Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f9bb6778-8bdb-45ac-b6df-27458ed8b836.roa
File:                     f9bb6778-8bdb-45ac-b6df-27458ed8b836.roa (raw, json)
Hash identifier:          q54KWwZoT00IWwb0U4tMgIXs2dJcHkIimJv7pe3tF6c=
Subject key identifier:   E0:91:32:20:76:C9:EF:62:5D:3C:6C:EF:CC:8C:37:D7:A1:F1:65:F2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       36A59129DE59C864C167C8708C60B6130327D85C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f9bb6778-8bdb-45ac-b6df-27458ed8b836.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:a5:91:29:de:59:c8:64:c1:67:c8:70:8c:60:b6:13:03:27:d8:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=2bb3a06e094c134656cb2e0c6a5e34c5ddcf5567d097c9df212929230b059dfd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c5:d5:8d:62:be:44:e9:16:a8:c2:50:64:43:
                    1d:0a:8f:20:42:44:f4:f2:c4:26:4f:00:ba:5d:36:
                    3c:55:dc:2d:ce:8f:f6:8c:56:ca:c2:cc:0d:51:6c:
                    9d:0c:0d:29:3a:56:e7:eb:e5:18:af:c8:fc:2a:d1:
                    40:ee:62:2f:39:ca:bc:1c:55:70:d2:03:10:7f:27:
                    be:03:cb:89:0d:c1:c0:e7:1d:d9:4a:35:ae:37:03:
                    8c:68:be:0b:ca:96:37:87:39:99:c9:5d:20:a5:ad:
                    55:3a:c0:22:2b:9e:1b:42:35:87:85:e1:92:40:0c:
                    56:94:da:1d:a0:d9:a6:d5:13:e1:28:5c:e1:aa:f3:
                    76:61:0a:de:4b:07:8e:b5:9c:19:86:03:f3:8c:93:
                    71:ac:3f:51:0b:0a:e0:a6:f6:b2:e3:6b:09:7d:ba:
                    42:b8:13:e1:33:6a:cd:6e:0d:e8:05:21:b7:9c:c9:
                    09:58:4b:66:6c:28:10:12:cf:76:3e:30:ac:6f:2d:
                    db:97:31:8a:3e:d5:7f:22:18:8d:45:3f:d5:4a:0b:
                    3d:b7:22:04:7f:17:3f:c5:83:71:7b:35:42:a9:cd:
                    68:b0:4b:47:cb:48:c4:1e:54:e2:d9:0c:ba:ed:49:
                    55:d1:6b:55:6c:ac:76:02:4f:1d:be:d8:8e:ae:e5:
                    a5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:91:32:20:76:C9:EF:62:5D:3C:6C:EF:CC:8C:37:D7:A1:F1:65:F2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f9bb6778-8bdb-45ac-b6df-27458ed8b836.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:1d:d1:e2:da:f6:24:40:91:c4:d6:12:1a:bb:6b:44:fe:a7:
         34:8c:03:eb:c7:65:09:a5:6e:8d:c9:38:fc:b7:1b:c7:e7:7f:
         3d:09:13:4a:88:cf:26:3c:6c:52:9a:11:37:9e:dc:84:65:8a:
         9d:4d:b8:28:07:4b:b9:cc:9f:56:2e:b2:a1:16:cc:74:54:16:
         f0:af:dc:bb:45:46:64:58:91:38:e2:d7:aa:18:b5:ca:e1:f2:
         cb:b0:df:ca:6d:45:ac:78:7a:88:11:7e:ac:91:16:8d:69:6b:
         c9:59:b9:3b:36:f2:1a:75:8b:5d:e0:59:91:59:b3:dc:e6:d7:
         f7:16:7a:3e:b3:d3:01:e6:bb:50:2d:3d:2f:60:71:1d:9b:31:
         1e:ab:ca:1e:56:bf:af:6c:5e:9e:2a:d4:af:ea:71:45:9d:b0:
         41:6d:6a:2e:a3:c4:a5:a3:cf:73:83:54:fc:16:4d:e1:aa:75:
         5d:a3:99:c9:42:6d:c0:97:6a:1c:5f:6d:f1:82:92:c4:61:46:
         53:c6:10:40:4b:32:3e:9c:26:89:94:0a:ca:22:dd:a8:c3:6e:
         e9:46:84:73:bc:14:d1:1b:8e:b6:6a:fa:00:6d:b5:5f:e5:8d:
         5f:de:ec:19:18:14:fb:b4:73:b3:20:b8:5d:cd:93:ee:e8:54:
         0d:bc:e9:90
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUNqWRKd5ZyGTBZ8hwjGC2EwMn2FwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAMmJiM2EwNmUwOTRjMTM0NjU2Y2Iy
ZTBjNmE1ZTM0YzVkZGNmNTU2N2QwOTdjOWRmMjEyOTI5MjMwYjA1OWRmZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMXVjWK+ROkWqMJQZEMdCo8gQkT0
8sQmTwC6XTY8Vdwtzo/2jFbKwswNUWydDA0pOlbn6+UYr8j8KtFA7mIvOcq8HFVw
0gMQfye+A8uJDcHA5x3ZSjWuNwOMaL4LypY3hzmZyV0gpa1VOsAiK54bQjWHheGS
QAxWlNodoNmm1RPhKFzhqvN2YQreSweOtZwZhgPzjJNxrD9RCwrgpvay42sJfbpC
uBPhM2rNbg3oBSG3nMkJWEtmbCgQEs92PjCsby3blzGKPtV/IhiNRT/VSgs9tyIE
fxc/xYNxezVCqc1osEtHy0jEHlTi2Qy67UlV0WtVbKx2Ak8dvtiOruWlEQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOCRMiB2ye9iXTxs78yMN9eh8WXyMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y5YmI2Nzc4LThiZGItNDVhYy1iNmRmLTI3NDU4ZWQ4YjgzNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYJAwDQYJKoZIhvcNAQELBQADggEBACQd0eLa9iRAkcTWEhq7
a0T+pzSMA+vHZQmlbo3JOPy3G8fnfz0JE0qIzyY8bFKaETee3IRlip1NuCgHS7nM
n1YusqEWzHRUFvCv3LtFRmRYkTji16oYtcrh8suw38ptRax4eogRfqyRFo1pa8lZ
uTs28hp1i13gWZFZs9zm1/cWej6z0wHmu1AtPS9gcR2bMR6ryh5Wv69sXp4q1K/q
cUWdsEFtai6jxKWjz3ODVPwWTeGqdV2jmclCbcCXahxfbfGCksRhRlPGEEBLMj6c
JomUCsoi3ajDbulGhHO8FNEbjrZq+gBttV/ljV/e7BkYFPu0c7MguF3Nk+7oVA28
6ZA=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:57 2024 by rpki-client on console-fra.rpki-client.org