Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e72651b8-422c-4c74-90a2-0aee8e659796.roa
File:                     e72651b8-422c-4c74-90a2-0aee8e659796.roa (raw, json)
Hash identifier:          U0PnxzD1o8T1DeDG3fIJaDYtlfvmoKojyWAxCvEq6iY=
Subject key identifier:   56:7A:31:C0:11:C0:EF:38:B2:A7:84:7A:32:87:68:A5:F8:F6:90:0A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       37DB5B4B60C8E3947C42D819C178222845487406
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e72651b8-422c-4c74-90a2-0aee8e659796.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf8:6000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Sep 2023 12:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:db:5b:4b:60:c8:e3:94:7c:42:d8:19:c1:78:22:28:45:48:74:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=dd946438ca051e16f8fe1b415529ae9dc1037c2722e824cca3e0a65615f36d0b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c2:38:70:9e:d0:32:4c:64:de:25:90:d5:48:
                    d5:e7:73:cc:71:aa:55:34:18:fd:52:89:33:05:83:
                    b8:c6:30:58:de:70:16:ef:b5:77:97:7a:22:42:1a:
                    d6:8e:cb:b5:53:7a:64:a6:f2:56:70:81:0f:16:87:
                    81:24:d1:b0:cc:f4:6a:16:71:cb:bf:c3:c0:cd:91:
                    40:56:70:4b:2b:08:ee:5e:ea:85:5c:f0:52:7b:7d:
                    3d:c6:51:e0:a9:00:0c:31:c6:04:80:b1:51:cd:3e:
                    8d:e8:f3:8d:fb:97:83:75:9a:91:79:c1:b5:c4:0a:
                    76:d2:1c:71:af:53:7b:cc:3a:c1:42:fa:d2:0b:c7:
                    a7:de:a5:bb:75:ef:21:d7:88:80:ad:18:49:8b:44:
                    40:75:bb:d4:c5:75:97:26:cc:73:3c:77:f4:43:8c:
                    93:e7:39:f4:0f:88:a7:a3:61:93:d1:8b:6a:a5:6c:
                    bd:a0:3c:91:bc:99:44:cb:60:df:93:a5:fa:87:a9:
                    27:61:b9:d9:03:81:ed:05:00:40:fe:4a:b7:bd:74:
                    d4:a3:e1:67:45:21:e3:c9:7b:b4:f1:0d:b4:fe:0c:
                    79:7e:26:f2:29:22:e9:20:9a:6b:9b:3f:99:45:cb:
                    59:57:97:5d:6b:c3:bf:5f:b7:ea:a9:69:16:79:6a:
                    ab:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7A:31:C0:11:C0:EF:38:B2:A7:84:7A:32:87:68:A5:F8:F6:90:0A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e72651b8-422c-4c74-90a2-0aee8e659796.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf8:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5f:db:2f:d4:0e:ee:70:ab:a1:eb:92:82:1b:5c:a3:b7:8c:6c:
         4c:78:79:f9:02:df:50:17:c3:f3:ce:35:f2:6b:18:6d:f5:8e:
         40:3d:aa:f3:8d:ea:12:3d:e0:35:64:38:10:69:52:7a:b0:6e:
         e4:85:68:91:b0:c9:5d:ec:d6:88:69:2f:70:df:97:8a:f2:01:
         b0:f0:e5:82:7a:b2:cb:71:5f:40:78:e1:8c:f4:d4:b7:2f:60:
         70:13:06:ef:14:86:f8:9b:c1:99:62:f5:ab:b8:e0:d1:1d:d1:
         4d:6a:e8:55:f0:85:14:5e:3b:ff:ea:9f:c7:1c:54:16:98:8c:
         70:b7:03:6b:37:fb:20:24:31:c6:c6:3a:82:62:0d:7e:5b:dd:
         88:a8:3b:1b:03:f6:ce:84:fe:a8:f1:82:e2:4b:dd:87:45:a6:
         d9:a9:41:b2:c0:0a:64:cf:32:22:46:ea:87:1d:34:37:2e:78:
         85:63:62:8c:f4:db:fc:71:50:0b:9f:50:8f:c8:ca:b9:c8:54:
         01:ff:51:fc:1e:75:f0:d3:7e:72:c2:e5:58:b2:3c:b6:f4:51:
         43:3d:0f:b4:85:39:54:2a:e1:bc:c8:4d:a6:67:7c:a5:7a:14:
         8c:04:34:ff:1f:c6:28:d4:d3:36:26:e0:98:6b:68:f7:b1:f0:
         06:2a:30:d8
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUN9tbS2DI45R8QtgZwXgiKEVIdAYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkyMjAwMDAwMFoX
DTIzMTAyNzIzNTk1OVowejFJMEcGA1UEBRNAZGQ5NDY0MzhjYTA1MWUxNmY4ZmUx
YjQxNTUyOWFlOWRjMTAzN2MyNzIyZTgyNGNjYTNlMGE2NTYxNWYzNmQwYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscI4cJ7QMkxk3iWQ1UjV53PMcapV
NBj9UokzBYO4xjBY3nAW77V3l3oiQhrWjsu1U3pkpvJWcIEPFoeBJNGwzPRqFnHL
v8PAzZFAVnBLKwjuXuqFXPBSe309xlHgqQAMMcYEgLFRzT6N6PON+5eDdZqRecG1
xAp20hxxr1N7zDrBQvrSC8en3qW7de8h14iArRhJi0RAdbvUxXWXJsxzPHf0Q4yT
5zn0D4ino2GT0YtqpWy9oDyRvJlEy2Dfk6X6h6knYbnZA4HtBQBA/kq3vXTUo+Fn
RSHjyXu08Q20/gx5fibyKSLpIJprmz+ZRctZV5dda8O/X7fqqWkWeWqrowIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFZ6McARwO84sqeEejKHaKX49pAKMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2U3MjY1MWI4LTQyMmMtNGM3NC05MGEyLTBhZWU4ZTY1OTc5Ni5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+GAwDQYJKoZIhvcNAQELBQADggEBAF/bL9QO7nCroeuSghtc
o7eMbEx4efkC31AXw/PONfJrGG31jkA9qvON6hI94DVkOBBpUnqwbuSFaJGwyV3s
1ohpL3Dfl4ryAbDw5YJ6sstxX0B44Yz01LcvYHATBu8UhvibwZli9au44NEd0U1q
6FXwhRReO//qn8ccVBaYjHC3A2s3+yAkMcbGOoJiDX5b3YioOxsD9s6E/qjxguJL
3YdFptmpQbLACmTPMiJG6ocdNDcueIVjYoz02/xxUAufUI/IyrnIVAH/UfwedfDT
fnLC5ViyPLb0UUM9D7SFOVQq4bzITaZnfKV6FIwENP8fxijU0zYm4JhraPex8AYq
MNg=
-----END CERTIFICATE-----
Generated at Fri Sep 22 00:30:05 2023 by rpki-client on console-fra.rpki-client.org