Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f0035674-15ff-434e-b4d2-44fc6010a1aa.roa
File:                     f0035674-15ff-434e-b4d2-44fc6010a1aa.roa (raw, json)
Hash identifier:          H0LZVStGsNhSxAAWis4AZfz6VRn78T2fTAgTiJyNrU4=
Subject key identifier:   63:43:F6:3C:89:7D:0B:37:C6:4D:8C:5D:47:15:BD:FD:40:A4:04:5E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       57A5DBE17F17CB698DEA8EDFED1FF4A4456F38BF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f0035674-15ff-434e-b4d2-44fc6010a1aa.roa
Signing time:             Tue 12 Mar 2024 00:00:00 +0000
ROA not before:           Tue 12 Mar 2024 00:00:00 +0000
ROA not after:            Tue 16 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:e000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a5:db:e1:7f:17:cb:69:8d:ea:8e:df:ed:1f:f4:a4:45:6f:38:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Apr 16 23:59:59 2024 GMT
        Subject: serialNumber=26ab7cdb2f624636fe730120dd197bb29fe5b7964d2e29dab16515d6d331a5e8, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:70:93:b7:31:17:7f:fa:01:20:87:e7:0a:8b:
                    ab:da:d7:2e:84:ce:58:a0:2f:1f:26:75:f4:88:51:
                    5d:df:6b:07:8f:55:2b:d3:06:ed:b1:85:73:35:d3:
                    3c:c6:ca:c1:1b:dc:37:08:6f:e5:53:14:cc:30:b5:
                    b6:df:5a:7c:3b:c9:85:e3:95:06:b9:a7:c7:8d:36:
                    ef:d8:52:e1:1f:2f:4b:cc:97:8a:6a:70:3a:62:78:
                    c6:6c:0b:c7:0a:0f:39:68:59:cd:42:3a:d8:a0:62:
                    0b:ab:69:60:59:21:89:07:64:53:78:26:c8:20:ba:
                    de:f6:bd:e5:1c:2a:32:68:83:c2:80:2e:40:06:ad:
                    93:d4:43:96:84:95:e3:85:8a:c4:64:6f:53:7a:42:
                    ea:0c:2c:8a:67:e1:50:7c:e3:4f:a1:6b:df:ca:f0:
                    3a:f9:f1:4c:58:39:c7:00:38:fa:f5:58:49:a5:4f:
                    c7:eb:5e:23:d2:85:86:3a:10:00:e3:dc:03:3d:bf:
                    f4:95:76:32:0e:21:c9:b2:32:d9:52:cc:08:e1:46:
                    f7:e7:20:0b:67:89:19:79:b1:d6:95:12:29:a1:61:
                    01:0c:f8:16:e7:88:96:b7:86:b3:03:9e:2a:ef:16:
                    4c:11:64:f8:e8:66:29:1e:d8:51:f3:32:bc:a0:32:
                    be:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:43:F6:3C:89:7D:0B:37:C6:4D:8C:5D:47:15:BD:FD:40:A4:04:5E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f0035674-15ff-434e-b4d2-44fc6010a1aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         62:36:64:c6:a6:e7:07:cb:6a:95:2d:27:f4:61:26:dc:a5:ae:
         4d:63:6e:14:02:9d:70:db:2b:62:17:13:04:7d:c0:90:53:7c:
         3f:f5:27:c1:7b:6b:89:99:58:83:52:a8:d8:66:0b:73:c7:b0:
         a9:94:81:c1:e0:74:bd:f6:7b:0b:c7:9a:44:a5:e7:66:d0:2c:
         90:a4:dd:7c:59:6c:70:f3:75:72:88:4c:b2:0f:d7:0b:01:0a:
         e6:71:b4:f6:03:37:e7:5e:34:0e:62:64:48:ad:bb:7e:34:5f:
         93:90:5e:7b:25:55:41:5c:bf:e5:0c:7b:a3:81:d0:23:51:75:
         6b:c1:e6:5e:bf:43:ac:b2:e6:d4:20:02:6c:0c:25:66:6c:95:
         54:51:c6:1f:a3:28:d1:3f:3f:6d:58:51:b7:63:b1:10:70:07:
         ce:44:d4:e8:68:64:d8:1d:a8:41:65:11:05:02:57:be:4e:2a:
         61:9a:02:e2:e0:91:c2:28:05:9a:62:f1:45:27:56:4e:35:0a:
         0f:75:25:8b:ce:91:38:ae:ae:c3:07:32:52:a2:7d:c2:6f:ee:
         40:46:2e:aa:1f:9f:29:82:5e:bd:24:66:97:83:63:46:18:bf:
         29:53:1b:3f:75:64:5e:75:0b:a1:81:52:b6:43:23:dc:6b:77:
         1a:77:b2:cf
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUV6Xb4X8Xy2mN6o7f7R/0pEVvOL8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDMxMjAwMDAwMFoX
DTI0MDQxNjIzNTk1OVowejFJMEcGA1UEBRNAMjZhYjdjZGIyZjYyNDYzNmZlNzMw
MTIwZGQxOTdiYjI5ZmU1Yjc5NjRkMmUyOWRhYjE2NTE1ZDZkMzMxYTVlODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHCTtzEXf/oBIIfnCour2tcuhM5Y
oC8fJnX0iFFd32sHj1Ur0wbtsYVzNdM8xsrBG9w3CG/lUxTMMLW231p8O8mF45UG
uafHjTbv2FLhHy9LzJeKanA6YnjGbAvHCg85aFnNQjrYoGILq2lgWSGJB2RTeCbI
ILre9r3lHCoyaIPCgC5ABq2T1EOWhJXjhYrEZG9TekLqDCyKZ+FQfONPoWvfyvA6
+fFMWDnHADj69VhJpU/H614j0oWGOhAA49wDPb/0lXYyDiHJsjLZUswI4Ub35yAL
Z4kZebHWlRIpoWEBDPgW54iWt4azA54q7xZMEWT46GYpHthR8zK8oDK+GwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGND9jyJfQs3xk2MXUcVvf1ApAReMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2YwMDM1Njc0LTE1ZmYtNDM0ZS1iNGQyLTQ0ZmM2MDEwYTFhYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaOAwDQYJKoZIhvcNAQELBQADggEBAGI2ZMam5wfLapUtJ/Rh
Jtylrk1jbhQCnXDbK2IXEwR9wJBTfD/1J8F7a4mZWINSqNhmC3PHsKmUgcHgdL32
ewvHmkSl52bQLJCk3XxZbHDzdXKITLIP1wsBCuZxtPYDN+deNA5iZEitu340X5OQ
XnslVUFcv+UMe6OB0CNRdWvB5l6/Q6yy5tQgAmwMJWZslVRRxh+jKNE/P21YUbdj
sRBwB85E1OhoZNgdqEFlEQUCV75OKmGaAuLgkcIoBZpi8UUnVk41Cg91JYvOkTiu
rsMHMlKifcJv7kBGLqofnymCXr0kZpeDY0YYvylTGz91ZF51C6GBUrZDI9xrdxp3
ss8=
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:05:04 2024 by rpki-client on console-ams.rpki-client.org