Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e65a7bae-3455-401c-9c8b-31b1d31be854.roa
File:                     e65a7bae-3455-401c-9c8b-31b1d31be854.roa (raw, json)
Hash identifier:          XmFfrUldZ3SwaERKbqPXTh9BEHOhIpUjn4QsXK6dVjA=
Subject key identifier:   9B:4A:D9:3A:C0:27:D7:D0:5D:75:25:C8:E7:0B:3C:06:40:B9:EE:CD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       21DF7D21352104B05439AD3C4E9D82FADB03F2A1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e65a7bae-3455-401c-9c8b-31b1d31be854.roa
Signing time:             Mon 27 May 2024 00:00:00 +0000
ROA not before:           Mon 27 May 2024 00:00:00 +0000
ROA not after:            Mon 01 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:4800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:df:7d:21:35:21:04:b0:54:39:ad:3c:4e:9d:82:fa:db:03:f2:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 27 00:00:00 2024 GMT
            Not After : Jul  1 23:59:59 2024 GMT
        Subject: serialNumber=8fd9946e5a4ac673caa74c4c3df7d5c6ba8a4748318359a4e3dd5126b6f7dc3e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fb:47:4e:a8:c6:2e:e2:34:03:c1:b8:f0:b4:
                    98:14:3b:44:df:78:c8:ea:7c:a6:8d:7e:3a:76:f0:
                    a4:6c:3c:1e:7b:de:f4:7a:93:de:c4:10:c4:85:36:
                    51:6c:3d:da:94:17:f1:d6:00:bf:28:e4:b9:5e:39:
                    00:41:16:33:88:72:91:96:99:b8:b6:a5:83:e6:82:
                    96:91:99:fc:d9:d5:d6:a2:8c:31:24:9d:74:26:f3:
                    03:a6:9f:17:cb:c5:fc:99:0d:e2:46:f8:5f:dd:3b:
                    71:47:fe:90:a3:0d:d9:aa:0d:8f:56:8a:43:87:af:
                    72:bb:78:c2:ba:4d:92:65:53:86:34:1c:24:6a:d4:
                    14:d2:e2:af:b8:48:b4:58:f9:60:76:92:6e:2f:fa:
                    0f:d9:7c:47:33:e6:f4:bf:d6:74:1c:a1:3d:c8:73:
                    27:83:7e:5a:57:8e:a1:4a:85:6f:77:8a:c8:e9:c5:
                    dc:5a:2c:35:2f:64:ef:83:c3:01:d4:b6:c3:a3:6f:
                    f9:d3:1c:9b:cc:b4:1d:68:ac:29:ad:0c:f2:d0:10:
                    7e:df:6d:13:f5:6c:e4:65:4d:2a:bf:21:9c:8f:4b:
                    22:13:bc:df:8d:14:1a:4e:0c:91:72:ca:06:43:0f:
                    3c:ab:a9:7e:05:d6:df:69:79:d2:a2:ec:de:3d:3e:
                    a3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:4A:D9:3A:C0:27:D7:D0:5D:75:25:C8:E7:0B:3C:06:40:B9:EE:CD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e65a7bae-3455-401c-9c8b-31b1d31be854.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         91:41:c1:d6:1c:4f:aa:f8:f1:28:5e:19:45:f7:b7:e3:d9:2f:
         bf:2e:d6:0e:e1:20:66:ec:49:9e:ee:85:50:5a:04:0a:e7:d0:
         b2:63:38:85:22:32:ef:a3:d3:75:1c:33:82:42:3f:fd:16:39:
         9a:b7:54:1d:7a:d4:19:1e:09:2c:aa:22:f7:96:f1:51:cb:ac:
         38:cf:92:99:eb:d6:10:67:30:04:4e:12:63:0c:8b:38:28:50:
         bb:a9:da:84:d3:32:9b:85:96:94:c3:cc:34:7f:b1:26:2a:48:
         ed:b9:c2:cf:21:34:67:05:43:d4:b1:70:7f:11:3d:24:13:3e:
         57:ac:eb:e1:cf:4b:b5:e5:12:dd:ee:ca:c6:92:1d:e3:b6:c0:
         6e:fa:0e:fa:ca:d1:62:de:84:42:8d:2f:98:1e:e4:93:8e:c4:
         45:5e:ce:82:d0:f2:c5:b5:28:dc:6a:6b:92:05:5d:18:84:f8:
         a2:d4:61:dc:77:7f:bb:9f:02:6e:64:a5:e9:5b:8b:41:ce:c1:
         fb:1a:5c:c1:bd:4d:75:c9:96:f2:66:f9:a5:9f:00:cf:c0:85:
         4f:4f:d2:f5:90:14:3a:f7:e0:6c:e6:9f:69:ea:b0:54:ae:11:
         8b:12:1a:97:7c:ee:9a:55:bd:70:cf:05:a1:e6:ec:4f:a3:c6:
         9e:65:de:b3
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUId99ITUhBLBUOa08Tp2C+tsD8qEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNzAwMDAwMFoX
DTI0MDcwMTIzNTk1OVowejFJMEcGA1UEBRNAOGZkOTk0NmU1YTRhYzY3M2NhYTc0
YzRjM2RmN2Q1YzZiYThhNDc0ODMxODM1OWE0ZTNkZDUxMjZiNmY3ZGMzZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/tHTqjGLuI0A8G48LSYFDtE33jI
6nymjX46dvCkbDwee970epPexBDEhTZRbD3alBfx1gC/KOS5XjkAQRYziHKRlpm4
tqWD5oKWkZn82dXWoowxJJ10JvMDpp8Xy8X8mQ3iRvhf3TtxR/6Qow3Zqg2PVopD
h69yu3jCuk2SZVOGNBwkatQU0uKvuEi0WPlgdpJuL/oP2XxHM+b0v9Z0HKE9yHMn
g35aV46hSoVvd4rI6cXcWiw1L2Tvg8MB1LbDo2/50xybzLQdaKwprQzy0BB+320T
9WzkZU0qvyGcj0siE7zfjRQaTgyRcsoGQw88q6l+BdbfaXnSouzePT6jxQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJtK2TrAJ9fQXXUlyOcLPAZAue7NMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2U2NWE3YmFlLTM0NTUtNDAxYy05YzhiLTMxYjFkMzFiZTg1NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+0gwDQYJKoZIhvcNAQELBQADggEBAJFBwdYcT6r48SheGUX3
t+PZL78u1g7hIGbsSZ7uhVBaBArn0LJjOIUiMu+j03UcM4JCP/0WOZq3VB161Bke
CSyqIveW8VHLrDjPkpnr1hBnMAROEmMMizgoULup2oTTMpuFlpTDzDR/sSYqSO25
ws8hNGcFQ9SxcH8RPSQTPles6+HPS7XlEt3uysaSHeO2wG76DvrK0WLehEKNL5ge
5JOOxEVezoLQ8sW1KNxqa5IFXRiE+KLUYdx3f7ufAm5kpelbi0HOwfsaXMG9TXXJ
lvJm+aWfAM/AhU9P0vWQFDr34Gzmn2nqsFSuEYsSGpd87ppVvXDPBaHm7E+jxp5l
3rM=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:01:51 2024 by rpki-client on console-fra.rpki-client.org