Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa
File:                     eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa (raw, json)
Hash identifier:          p7pMyHGXP7IsBcKcMscpamq5nTdn/CeeXxKxmbgioZ8=
Subject key identifier:   15:E5:46:63:18:20:8C:48:DC:23:D9:BD:C0:9A:34:97:04:FF:FE:D7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6BFA27E31511FBE31F58D234111B5138609409D1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf1:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:fa:27:e3:15:11:fb:e3:1f:58:d2:34:11:1b:51:38:60:94:09:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=0167d700d7e4f7d172f1cdc2932361a77fb87b8b17d2537c258bd081c5b3c983, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:30:d4:e0:29:65:95:5a:73:4a:b6:93:18:20:
                    40:0c:da:b2:cc:f7:ae:59:53:a0:61:f4:af:95:73:
                    8a:53:86:0a:79:a2:24:d7:e5:b8:c4:b8:9b:53:6d:
                    c5:9e:bc:a2:f9:d3:a9:1c:95:34:c8:0e:2e:5f:f0:
                    77:27:a0:61:6d:da:ff:26:d1:0d:f9:21:09:49:27:
                    bb:91:fd:66:d7:73:76:d7:3c:0e:ba:76:06:48:e5:
                    40:81:6f:aa:90:46:2d:7c:4a:b8:83:6b:97:45:86:
                    f5:08:5d:a7:d4:04:86:b1:31:d6:06:75:c4:f7:8b:
                    5f:76:dd:d2:60:ce:85:a0:2b:9f:bb:8b:10:ad:ee:
                    a1:09:69:6e:da:0a:ce:7a:f5:fa:e4:01:42:61:51:
                    b9:bd:a8:92:c2:5d:37:5d:17:61:06:d5:1a:60:34:
                    b1:63:ef:cb:21:c6:20:2e:71:52:fe:24:13:03:9d:
                    8a:e7:5c:1d:54:20:4a:a0:84:4d:be:f3:43:8e:a5:
                    c1:2f:f2:31:8c:96:3f:de:2e:35:79:66:a8:b8:ff:
                    00:1c:57:ac:89:44:f8:ae:ef:79:f3:d2:f5:7d:60:
                    b2:00:84:a2:d7:4c:2d:79:4a:53:77:df:3c:5e:b5:
                    ad:5a:4a:30:1c:f0:23:47:32:35:ae:76:11:42:ac:
                    82:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:E5:46:63:18:20:8C:48:DC:23:D9:BD:C0:9A:34:97:04:FF:FE:D7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/eb147b0a-93ac-4ab7-8c40-1df2c88725a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf1:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:95:1c:d8:f7:dd:56:91:5c:24:49:cc:a6:d4:45:6d:ac:81:
         e2:14:47:77:3e:2a:8c:7c:9f:5b:36:e6:15:84:ed:ef:e6:71:
         76:b1:06:d5:c3:6f:67:da:f0:26:57:d9:68:a5:b8:b3:c8:a1:
         f4:81:b0:42:b0:46:b2:c5:f1:a9:b6:0f:09:c2:ac:95:42:e1:
         76:da:ba:9d:f9:dc:39:52:85:04:a8:ee:67:d9:0d:3b:75:c1:
         ed:bc:5c:0e:f0:59:1f:0f:5d:ea:41:b6:11:0b:fa:5c:31:00:
         7e:a7:09:7b:1c:9a:35:11:ad:a1:1f:9e:7a:65:fb:e3:15:4d:
         dc:e1:4d:22:28:05:89:28:40:ab:50:ae:06:87:e5:4c:2e:3e:
         f4:b1:8b:60:fb:67:07:23:bf:35:d8:87:18:3e:41:89:2a:c0:
         7d:20:c8:31:0e:8a:1f:06:b6:74:13:1c:a6:7a:47:bd:f9:c7:
         cf:05:1e:f8:75:99:f8:d3:ae:6e:98:7f:93:11:b3:15:ac:5a:
         73:61:e4:c1:b8:ab:67:25:41:a9:b5:86:41:83:1a:f6:ae:c3:
         70:d0:bc:10:30:bb:a4:e3:98:f2:f1:ee:de:9a:f3:e4:c8:21:
         ee:1e:42:92:2d:7d:d0:26:1c:3d:6d:28:20:c7:f4:2a:bd:eb:
         81:76:b6:f2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUa/on4xUR++MfWNI0ERtROGCUCdEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAMDE2N2Q3MDBkN2U0ZjdkMTcyZjFj
ZGMyOTMyMzYxYTc3ZmI4N2I4YjE3ZDI1MzdjMjU4YmQwODFjNWIzYzk4MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjDU4ClllVpzSraTGCBADNqyzPeu
WVOgYfSvlXOKU4YKeaIk1+W4xLibU23Fnryi+dOpHJU0yA4uX/B3J6Bhbdr/JtEN
+SEJSSe7kf1m13N21zwOunYGSOVAgW+qkEYtfEq4g2uXRYb1CF2n1ASGsTHWBnXE
94tfdt3SYM6FoCufu4sQre6hCWlu2grOevX65AFCYVG5vaiSwl03XRdhBtUaYDSx
Y+/LIcYgLnFS/iQTA52K51wdVCBKoIRNvvNDjqXBL/IxjJY/3i41eWaouP8AHFes
iUT4ru9589L1fWCyAISi10wteUpTd988XrWtWkowHPAjRzI1rnYRQqyCZQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBXlRmMYIIxI3CPZvcCaNJcE//7XMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ViMTQ3YjBhLTkzYWMtNGFiNy04YzQwLTFkZjJjODg3MjVhNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8UAwDQYJKoZIhvcNAQELBQADggEBACyVHNj33VaRXCRJzKbU
RW2sgeIUR3c+Kox8n1s25hWE7e/mcXaxBtXDb2fa8CZX2WiluLPIofSBsEKwRrLF
8am2DwnCrJVC4Xbaup353DlShQSo7mfZDTt1we28XA7wWR8PXepBthEL+lwxAH6n
CXscmjURraEfnnpl++MVTdzhTSIoBYkoQKtQrgaH5UwuPvSxi2D7ZwcjvzXYhxg+
QYkqwH0gyDEOih8GtnQTHKZ6R735x88FHvh1mfjTrm6Yf5MRsxWsWnNh5MG4q2cl
Qam1hkGDGvauw3DQvBAwu6TjmPLx7t6a8+TIIe4eQpItfdAmHD1tKCDH9Cq964F2
tvI=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org