Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e0fbaecf-3318-488e-80aa-57f0a5202e27.roa
File:                     e0fbaecf-3318-488e-80aa-57f0a5202e27.roa (raw, json)
Hash identifier:          +H6bSU8vTjkmp/8OxMlXMaPpyz78mCW0x4oB2Jbko9U=
Subject key identifier:   4F:37:36:55:AC:59:BD:0B:DF:65:51:7F:DD:80:DD:64:B6:52:25:47
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2EF6B0106B198ECC62817A3B9339B2A51DC88A1C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e0fbaecf-3318-488e-80aa-57f0a5202e27.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Sep 2023 12:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:f6:b0:10:6b:19:8e:cc:62:81:7a:3b:93:39:b2:a5:1d:c8:8a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=98a121d5c070c7e354c52e9afe1d05d104d50dd152af99fccfcb73e30aac4eff, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:55:b9:1e:11:6d:d4:2a:f1:2b:5e:50:49:47:
                    75:7b:32:31:6b:17:18:7c:7d:2e:8d:5d:26:2c:eb:
                    15:97:45:cd:24:6f:2b:d0:d4:e2:85:d8:6e:cf:76:
                    56:37:d2:22:a1:f2:60:47:2c:12:7b:cd:8a:38:66:
                    e1:64:85:ca:7b:6c:c2:c1:42:1f:6a:b1:a9:97:cf:
                    fb:7b:a6:3e:76:62:d5:b1:a8:cd:f5:56:36:3d:42:
                    d4:99:84:19:c7:46:f7:2a:b5:fe:d9:4b:25:0b:f3:
                    9e:a1:ba:92:e9:2e:2c:c1:79:e0:f6:47:50:33:9c:
                    d2:5a:e3:87:57:2f:aa:1c:73:98:d4:9d:2b:a9:90:
                    33:1d:a0:44:5c:ed:65:ed:a6:85:78:85:f8:56:be:
                    6d:a6:8f:5d:9a:05:ef:3f:f5:e4:28:33:fa:37:02:
                    a6:20:38:ed:4f:7d:08:1d:e2:f4:94:9c:1a:cc:6f:
                    21:7f:8c:d3:ca:d4:61:0b:4a:b1:db:02:8f:ea:45:
                    77:4b:00:00:ef:9d:42:86:56:c3:5b:8b:92:03:07:
                    b7:38:b9:45:54:c2:a2:84:a9:4e:c9:9d:42:56:a0:
                    2b:3a:38:a9:97:5d:8f:35:14:1f:c2:a6:bb:92:40:
                    2b:aa:51:e6:c4:79:a5:d8:2e:86:23:02:5b:6c:b2:
                    93:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:37:36:55:AC:59:BD:0B:DF:65:51:7F:DD:80:DD:64:B6:52:25:47
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e0fbaecf-3318-488e-80aa-57f0a5202e27.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         52:c7:ac:38:fe:ab:a2:7d:bb:da:7a:48:e4:35:51:af:ee:88:
         72:f4:38:a5:2c:89:cc:cc:5e:ce:ca:4e:72:04:18:4b:47:0b:
         97:68:a6:1d:53:c4:a8:e7:2d:bf:a0:87:90:0b:62:41:8a:2a:
         03:89:ad:50:b2:a5:cf:a7:b5:1c:45:39:61:60:a9:ff:5e:f6:
         5c:b9:9f:98:a9:e1:6d:40:dc:6d:f0:97:85:d5:26:43:ae:ab:
         d7:b7:bf:c8:22:49:b6:5e:52:aa:8d:44:63:68:49:a6:92:37:
         d3:57:7a:18:7d:53:06:f5:1d:72:63:02:a6:13:6b:a2:90:a2:
         3f:da:32:c8:26:68:11:c9:ac:5a:15:37:6c:20:a9:0d:db:8e:
         f7:a9:66:dd:b1:49:cf:85:6d:45:31:dc:e4:3b:66:bd:6c:83:
         40:5d:bd:aa:ad:46:92:84:94:c9:16:ad:45:77:76:17:d1:2b:
         81:13:bf:cc:16:c9:4e:7f:f8:cf:19:23:c4:65:b7:89:9e:7b:
         80:92:14:85:ad:91:6d:84:ad:5c:91:b7:32:50:eb:27:02:c2:
         fe:3a:f2:c0:d9:b1:ab:19:3b:20:c3:5b:7a:0f:60:17:96:bf:
         f2:f0:47:40:01:ae:f6:17:20:bb:c6:52:8c:26:24:26:ce:aa:
         ea:61:17:22
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULvawEGsZjsxigXo7kzmypR3IihwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkyMjAwMDAwMFoX
DTIzMTAyNzIzNTk1OVowejFJMEcGA1UEBRNAOThhMTIxZDVjMDcwYzdlMzU0YzUy
ZTlhZmUxZDA1ZDEwNGQ1MGRkMTUyYWY5OWZjY2ZjYjczZTMwYWFjNGVmZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1W5HhFt1CrxK15QSUd1ezIxaxcY
fH0ujV0mLOsVl0XNJG8r0NTihdhuz3ZWN9IiofJgRywSe82KOGbhZIXKe2zCwUIf
arGpl8/7e6Y+dmLVsajN9VY2PULUmYQZx0b3KrX+2UslC/OeobqS6S4swXng9kdQ
M5zSWuOHVy+qHHOY1J0rqZAzHaBEXO1l7aaFeIX4Vr5tpo9dmgXvP/XkKDP6NwKm
IDjtT30IHeL0lJwazG8hf4zTytRhC0qx2wKP6kV3SwAA751ChlbDW4uSAwe3OLlF
VMKihKlOyZ1CVqArOjipl12PNRQfwqa7kkArqlHmxHml2C6GIwJbbLKTdwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFE83NlWsWb0L32VRf92A3WS2UiVHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UwZmJhZWNmLTMzMTgtNDg4ZS04MGFhLTU3ZjBhNTIwMmUyNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaAIAwDQYJKoZIhvcNAQELBQADggEBAFLHrDj+q6J9u9p6SOQ1
Ua/uiHL0OKUsiczMXs7KTnIEGEtHC5doph1TxKjnLb+gh5ALYkGKKgOJrVCypc+n
tRxFOWFgqf9e9ly5n5ip4W1A3G3wl4XVJkOuq9e3v8giSbZeUqqNRGNoSaaSN9NX
ehh9Uwb1HXJjAqYTa6KQoj/aMsgmaBHJrFoVN2wgqQ3bjvepZt2xSc+FbUUx3OQ7
Zr1sg0BdvaqtRpKElMkWrUV3dhfRK4ETv8wWyU5/+M8ZI8Rlt4mee4CSFIWtkW2E
rVyRtzJQ6ycCwv468sDZsasZOyDDW3oPYBeWv/LwR0ABrvYXILvGUowmJCbOquph
FyI=
-----END CERTIFICATE-----
Generated at Fri Sep 22 00:30:05 2023 by rpki-client on console-fra.rpki-client.org