Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e349b597-0f1d-4a25-8fba-bd1085fa368b.roa
File:                     e349b597-0f1d-4a25-8fba-bd1085fa368b.roa (raw, json)
Hash identifier:          xGJqf2UYUuh4k5Fr99/dloElngDIcrG+1iecQlGs9/k=
Subject key identifier:   E3:C4:E4:F1:D2:0E:CC:A4:0C:C7:9A:21:36:80:D2:3F:F4:20:63:F5
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       19B8F35D33A55B3F5F0E06DDB287C62E5D6647E9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e349b597-0f1d-4a25-8fba-bd1085fa368b.roa
Signing time:             Fri 07 Jun 2024 00:00:00 +0000
ROA not before:           Fri 07 Jun 2024 00:00:00 +0000
ROA not after:            Fri 12 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:8800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:b8:f3:5d:33:a5:5b:3f:5f:0e:06:dd:b2:87:c6:2e:5d:66:47:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun  7 00:00:00 2024 GMT
            Not After : Jul 12 23:59:59 2024 GMT
        Subject: serialNumber=f0c0085e2d798a09718764c69a122d5247f12bf308fef91be51e3086982549e3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9a:27:f3:2a:88:e4:a3:13:1b:c4:1b:49:af:
                    c7:d8:8a:a3:63:9f:6f:31:49:e2:60:d0:72:0e:1c:
                    32:bb:8d:2a:61:70:c9:06:48:1e:9f:c4:a3:74:0e:
                    39:32:1f:d7:a3:90:e1:72:6e:9b:ec:67:fe:de:f5:
                    3f:ee:2c:43:df:4a:df:d8:0d:dc:3b:6d:61:ed:18:
                    24:68:6a:ee:63:dc:29:3c:76:65:c7:21:0d:3d:5a:
                    21:51:ec:26:de:77:be:d9:74:fa:44:f0:55:2e:22:
                    ff:2e:38:03:47:b5:0a:3e:59:51:fa:29:37:e8:ab:
                    80:bf:eb:68:e8:ef:1c:58:20:57:0c:4b:d0:c3:04:
                    c9:e5:e9:bd:41:35:73:cd:ba:8a:4e:88:d9:02:4e:
                    76:f8:b3:19:22:dd:79:e0:fc:3e:29:51:b4:9e:d4:
                    de:1f:e8:0e:a2:ee:0f:de:c0:3a:68:f6:50:f4:fc:
                    5d:8a:80:1a:20:39:bb:cf:77:d6:2a:e8:7c:75:1f:
                    77:82:b3:78:12:30:33:cb:45:2e:5b:bf:8b:72:6d:
                    31:4a:f3:fc:d6:f3:7d:58:d3:3e:06:19:a5:5f:d1:
                    16:e3:12:ab:cf:77:8a:5f:f1:ff:81:cd:9f:cf:f0:
                    1e:98:d8:3a:66:df:77:51:62:a2:29:74:d9:ed:ce:
                    a3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C4:E4:F1:D2:0E:CC:A4:0C:C7:9A:21:36:80:D2:3F:F4:20:63:F5
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e349b597-0f1d-4a25-8fba-bd1085fa368b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         c9:02:41:16:6e:3b:b1:7f:9e:72:59:77:28:dc:7f:43:1d:e2:
         dc:ea:d6:68:0b:6d:e2:2a:e2:5d:00:fa:1d:1a:15:99:c7:f5:
         6b:ce:b3:ba:6e:56:03:b5:56:54:20:3b:ac:01:05:68:0d:b8:
         50:c0:58:74:76:80:c9:77:d4:5c:e3:7c:4d:05:ae:91:34:93:
         63:d5:45:4b:41:dd:41:ea:d3:32:0e:cd:d6:24:a6:96:48:14:
         8b:e8:4b:09:83:f9:3f:d5:8e:45:99:4b:1e:6f:ff:8f:75:11:
         13:d0:51:b9:90:61:b2:f3:35:b9:9d:08:98:cf:8e:c3:57:86:
         75:18:e3:c7:01:23:fd:e9:ff:d3:fe:a7:c9:75:0e:c4:da:e9:
         c6:45:98:34:3f:b8:f8:51:00:55:46:e9:60:17:6a:50:91:fb:
         e2:31:93:f1:c7:c2:a4:ff:1e:c6:00:5e:4e:ba:33:3e:82:4b:
         b0:56:18:3d:58:0b:24:28:55:cc:f3:4a:a0:0b:8a:26:99:cb:
         68:92:fc:7d:03:bc:48:87:c7:b2:99:c5:fa:90:c8:5d:4d:b8:
         ab:61:9c:e9:fc:0c:e8:60:e9:08:93:2a:a4:db:45:4e:cf:ad:
         c9:1e:f8:56:c6:4e:0f:2f:ec:3b:09:f1:4f:cb:27:65:48:bf:
         92:63:8f:ca
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUGbjzXTOlWz9fDgbdsofGLl1mR+kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYwNzAwMDAwMFoX
DTI0MDcxMjIzNTk1OVowejFJMEcGA1UEBRNAZjBjMDA4NWUyZDc5OGEwOTcxODc2
NGM2OWExMjJkNTI0N2YxMmJmMzA4ZmVmOTFiZTUxZTMwODY5ODI1NDllMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJon8yqI5KMTG8QbSa/H2IqjY59v
MUniYNByDhwyu40qYXDJBkgen8SjdA45Mh/Xo5Dhcm6b7Gf+3vU/7ixD30rf2A3c
O21h7RgkaGruY9wpPHZlxyENPVohUewm3ne+2XT6RPBVLiL/LjgDR7UKPllR+ik3
6KuAv+to6O8cWCBXDEvQwwTJ5em9QTVzzbqKTojZAk52+LMZIt154Pw+KVG0ntTe
H+gOou4P3sA6aPZQ9PxdioAaIDm7z3fWKuh8dR93grN4EjAzy0UuW7+Lcm0xSvP8
1vN9WNM+BhmlX9EW4xKrz3eKX/H/gc2fz/AemNg6Zt93UWKiKXTZ7c6jGQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOPE5PHSDsykDMeaITaA0j/0IGP1MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UzNDliNTk3LTBmMWQtNGEyNS04ZmJhLWJkMTA4NWZhMzY4Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba94gwDQYJKoZIhvcNAQELBQADggEBAMkCQRZuO7F/nnJZdyjc
f0Md4tzq1mgLbeIq4l0A+h0aFZnH9WvOs7puVgO1VlQgO6wBBWgNuFDAWHR2gMl3
1FzjfE0FrpE0k2PVRUtB3UHq0zIOzdYkppZIFIvoSwmD+T/VjkWZSx5v/491ERPQ
UbmQYbLzNbmdCJjPjsNXhnUY48cBI/3p/9P+p8l1DsTa6cZFmDQ/uPhRAFVG6WAX
alCR++Ixk/HHwqT/HsYAXk66Mz6CS7BWGD1YCyQoVczzSqALiiaZy2iS/H0DvEiH
x7KZxfqQyF1NuKthnOn8DOhg6QiTKqTbRU7Prcke+FbGTg8v7DsJ8U/LJ2VIv5Jj
j8o=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:06 2024 by rpki-client on console-ams.rpki-client.org