Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/feddcef0-1c49-4db6-b667-d3a813db2a74.roa
File:                     feddcef0-1c49-4db6-b667-d3a813db2a74.roa (raw, json)
Hash identifier:          AN0dF/PhvX7ZyQX/WC0IhctZTvfxH7gml5XelDOzwKU=
Subject key identifier:   BC:1F:5F:6C:F7:6A:63:D4:9E:AE:21:E9:5A:44:41:51:3F:DF:BD:B0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       40AC3AC69EDD149C1A5661356B4C149D98C431F6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/feddcef0-1c49-4db6-b667-d3a813db2a74.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da68:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:ac:3a:c6:9e:dd:14:9c:1a:56:61:35:6b:4c:14:9d:98:c4:31:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=ce19ab12be98779dd2b0549d06dbc0086068a6a12cfc7a4cbe5678b0a76515f9, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:12:6c:ae:d9:84:1f:fd:43:0d:f9:30:ce:5a:
                    be:5c:ac:76:0c:b3:ba:d4:7e:74:4b:5c:73:f7:ec:
                    43:c0:19:a2:c2:fe:74:16:5e:c6:c5:89:01:5e:31:
                    fe:5e:2a:0e:cf:81:17:46:64:6b:40:58:4d:a3:57:
                    e2:f4:d7:99:ea:26:98:6e:1a:db:dc:06:e7:a7:56:
                    d0:e0:c1:f4:54:89:20:b4:d9:21:f2:49:dc:dc:62:
                    6c:3b:04:b1:25:20:87:30:b9:91:7f:88:45:0e:ef:
                    e6:0e:12:f4:dc:16:a2:85:3c:b2:6d:bf:87:84:d8:
                    58:bf:54:f7:19:a3:d9:a5:84:ed:b8:7a:53:8e:78:
                    c7:1e:01:88:eb:e2:c9:c6:91:ac:61:b0:e1:44:0a:
                    49:08:2b:39:d6:99:f2:d6:bb:f8:b6:29:b0:b1:0a:
                    ce:48:c1:e4:2c:3f:e3:98:ac:ba:fa:40:f0:5e:6b:
                    e5:2f:ff:e6:29:f4:08:28:dd:36:75:0b:e3:53:30:
                    4d:2f:db:71:fd:f2:91:db:96:85:2a:c2:27:2a:69:
                    0a:12:74:10:fe:25:fa:90:0b:e0:a5:b2:0d:89:a1:
                    13:9b:39:69:6e:89:03:39:4d:a3:2b:4b:3a:d6:95:
                    fe:93:88:eb:e8:f8:86:be:a2:93:55:41:6e:d8:5e:
                    e5:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:1F:5F:6C:F7:6A:63:D4:9E:AE:21:E9:5A:44:41:51:3F:DF:BD:B0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/feddcef0-1c49-4db6-b667-d3a813db2a74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da68:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1d:6d:e7:09:88:20:e7:43:93:bd:ed:86:62:37:a5:f4:d6:c7:
         96:04:4a:aa:93:2d:a7:fb:22:c1:7f:57:2e:0d:ef:12:50:57:
         86:3f:eb:e7:85:27:fe:9b:e9:6b:40:95:da:5d:68:5a:66:d2:
         87:a6:e7:18:e9:40:05:dc:4c:ae:3a:c5:f5:dd:da:08:2f:66:
         55:f4:97:36:19:ac:b8:24:c1:88:4c:2c:c7:11:de:71:68:ad:
         29:3b:6b:e2:d1:ea:18:3e:aa:a7:26:f7:02:54:f2:f9:01:95:
         a4:a9:06:13:8a:ab:ea:4f:f6:52:78:91:cb:0a:3d:80:dd:5f:
         0e:63:7e:e4:0a:87:9f:4c:ac:0a:22:55:7a:68:af:af:a0:d3:
         bf:95:61:89:3b:12:b5:11:4a:2d:55:7e:cf:64:af:d1:a8:35:
         64:38:f9:42:45:78:c0:2a:87:05:73:b7:86:ea:a7:d6:4c:72:
         44:89:f1:ee:de:fe:70:09:ba:7d:a1:a9:ae:25:00:3a:0e:54:
         4d:92:e4:bf:d9:6d:df:61:b9:54:67:35:95:91:e6:cd:a5:d4:
         31:e4:d5:f9:1a:65:2b:85:8f:d4:d4:bb:85:07:85:94:bf:dd:
         63:ce:18:78:fb:fb:d5:be:9c:a2:94:e2:8e:97:af:33:95:8c:
         63:e7:ba:54
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQKw6xp7dFJwaVmE1a0wUnZjEMfYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAY2UxOWFiMTJiZTk4Nzc5ZGQyYjA1
NDlkMDZkYmMwMDg2MDY4YTZhMTJjZmM3YTRjYmU1Njc4YjBhNzY1MTVmOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBJsrtmEH/1DDfkwzlq+XKx2DLO6
1H50S1xz9+xDwBmiwv50Fl7GxYkBXjH+XioOz4EXRmRrQFhNo1fi9NeZ6iaYbhrb
3Abnp1bQ4MH0VIkgtNkh8knc3GJsOwSxJSCHMLmRf4hFDu/mDhL03BaihTyybb+H
hNhYv1T3GaPZpYTtuHpTjnjHHgGI6+LJxpGsYbDhRApJCCs51pny1rv4timwsQrO
SMHkLD/jmKy6+kDwXmvlL//mKfQIKN02dQvjUzBNL9tx/fKR25aFKsInKmkKEnQQ
/iX6kAvgpbINiaETmzlpbokDOU2jK0s61pX+k4jr6PiGvqKTVUFu2F7l7QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLwfX2z3amPUnq4h6VpEQVE/372wMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZlZGRjZWYwLTFjNDktNGRiNi1iNjY3LWQzYTgxM2RiMmE3NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaBAwDQYJKoZIhvcNAQELBQADggEBAB1t5wmIIOdDk73thmI3
pfTWx5YESqqTLaf7IsF/Vy4N7xJQV4Y/6+eFJ/6b6WtAldpdaFpm0oem5xjpQAXc
TK46xfXd2ggvZlX0lzYZrLgkwYhMLMcR3nForSk7a+LR6hg+qqcm9wJU8vkBlaSp
BhOKq+pP9lJ4kcsKPYDdXw5jfuQKh59MrAoiVXpor6+g07+VYYk7ErURSi1Vfs9k
r9GoNWQ4+UJFeMAqhwVzt4bqp9ZMckSJ8e7e/nAJun2hqa4lADoOVE2S5L/Zbd9h
uVRnNZWR5s2l1DHk1fkaZSuFj9TUu4UHhZS/3WPOGHj7+9W+nKKU4o6XrzOVjGPn
ulQ=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:46 2023 by rpki-client on console-fra.rpki-client.org