Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa
File:                     fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa (raw, json)
Hash identifier:          AHJhKTfwiZNz+2kZg0ZQXNdKBHnZfV7TT2pDden3ko0=
Subject key identifier:   E5:6B:CD:2C:5B:20:87:E7:5D:0F:5F:1B:B6:05:34:51:72:E6:FF:DD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       30874D989B0CD0EE89CF7D8327C150FC48463669
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 25 Jun 2024 00:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:87:4d:98:9b:0c:d0:ee:89:cf:7d:83:27:c1:50:fc:48:46:36:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=815568bf3bc984e7853c63b06fc87eddd20828fbf640b7a33885222ba419e17f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ba:80:ca:9f:27:e4:39:a5:8d:98:45:4c:75:
                    2a:9d:24:6c:97:6a:ad:ae:cc:3c:52:ce:57:34:1f:
                    e9:72:c9:ea:49:63:44:df:a7:c0:62:e7:c5:46:c6:
                    26:ad:83:eb:b1:e0:fb:9b:ed:81:8f:06:ff:6d:f0:
                    3b:a7:34:e5:a4:9d:82:ba:3e:85:89:e2:94:37:eb:
                    95:ab:29:1b:90:09:1a:c1:f6:46:60:26:c1:54:15:
                    09:9d:19:74:3a:a8:8b:f6:2f:ab:68:11:4e:84:29:
                    e5:9a:67:df:d0:19:4c:42:0f:3c:84:cd:9d:74:6e:
                    a6:3a:8a:55:70:05:0a:b5:14:ba:41:49:66:10:3d:
                    08:ff:92:21:eb:54:5f:af:93:8d:74:6a:66:f4:8a:
                    48:2a:13:a8:9e:14:8a:8c:91:9a:49:af:1a:6d:af:
                    ed:8c:dc:4e:72:65:07:04:8f:8b:2f:b4:19:92:3a:
                    d1:4c:95:97:7a:b4:b2:1b:b6:ac:b5:3a:84:bd:d8:
                    bf:e2:78:08:a8:f7:3c:19:fc:6a:7f:7f:0a:54:f1:
                    b6:c3:19:85:2f:a5:aa:fd:6b:f0:bf:5e:07:70:bf:
                    a2:9b:dc:af:6b:9e:17:ef:f5:6a:71:e4:4b:06:05:
                    f5:c3:74:17:51:70:0b:71:4b:e5:60:03:b3:e2:da:
                    b4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:6B:CD:2C:5B:20:87:E7:5D:0F:5F:1B:B6:05:34:51:72:E6:FF:DD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:28:94:bf:52:af:5b:fc:5e:51:f3:58:4a:51:e5:a1:59:5a:
         72:a7:de:1f:59:20:14:4a:d8:24:33:4b:a1:da:c8:89:35:26:
         b3:d8:72:90:a5:91:20:25:eb:d9:03:b0:e0:bf:84:0e:6e:b6:
         26:f2:1a:e7:09:5e:99:34:12:1d:6b:8a:6f:9e:b8:55:5b:ab:
         37:e4:5f:da:19:e7:c8:33:5e:88:ca:cf:be:da:38:21:ee:11:
         50:34:91:5d:cf:80:d6:00:cb:d7:df:a3:74:07:dc:bb:d7:c1:
         e0:b0:ba:c1:f0:4a:ac:ae:5e:be:f8:2c:94:25:9c:f7:26:eb:
         17:c6:e3:47:a5:a1:d0:b7:09:84:a5:1d:a4:c8:91:d9:cc:8d:
         9f:15:47:06:28:8b:88:66:84:de:3b:61:8e:d1:7a:54:10:6d:
         0a:cf:24:61:73:ee:6d:c1:57:e7:00:04:15:83:c4:b0:63:1d:
         94:3b:6a:ba:91:bd:a7:05:d6:58:bd:b5:f4:57:39:cb:04:ec:
         33:35:e7:eb:9f:ff:1e:ad:e3:19:cc:0d:f8:d4:28:d3:5b:b6:
         a5:8f:6c:51:36:79:27:22:c6:d4:98:94:42:c6:a5:63:5c:a3:
         a0:67:7e:32:3e:6c:5d:0e:f0:b3:cc:93:34:f3:fe:4d:3b:6a:
         c5:c7:ec:64
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMIdNmJsM0O6Jz32DJ8FQ/EhGNmkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAODE1NTY4YmYzYmM5ODRlNzg1M2M2
M2IwNmZjODdlZGRkMjA4MjhmYmY2NDBiN2EzMzg4NTIyMmJhNDE5ZTE3ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbqAyp8n5DmljZhFTHUqnSRsl2qt
rsw8Us5XNB/pcsnqSWNE36fAYufFRsYmrYPrseD7m+2Bjwb/bfA7pzTlpJ2Cuj6F
ieKUN+uVqykbkAkawfZGYCbBVBUJnRl0OqiL9i+raBFOhCnlmmff0BlMQg88hM2d
dG6mOopVcAUKtRS6QUlmED0I/5Ih61Rfr5ONdGpm9IpIKhOonhSKjJGaSa8aba/t
jNxOcmUHBI+LL7QZkjrRTJWXerSyG7astTqEvdi/4ngIqPc8Gfxqf38KVPG2wxmF
L6Wq/Wvwv14HcL+im9yva54X7/VqceRLBgX1w3QXUXALcUvlYAOz4tq0NQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOVrzSxbIIfnXQ9fG7YFNFFy5v/dMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZjNjUzOTU3LTRmNjItNGFmYS05M2E1LWZkY2EwYTk3ZWM3YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/CAwDQYJKoZIhvcNAQELBQADggEBABkolL9Sr1v8XlHzWEpR
5aFZWnKn3h9ZIBRK2CQzS6HayIk1JrPYcpClkSAl69kDsOC/hA5utibyGucJXpk0
Eh1rim+euFVbqzfkX9oZ58gzXojKz77aOCHuEVA0kV3PgNYAy9ffo3QH3LvXweCw
usHwSqyuXr74LJQlnPcm6xfG40elodC3CYSlHaTIkdnMjZ8VRwYoi4hmhN47YY7R
elQQbQrPJGFz7m3BV+cABBWDxLBjHZQ7arqRvacF1li9tfRXOcsE7DM15+uf/x6t
4xnMDfjUKNNbtqWPbFE2eScixtSYlELGpWNco6BnfjI+bF0O8LPMkzTz/k07asXH
7GQ=
-----END CERTIFICATE-----
Generated at Fri Jun 21 01:18:46 2024 by rpki-client on console-fra.rpki-client.org