Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e0fbaecf-3318-488e-80aa-57f0a5202e27.roa
File:                     e0fbaecf-3318-488e-80aa-57f0a5202e27.roa (raw, json)
Hash identifier:          dYHPIDPskrPiTPPbBfgQXyAqbyzoYSK6ZCSBiDlCKhw=
Subject key identifier:   C3:DD:12:ED:42:7A:BB:B2:BA:BE:37:C3:38:95:62:EB:D8:2D:7D:CE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       376009120AFB70A81A7FD785BFF4A294AF619BCE
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e0fbaecf-3318-488e-80aa-57f0a5202e27.roa
Signing time:             Mon 06 Mar 2023 00:00:00 +0000
ROA not before:           Mon 06 Mar 2023 00:00:00 +0000
ROA not after:            Mon 10 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 16 Mar 2023 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:60:09:12:0a:fb:70:a8:1a:7f:d7:85:bf:f4:a2:94:af:61:9b:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar  6 00:00:00 2023 GMT
            Not After : Apr 10 23:59:59 2023 GMT
        Subject: serialNumber=bcec9014ecd9216c891f30b81f5dd643df6758bf422fedda65b231c4072d945b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:12:4a:e4:4e:c0:ad:8f:b6:fe:cc:24:fb:b6:
                    53:7f:7e:13:c4:ec:ed:00:d3:17:0c:3a:a2:70:dc:
                    36:c1:5e:6b:31:30:29:50:01:4d:33:9a:6a:81:c7:
                    ae:8f:65:e2:ec:43:33:19:58:68:83:0d:cf:c6:34:
                    46:94:b6:4f:99:38:20:d6:2b:38:5f:04:96:a7:14:
                    b9:92:43:cd:05:dd:14:a5:59:eb:df:d1:9b:77:fb:
                    45:28:2d:66:ce:6c:06:07:9d:89:3c:80:f2:ae:1b:
                    0b:34:aa:11:2e:8b:11:46:0f:24:b1:96:1c:d8:de:
                    77:ea:d5:ae:aa:94:74:98:72:2c:24:3a:77:9d:ac:
                    a6:69:e0:ee:9c:ec:ac:e9:ec:6c:db:4b:79:9a:6e:
                    08:45:9f:74:8e:ef:33:70:2e:e1:7d:21:5f:16:87:
                    37:a7:8e:de:a8:9c:8c:19:da:a3:ea:9d:61:98:d2:
                    32:62:3c:38:e3:63:26:53:7a:e7:35:16:de:5f:52:
                    0f:3a:94:74:61:bb:bc:b2:fd:fd:00:3f:a8:ef:de:
                    b8:af:e8:6e:86:35:75:77:d9:62:fa:cc:4c:08:7e:
                    ce:25:1c:a0:8f:b3:b4:ae:b8:55:ab:0a:f1:be:bb:
                    d6:27:4a:89:0a:10:86:30:9b:3a:23:c4:da:b4:9b:
                    52:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                C3:DD:12:ED:42:7A:BB:B2:BA:BE:37:C3:38:95:62:EB:D8:2D:7D:CE
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e0fbaecf-3318-488e-80aa-57f0a5202e27.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:c5:d9:b8:e3:06:55:7c:b5:f8:bb:76:fb:1a:0b:56:8c:88:
         6c:af:27:09:71:b6:cb:46:dd:c0:7c:d4:37:87:ac:67:8b:f1:
         d4:22:ed:99:a3:cd:bd:5a:3d:b0:c9:e7:32:8b:d6:87:08:d1:
         57:ff:24:26:ee:32:cc:93:de:c6:3c:fa:7b:20:ad:0e:50:72:
         1d:58:ee:25:e5:94:89:af:1d:8f:7c:7a:0a:7d:24:33:9c:5f:
         71:f5:c3:66:1a:4f:a3:fc:c0:88:08:a9:f4:85:5b:f1:17:f3:
         b0:bc:cb:dd:b7:7e:33:b3:6c:29:a3:9c:f3:c2:d7:9c:8a:59:
         dc:a7:64:ba:e7:73:e0:32:12:74:9e:e1:fe:a3:3c:3f:51:96:
         5d:57:90:db:a4:ce:e5:20:03:26:13:c0:b4:ca:20:bc:1a:bb:
         fa:66:37:10:2e:b8:7e:81:2b:06:d2:c0:16:c7:a0:a8:22:11:
         0f:e4:5a:21:72:2b:52:6e:c7:9b:27:f5:08:b1:61:38:cc:a7:
         21:41:e8:d4:91:75:97:02:c0:d5:67:27:32:44:ed:81:1a:d5:
         63:13:72:cf:b1:95:b9:70:43:b5:ce:ea:01:e0:12:17:ad:3e:
         05:5b:8c:5f:a6:a8:46:a9:04:8b:11:ad:0f:64:02:d3:74:22:
         73:f5:3e:be
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUN2AJEgr7cKgaf9eFv/SilK9hm84wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMwNjAwMDAwMFoX
DTIzMDQxMDIzNTk1OVowgaUxSTBHBgNVBAUTQGJjZWM5MDE0ZWNkOTIxNmM4OTFm
MzBiODFmNWRkNjQzZGY2NzU4YmY0MjJmZWRkYTY1YjIzMWM0MDcyZDk0NWIxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdEkrkTsCtj7b+zCT7tlN/fhPE7O0A0xcM
OqJw3DbBXmsxMClQAU0zmmqBx66PZeLsQzMZWGiDDc/GNEaUtk+ZOCDWKzhfBJan
FLmSQ80F3RSlWevf0Zt3+0UoLWbObAYHnYk8gPKuGws0qhEuixFGDySxlhzY3nfq
1a6qlHSYciwkOnedrKZp4O6c7Kzp7GzbS3mabghFn3SO7zNwLuF9IV8Whzenjt6o
nIwZ2qPqnWGY0jJiPDjjYyZTeuc1Ft5fUg86lHRhu7yy/f0AP6jv3riv6G6GNXV3
2WL6zEwIfs4lHKCPs7SuuFWrCvG+u9YnSokKEIYwmzojxNq0m1LjAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQUw90S7UJ6u7K6vjfDOJVi69gtfc4wHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvZTBm
YmFlY2YtMzMxOC00ODhlLTgwYWEtNTdmMGE1MjAyZTI3LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtoAgDANBgkqhkiG9w0BAQsFAAOCAQEAiMXZuOMGVXy1+Lt2+xoLVoyI
bK8nCXG2y0bdwHzUN4esZ4vx1CLtmaPNvVo9sMnnMovWhwjRV/8kJu4yzJPexjz6
eyCtDlByHVjuJeWUia8dj3x6Cn0kM5xfcfXDZhpPo/zAiAip9IVb8RfzsLzL3bd+
M7NsKaOc88LXnIpZ3Kdkuudz4DISdJ7h/qM8P1GWXVeQ26TO5SADJhPAtMogvBq7
+mY3EC64foErBtLAFsegqCIRD+RaIXIrUm7Hmyf1CLFhOMynIUHo1JF1lwLA1Wcn
MkTtgRrVYxNyz7GVuXBDtc7qAeASF60+BVuMX6aoRqkEixGtD2QC03Qic/U+vg==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:52:18 2023 by rpki-client on console-fra.rpki-client.org