Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa
File:                     eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa (raw, json)
Hash identifier:          d4VPa+dHgeuQLRcYoAvKGVlG0E1x1a/De40zyAmHtOI=
Subject key identifier:   0B:52:20:CA:C4:AD:5A:83:44:0A:E6:ED:91:DE:12:7C:69:B8:5B:87
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7D5866E3FE1BCB69C60CD944DE8DB93F2EF3DBFF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:58:66:e3:fe:1b:cb:69:c6:0c:d9:44:de:8d:b9:3f:2e:f3:db:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=d2d604534c5223ccc54b6a3f3a9931e25e0c4802dbbb8ed28d67f806bea116b8, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b2:4e:9a:ae:3b:f8:c3:8a:2a:e8:2d:04:a1:
                    fa:d1:b4:74:90:ba:2e:09:2f:a9:8c:de:ed:03:3f:
                    b7:63:d9:f4:04:61:79:3a:ed:ef:51:f6:aa:10:50:
                    17:4f:aa:a0:9a:7b:40:fa:1e:93:38:4d:f3:d3:60:
                    24:51:86:2e:84:7c:b1:4e:82:6a:d9:42:0f:de:68:
                    a1:dd:88:a8:7d:c5:68:3d:4d:19:08:0e:f2:0d:c3:
                    75:c1:61:ae:0c:74:b9:61:c8:16:cf:2b:a6:2a:9c:
                    00:46:f9:62:df:5f:c8:5d:b0:d3:ff:d8:82:09:18:
                    53:90:92:b4:f3:21:90:e7:5a:05:c6:ee:d5:5e:d7:
                    c9:f6:1f:90:b8:7d:e3:fe:41:df:1c:4e:ec:81:1d:
                    56:7b:99:4a:ef:af:28:e5:a5:76:30:21:08:31:23:
                    6c:2b:ce:d8:90:b7:25:2f:14:d9:2d:b3:c8:f1:c3:
                    81:95:ea:16:6b:ac:60:35:93:d0:a0:ce:a0:27:fc:
                    79:58:ad:36:be:b6:03:67:90:8c:87:8e:87:b5:b8:
                    15:31:e1:08:27:7e:20:04:e6:57:b6:4b:2f:39:15:
                    53:27:ee:ae:b9:a3:c9:53:dd:29:c9:fe:af:47:53:
                    b0:6c:02:e0:e9:89:59:5f:01:50:9b:db:28:c8:fb:
                    f8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:52:20:CA:C4:AD:5A:83:44:0A:E6:ED:91:DE:12:7C:69:B8:5B:87
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c1:af:a7:1d:39:59:7b:c9:e2:2b:1a:5a:f1:15:80:9f:91:96:
         1e:42:f8:ac:93:f6:3d:8a:3c:50:55:e3:4c:7c:0d:1b:1f:29:
         3d:12:45:70:81:7a:37:15:da:43:5b:b6:9b:42:d5:02:21:92:
         6e:fb:89:62:e4:a6:a2:d1:4a:79:32:a4:1b:0f:e7:3a:66:5b:
         21:b8:93:3b:83:d3:8e:26:9c:00:71:c6:5f:e8:c3:c0:9b:33:
         d3:44:2b:fd:fc:79:60:03:f5:d9:3a:b9:5b:68:9c:33:18:cf:
         8d:9c:c5:b6:17:60:bb:b0:4b:c8:e8:7e:49:63:59:38:4f:9e:
         51:84:3f:0a:28:7a:0d:b6:93:c6:73:e0:c8:1c:cb:af:a2:cf:
         a5:15:2a:1e:c4:ce:6a:cf:44:05:0e:04:36:bf:68:69:9f:3e:
         86:94:6d:61:b4:cf:20:19:28:1b:1f:2a:4a:10:4e:69:ba:f5:
         d4:1b:17:d4:f0:9c:85:8d:66:95:c4:e1:20:cf:53:d4:1a:e0:
         f8:38:4b:bf:2c:95:09:18:29:64:17:e0:69:3b:67:b6:d8:0d:
         02:a8:55:5d:06:18:a1:6e:f6:5b:35:7b:95:3e:f0:0b:ca:30:
         d2:2e:c0:f1:3d:2c:bc:f4:ab:00:53:fa:f6:66:7f:ef:5f:92:
         a4:da:78:52
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUfVhm4/4by2nGDNlE3o25Py7z2/8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAZDJkNjA0NTM0YzUyMjNjY2M1NGI2
YTNmM2E5OTMxZTI1ZTBjNDgwMmRiYmI4ZWQyOGQ2N2Y4MDZiZWExMTZiODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbJOmq47+MOKKugtBKH60bR0kLou
CS+pjN7tAz+3Y9n0BGF5Ou3vUfaqEFAXT6qgmntA+h6TOE3z02AkUYYuhHyxToJq
2UIP3mih3YiofcVoPU0ZCA7yDcN1wWGuDHS5YcgWzyumKpwARvli31/IXbDT/9iC
CRhTkJK08yGQ51oFxu7VXtfJ9h+QuH3j/kHfHE7sgR1We5lK768o5aV2MCEIMSNs
K87YkLclLxTZLbPI8cOBleoWa6xgNZPQoM6gJ/x5WK02vrYDZ5CMh46HtbgVMeEI
J34gBOZXtksvORVTJ+6uuaPJU90pyf6vR1OwbALg6YlZXwFQm9soyPv4+QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAtSIMrErVqDRArm7ZHeEnxpuFuHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ViMTQ3YjBhLTkzYWMtNGFiNy04YzQwLTFkZjJjODg3MjVhNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8UAwDQYJKoZIhvcNAQELBQADggEBAMGvpx05WXvJ4isaWvEV
gJ+Rlh5C+KyT9j2KPFBV40x8DRsfKT0SRXCBejcV2kNbtptC1QIhkm77iWLkpqLR
SnkypBsP5zpmWyG4kzuD044mnABxxl/ow8CbM9NEK/38eWAD9dk6uVtonDMYz42c
xbYXYLuwS8jofkljWThPnlGEPwooeg22k8Zz4Mgcy6+iz6UVKh7EzmrPRAUOBDa/
aGmfPoaUbWG0zyAZKBsfKkoQTmm69dQbF9TwnIWNZpXE4SDPU9Qa4Pg4S78slQkY
KWQX4Gk7Z7bYDQKoVV0GGKFu9ls1e5U+8AvKMNIuwPE9LLz0qwBT+vZmf+9fkqTa
eFI=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:57 2024 by rpki-client on console-fra.rpki-client.org