Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f872164c-416d-44ed-81ce-172f02efdfbf.roa
File:                     f872164c-416d-44ed-81ce-172f02efdfbf.roa (raw, json)
Hash identifier:          E4M9FjleN08h802VWp2xJpt0cewBPIF9SU9Zgyf1GkU=
Subject key identifier:   AA:4E:67:3C:5E:26:BA:CC:3F:4B:68:C5:56:0A:5D:71:21:C8:D6:6F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       374A3EBF641919B8567D38FDAE6BB1DCF3BB9D9A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f872164c-416d-44ed-81ce-172f02efdfbf.roa
Signing time:             Fri 14 Jun 2024 00:00:00 +0000
ROA not before:           Fri 14 Jun 2024 00:00:00 +0000
ROA not after:            Fri 19 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da26::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:4a:3e:bf:64:19:19:b8:56:7d:38:fd:ae:6b:b1:dc:f3:bb:9d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 14 00:00:00 2024 GMT
            Not After : Jul 19 23:59:59 2024 GMT
        Subject: serialNumber=8e2d768eb544073a15e1b9e3ff0dd0d922f4cd02de659bdcea994bf0dd1a3e6f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d4:36:1e:31:b2:24:a2:1b:a3:33:7a:8b:7b:
                    7d:00:28:35:9a:87:46:52:b8:5e:31:26:e5:b2:19:
                    16:dd:c6:5c:b3:ef:ea:db:5d:56:0c:aa:cb:4e:bb:
                    fa:fa:76:03:07:ff:50:0e:90:ef:c8:5b:61:07:e7:
                    00:12:67:96:10:f7:1e:78:ff:7d:6f:87:1c:3a:a1:
                    4b:fd:06:d0:23:e9:bd:80:e6:f8:82:bf:84:1d:cb:
                    ee:42:a9:42:97:f0:15:df:e3:5c:c7:6f:2f:9b:b0:
                    9c:ec:eb:83:65:a3:50:73:71:e5:4f:ff:1c:62:e7:
                    f4:5a:68:e1:a5:f5:3e:5f:f1:f6:8c:28:35:e7:ea:
                    7b:95:6c:9c:20:1a:a7:06:f9:57:7c:48:e3:c6:92:
                    eb:49:05:91:35:8b:1a:f0:4f:b5:18:c1:d2:1a:cf:
                    6c:57:7a:be:43:cc:a6:66:1f:6a:d8:78:14:6a:46:
                    7c:bb:46:a5:f2:0a:30:e1:22:da:c8:4f:24:4a:8d:
                    42:7a:bf:5b:4c:71:c5:96:38:23:f8:28:be:42:d3:
                    04:00:94:c3:e5:2b:11:60:1e:54:c1:ce:e5:aa:91:
                    e8:fc:5a:ed:7d:d3:70:f1:59:6a:60:74:8e:06:df:
                    b0:5f:73:b4:65:44:b1:cc:68:a1:88:94:d7:a9:3d:
                    0c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4E:67:3C:5E:26:BA:CC:3F:4B:68:C5:56:0A:5D:71:21:C8:D6:6F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f872164c-416d-44ed-81ce-172f02efdfbf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da26::/36

    Signature Algorithm: sha256WithRSAEncryption
         47:14:fa:a1:48:da:85:a3:aa:81:c3:3f:b4:51:74:82:94:e0:
         22:5a:43:35:d0:9d:7d:74:08:fa:f8:90:c4:b2:07:bd:07:42:
         b1:3b:2c:c3:2b:b7:b0:2e:97:25:98:f0:61:13:e7:0d:d3:34:
         c0:3d:1b:48:84:2a:72:98:e3:d5:04:22:df:56:20:a5:54:85:
         a4:dc:78:61:b0:36:28:a2:b5:03:34:0f:a7:d4:44:96:e5:30:
         1c:84:c7:c3:a2:02:51:9f:11:09:e9:b0:de:80:e6:3a:0d:db:
         75:8c:51:55:90:7f:34:5f:4a:c5:83:2e:3b:55:b1:1a:1c:9f:
         14:10:c5:c9:7c:f8:41:05:1d:d2:ed:ab:33:4b:c7:00:98:72:
         ac:58:fa:5c:31:0e:e8:e3:a1:bb:eb:a9:a1:3d:49:12:7b:7a:
         7e:37:21:d2:0a:a3:96:33:85:8f:10:ec:f0:b8:ee:ab:30:cd:
         5a:49:66:18:95:7d:4d:a9:0f:b4:1b:1b:21:97:1d:0b:b7:9b:
         40:62:c7:8c:de:8e:3d:7d:c4:71:fc:fa:94:f5:a8:e9:d2:85:
         15:04:1e:87:a8:58:69:36:ba:b2:27:31:9c:d2:62:2a:03:70:
         db:be:ec:c0:4d:cd:30:3b:db:db:90:c4:fc:a5:cb:1f:c3:8e:
         d0:bd:12:2b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUN0o+v2QZGbhWfTj9rmux3PO7nZowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxNDAwMDAwMFoX
DTI0MDcxOTIzNTk1OVowejFJMEcGA1UEBRNAOGUyZDc2OGViNTQ0MDczYTE1ZTFi
OWUzZmYwZGQwZDkyMmY0Y2QwMmRlNjU5YmRjZWE5OTRiZjBkZDFhM2U2ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltQ2HjGyJKIbozN6i3t9ACg1modG
UrheMSblshkW3cZcs+/q211WDKrLTrv6+nYDB/9QDpDvyFthB+cAEmeWEPceeP99
b4ccOqFL/QbQI+m9gOb4gr+EHcvuQqlCl/AV3+Ncx28vm7Cc7OuDZaNQc3HlT/8c
Yuf0WmjhpfU+X/H2jCg15+p7lWycIBqnBvlXfEjjxpLrSQWRNYsa8E+1GMHSGs9s
V3q+Q8ymZh9q2HgUakZ8u0al8gow4SLayE8kSo1Cer9bTHHFljgj+Ci+QtMEAJTD
5SsRYB5Uwc7lqpHo/FrtfdNw8VlqYHSOBt+wX3O0ZUSxzGihiJTXqT0MsQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKpOZzxeJrrMP0toxVYKXXEhyNZvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y4NzIxNjRjLTQxNmQtNDRlZC04MWNlLTE3MmYwMmVmZGZiZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaJgAwDQYJKoZIhvcNAQELBQADggEBAEcU+qFI2oWjqoHDP7RR
dIKU4CJaQzXQnX10CPr4kMSyB70HQrE7LMMrt7AulyWY8GET5w3TNMA9G0iEKnKY
49UEIt9WIKVUhaTceGGwNiiitQM0D6fURJblMByEx8OiAlGfEQnpsN6A5joN23WM
UVWQfzRfSsWDLjtVsRocnxQQxcl8+EEFHdLtqzNLxwCYcqxY+lwxDujjobvrqaE9
SRJ7en43IdIKo5YzhY8Q7PC47qswzVpJZhiVfU2pD7QbGyGXHQu3m0Bix4zejj19
xHH8+pT1qOnShRUEHoeoWGk2urInMZzSYioDcNu+7MBNzTA729uQxPylyx/DjtC9
Eis=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:57 2024 by rpki-client on console-fra.rpki-client.org