Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fd0ac6ba-e775-4f86-853e-f467879f4e6c.roa
File:                     fd0ac6ba-e775-4f86-853e-f467879f4e6c.roa (raw, json)
Hash identifier:          b3O6umol+GUg54TL61ZT7DpzqQGHEIMsNbNBhdBoRQE=
Subject key identifier:   D6:B6:07:D7:63:EC:F1:1F:60:89:A3:BE:C1:B9:2F:BA:DD:36:19:90
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6041C6378010779050F8249CD35ADD6AB94CDF40
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fd0ac6ba-e775-4f86-853e-f467879f4e6c.roa
Signing time:             Wed 12 Jun 2024 00:00:00 +0000
ROA not before:           Wed 12 Jun 2024 00:00:00 +0000
ROA not after:            Wed 17 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab8:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:41:c6:37:80:10:77:90:50:f8:24:9c:d3:5a:dd:6a:b9:4c:df:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 12 00:00:00 2024 GMT
            Not After : Jul 17 23:59:59 2024 GMT
        Subject: serialNumber=7317925e15ac62048cba8e24d2c0801fdd037c2408b44f76df8b356edca5ce92, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:da:25:e5:45:10:dc:29:c6:48:84:42:6e:43:
                    7d:e4:6d:af:9e:57:1b:ab:81:0d:3e:75:13:a3:c6:
                    ed:8e:66:d0:2a:2c:b9:ef:4f:57:47:bc:9f:50:15:
                    5e:e8:19:f3:ec:c5:d2:51:c7:35:bd:40:29:22:f1:
                    2d:a3:9c:d3:ed:46:3f:e4:57:33:b6:b7:6c:82:82:
                    07:83:c3:3f:eb:88:a8:22:79:07:3d:b3:9c:03:39:
                    b1:ab:86:d8:0d:3a:aa:dc:94:08:50:b7:b2:55:da:
                    05:99:77:2b:20:b4:9e:d0:28:9b:b6:d6:e8:36:0c:
                    33:b1:e8:fa:8f:a1:8e:f9:0a:7a:83:d3:2f:5b:bd:
                    1e:db:38:41:8b:9a:0c:9e:93:eb:5e:8a:fb:0b:32:
                    f6:47:5c:e8:75:9d:71:eb:53:0e:d9:f2:de:95:6c:
                    19:3a:6d:b0:6a:64:88:85:9b:04:10:2a:1c:9a:24:
                    9d:66:df:89:85:6c:49:d3:aa:74:d3:09:3d:68:84:
                    e7:94:50:70:03:56:17:78:72:32:de:77:22:f5:ee:
                    9b:df:61:f1:f1:a4:b3:78:a4:d5:df:64:ae:4e:6d:
                    72:ad:e5:06:3d:dc:44:f4:98:c4:fd:03:c3:51:a1:
                    63:67:eb:f1:42:05:97:d7:98:15:d0:80:b9:32:af:
                    db:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B6:07:D7:63:EC:F1:1F:60:89:A3:BE:C1:B9:2F:BA:DD:36:19:90
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fd0ac6ba-e775-4f86-853e-f467879f4e6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab8:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:5f:c8:01:a2:4a:a1:a4:f2:93:85:ca:70:53:6a:e2:8e:f5:
         34:ae:38:22:90:87:e8:95:b2:b1:67:e6:dd:3c:f0:03:a6:e0:
         31:d3:aa:c7:74:e9:de:93:d1:86:a7:6d:1b:75:3d:b9:8a:31:
         3e:1d:5a:0f:df:10:5b:f8:dd:82:a7:bc:41:6f:58:07:6a:3a:
         cf:c5:1c:50:dc:29:1b:24:9a:7a:91:d5:ba:1e:17:97:83:0c:
         50:7f:3c:db:26:21:86:d4:fc:27:fa:eb:fc:f1:94:a8:fd:f1:
         f6:b3:82:a9:f4:93:eb:e9:9d:c5:cf:3b:ee:d0:ae:0b:8c:90:
         1c:4a:92:50:d4:b3:42:ab:a1:cf:06:c6:25:ac:af:8a:26:2e:
         9c:d7:5d:c5:d8:e6:0f:a8:f7:ff:76:7a:a6:3b:20:b2:a6:3c:
         c8:4b:ec:d6:de:f8:61:34:81:51:46:ce:0d:76:c4:e0:1f:24:
         c4:b6:6a:92:d5:3e:0f:b3:76:3a:cb:c5:54:7d:b5:ca:75:c0:
         ce:f8:c9:8d:63:24:82:bd:c9:82:86:7f:ac:ad:3d:b8:c6:71:
         4a:2b:a0:10:c8:dd:2c:d4:ed:0e:07:48:d6:e4:7d:30:0a:7e:
         ec:40:68:a5:21:10:58:a9:8a:cb:c3:85:34:cc:5f:f9:c9:94:
         34:74:4f:09
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUYEHGN4AQd5BQ+CSc01rdarlM30AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYxMjAwMDAwMFoX
DTI0MDcxNzIzNTk1OVowejFJMEcGA1UEBRNANzMxNzkyNWUxNWFjNjIwNDhjYmE4
ZTI0ZDJjMDgwMWZkZDAzN2MyNDA4YjQ0Zjc2ZGY4YjM1NmVkY2E1Y2U5MjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtol5UUQ3CnGSIRCbkN95G2vnlcb
q4ENPnUTo8btjmbQKiy5709XR7yfUBVe6Bnz7MXSUcc1vUApIvEto5zT7UY/5Fcz
trdsgoIHg8M/64ioInkHPbOcAzmxq4bYDTqq3JQIULeyVdoFmXcrILSe0Cibttbo
Ngwzsej6j6GO+Qp6g9MvW70e2zhBi5oMnpPrXor7CzL2R1zodZ1x61MO2fLelWwZ
Om2wamSIhZsEECocmiSdZt+JhWxJ06p00wk9aITnlFBwA1YXeHIy3nci9e6b32Hx
8aSzeKTV32SuTm1yreUGPdxE9JjE/QPDUaFjZ+vxQgWX15gV0IC5Mq/bWQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNa2B9dj7PEfYImjvsG5L7rdNhmQMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZkMGFjNmJhLWU3NzUtNGY4Ni04NTNlLWY0Njc4NzlmNGU2Yy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauJAwDQYJKoZIhvcNAQELBQADggEBAMJfyAGiSqGk8pOFynBT
auKO9TSuOCKQh+iVsrFn5t088AOm4DHTqsd06d6T0YanbRt1PbmKMT4dWg/fEFv4
3YKnvEFvWAdqOs/FHFDcKRskmnqR1boeF5eDDFB/PNsmIYbU/Cf66/zxlKj98faz
gqn0k+vpncXPO+7QrguMkBxKklDUs0Kroc8GxiWsr4omLpzXXcXY5g+o9/92eqY7
ILKmPMhL7Nbe+GE0gVFGzg12xOAfJMS2apLVPg+zdjrLxVR9tcp1wM74yY1jJIK9
yYKGf6ytPbjGcUoroBDI3SzU7Q4HSNbkfTAKfuxAaKUhEFipisvDhTTMX/nJlDR0
Twk=
-----END CERTIFICATE-----
Generated at Sun Jun 16 00:53:14 2024 by rpki-client on console-fra.rpki-client.org