTIFICATE-----
Generated at Fri Oct 11 01:47:20 2024 by rpki-client on console-ams.rpki-client.org