Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e527b4cc-d757-4fe5-b860-39f3cd54f2dc.roa
File:                     e527b4cc-d757-4fe5-b860-39f3cd54f2dc.roa (raw, json)
Hash identifier:          9+zhUnxymVZ/Fuv0LRX5jHy7vqH/FsmejBFUX4ALXv4=
Subject key identifier:   D1:FF:A1:9B:DE:2F:2E:C3:5F:D0:A6:B5:00:33:E3:D1:27:09:3A:98
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4392E1FCF13A3E0130CE6D05EB5EC797412BFBC9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e527b4cc-d757-4fe5-b860-39f3cd54f2dc.roa
Signing time:             Sun 26 Mar 2023 00:00:00 +0000
ROA not before:           Sun 26 Mar 2023 00:00:00 +0000
ROA not after:            Sun 30 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Mar 2023 12:04:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:92:e1:fc:f1:3a:3e:01:30:ce:6d:05:eb:5e:c7:97:41:2b:fb:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 26 00:00:00 2023 GMT
            Not After : Apr 30 23:59:59 2023 GMT
        Subject: serialNumber=c10edc0d2a4de6e49a0d8038cf90c73d0574585bc260535af319d85ca9240ed6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b9:ad:d0:08:89:bb:cd:5d:a5:39:f5:ab:38:
                    e1:e5:3a:08:c4:ff:e3:54:79:ea:60:b3:54:d8:66:
                    45:31:fe:8b:54:77:8c:f6:1a:c5:e1:d0:24:6c:a8:
                    4c:f6:c5:71:49:ba:f4:31:6d:d4:e1:42:d0:3c:f2:
                    ee:e7:1f:aa:e3:e1:78:73:71:0a:d2:f6:67:7e:95:
                    2c:36:c9:f9:e8:51:92:f6:3f:f0:d2:c2:71:19:cf:
                    ee:db:a5:01:b1:b9:0f:d6:60:c6:b1:37:a0:a8:1c:
                    e0:f0:e5:54:0c:22:0c:55:f3:3b:06:cc:b1:23:ee:
                    eb:0c:7c:79:c1:56:03:50:81:a3:d5:b3:2e:77:e7:
                    bb:41:b0:07:27:7d:90:a9:5d:60:22:dc:91:04:80:
                    4c:c3:f5:8f:16:24:6a:3a:4c:85:c9:f1:36:1c:4a:
                    ae:1e:69:0d:ff:a8:94:ab:78:57:21:48:f0:b8:a5:
                    fd:26:d8:8b:ec:38:6e:27:07:36:3b:3c:99:e9:bc:
                    5c:9e:09:e0:fb:c0:07:ff:58:a3:9f:b2:21:7d:3f:
                    be:2f:3f:7d:f2:a7:ab:0b:7f:78:79:e7:48:36:08:
                    2e:ef:a5:4a:4e:07:f9:90:e9:f7:8d:6e:f9:d5:55:
                    c0:1c:c4:16:e8:dd:f4:29:23:ac:07:16:0a:e8:dc:
                    b1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D1:FF:A1:9B:DE:2F:2E:C3:5F:D0:A6:B5:00:33:E3:D1:27:09:3A:98
            X509v3 Authority Key Identifier: 
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e527b4cc-d757-4fe5-b860-39f3cd54f2dc.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         40:6a:e8:b9:74:e7:8e:a9:17:2e:82:e2:28:b7:43:57:9c:00:
         c3:a0:ae:31:26:66:28:8f:e0:1f:eb:c6:f4:d7:69:35:fd:3c:
         eb:f1:c1:ff:6b:53:e3:d2:81:f2:ba:69:c5:75:cf:e3:94:be:
         93:9b:07:bc:b2:bd:31:1f:10:5c:b2:62:2f:ca:8e:a0:fb:93:
         81:b1:d1:9e:cb:c0:f8:7c:5f:d0:f6:9d:0f:9a:38:b3:cf:69:
         4c:10:70:44:78:62:8a:1e:cd:c7:4e:9c:b7:fd:ad:34:22:9f:
         62:02:83:ad:a8:1f:80:fc:be:ec:4a:e8:cf:16:42:1c:0d:4a:
         22:3e:e3:f3:30:3c:e9:cc:6d:e3:47:f1:ea:3d:f0:55:af:63:
         f2:26:d5:80:f8:ee:41:c7:44:76:d4:1e:ff:42:4a:06:61:4b:
         27:9f:f9:07:b2:97:44:97:5d:7d:37:7e:4f:2c:f3:4c:31:69:
         2e:f5:7a:07:d3:f4:19:b5:32:de:a7:de:00:4f:c1:c4:e9:d4:
         50:75:7c:7d:d0:6f:f1:0b:61:25:18:04:b3:07:ab:8d:34:18:
         b3:20:60:46:46:b0:85:43:25:e3:df:2b:af:e0:a5:aa:eb:bc:
         e8:6a:24:e7:69:62:9a:37:87:cf:06:50:5f:9f:15:62:a7:a3:
         63:82:37:fe
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIUQ5Lh/PE6PgEwzm0F617Hl0Er+8kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDMyNjAwMDAwMFoX
DTIzMDQzMDIzNTk1OVowgaUxSTBHBgNVBAUTQGMxMGVkYzBkMmE0ZGU2ZTQ5YTBk
ODAzOGNmOTBjNzNkMDU3NDU4NWJjMjYwNTM1YWYzMTlkODVjYTkyNDBlZDYxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2ua3QCIm7zV2lOfWrOOHlOgjE/+NUeepg
s1TYZkUx/otUd4z2GsXh0CRsqEz2xXFJuvQxbdThQtA88u7nH6rj4XhzcQrS9md+
lSw2yfnoUZL2P/DSwnEZz+7bpQGxuQ/WYMaxN6CoHODw5VQMIgxV8zsGzLEj7usM
fHnBVgNQgaPVsy5357tBsAcnfZCpXWAi3JEEgEzD9Y8WJGo6TIXJ8TYcSq4eaQ3/
qJSreFchSPC4pf0m2IvsOG4nBzY7PJnpvFyeCeD7wAf/WKOfsiF9P74vP33yp6sL
f3h550g2CC7vpUpOB/mQ6feNbvnVVcAcxBbo3fQpI6wHFgro3LHNAgMBAAGjggJK
MIICRjAdBgNVHQ4EFgQU0f+hm94vLsNf0Ka1ADPj0ScJOpgwHwYDVR0jBBgwFoAU
QHaCVSTSxm0uEENv5l6T6MG9SjcwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL1FIYUNWU1RTeG0w
dUVFTnY1bDZUNk1HOVNqYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvZTUy
N2I0Y2MtZDc1Ny00ZmU1LWI4NjAtMzlmM2NkNTRmMmRjLnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS83YmExNzg2My1hNjEzLTQxOTctOWVkNS1iZWRhNmE4OTg2OWYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAkBtryEDANBgkqhkiG9w0BAQsFAAOCAQEAQGrouXTnjqkXLoLiKLdDV5wA
w6CuMSZmKI/gH+vG9NdpNf086/HB/2tT49KB8rppxXXP45S+k5sHvLK9MR8QXLJi
L8qOoPuTgbHRnsvA+Hxf0PadD5o4s89pTBBwRHhiih7Nx06ct/2tNCKfYgKDragf
gPy+7ErozxZCHA1KIj7j8zA86cxt40fx6j3wVa9j8ibVgPjuQcdEdtQe/0JKBmFL
J5/5B7KXRJddfTd+TyzzTDFpLvV6B9P0GbUy3qfeAE/BxOnUUHV8fdBv8QthJRgE
swerjTQYsyBgRkawhUMl498rr+Clquu86Gok52limjeHzwZQX58VYqejY4I3/g==
-----END CERTIFICATE-----
Generated at Sun Mar 26 00:40:38 2023 by rpki-client on console-ams.rpki-client.org