Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ffd89ff2-4de6-4517-88fc-12345cabb969.roa
File:                     ffd89ff2-4de6-4517-88fc-12345cabb969.roa (raw, json)
Hash identifier:          G9GIh0fVAcCcmf12gVCv6pZTo+GV9+DGFNiULCkLcJM=
Subject key identifier:   85:7C:80:ED:B8:A9:51:9A:74:B5:BD:0A:2C:2B:F1:6A:7C:51:5A:50
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       474353A10A81B95ECDA851A02EE03F294565017C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ffd89ff2-4de6-4517-88fc-12345cabb969.roa
Signing time:             Fri 21 Jun 2024 00:00:00 +0000
ROA not before:           Fri 21 Jun 2024 00:00:00 +0000
ROA not after:            Fri 26 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da15::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 25 Jun 2024 00:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:43:53:a1:0a:81:b9:5e:cd:a8:51:a0:2e:e0:3f:29:45:65:01:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 21 00:00:00 2024 GMT
            Not After : Jul 26 23:59:59 2024 GMT
        Subject: serialNumber=eee59665c3b89aed7d0091449709a63312133d8997f13d9b260d0d88137c4362, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5b:bc:e6:83:9f:b8:97:86:c8:06:42:19:df:
                    61:3a:5f:7a:f9:6d:fc:d1:c6:ff:62:7e:25:44:56:
                    27:47:49:ac:d1:b6:6d:58:5a:73:47:b0:1c:69:39:
                    64:aa:e7:4a:38:69:aa:e8:5e:a8:04:5b:0a:dc:3b:
                    ba:5b:44:47:17:15:79:e9:5a:1a:21:33:62:44:03:
                    85:6a:19:47:46:93:bd:4c:ff:4f:2e:06:96:e5:2d:
                    5f:34:ae:09:76:f2:e0:e5:fa:24:66:e8:6b:93:31:
                    76:6f:32:5a:44:28:b6:50:2d:98:88:11:1d:e1:25:
                    1c:d4:b9:2d:73:e2:74:ad:2f:2d:f4:7f:c5:d7:0a:
                    3a:ee:21:0f:0e:eb:da:24:f9:89:64:ba:77:12:ce:
                    6f:39:98:86:fc:99:eb:36:7e:d5:9d:5c:f3:20:e8:
                    7d:17:4d:6f:0d:b9:ba:4a:07:2a:ce:7a:74:1c:fd:
                    2d:07:62:57:eb:c2:e5:f3:1f:89:20:01:f5:d2:74:
                    c5:b8:a7:22:6a:fa:56:6e:9d:f1:a8:af:9f:d8:ae:
                    3f:c1:b3:00:00:8b:54:26:c8:27:51:5b:1a:1c:82:
                    22:98:63:28:67:96:a7:ef:4c:38:e5:ef:b1:c6:5c:
                    d2:12:01:a4:94:8c:04:c1:ec:ed:54:de:85:86:e1:
                    59:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:7C:80:ED:B8:A9:51:9A:74:B5:BD:0A:2C:2B:F1:6A:7C:51:5A:50
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ffd89ff2-4de6-4517-88fc-12345cabb969.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da15::/36

    Signature Algorithm: sha256WithRSAEncryption
         21:f5:53:1b:ae:23:c1:a8:f0:cb:f1:42:18:34:ef:fd:e9:fb:
         ad:aa:63:06:bf:93:63:0a:30:ce:20:c9:fa:46:69:14:1f:e0:
         48:c3:73:19:92:0b:49:39:f3:47:ab:6d:6b:4e:7a:ba:78:18:
         a2:af:23:b2:ec:88:6f:e9:f6:32:68:cc:53:1c:dc:f0:5c:d6:
         eb:7e:7e:05:b1:05:b4:25:b2:2e:09:05:21:ca:e6:9e:33:ff:
         b0:2e:2b:50:0c:ae:0d:34:bd:04:0e:34:d8:7c:3d:f0:39:31:
         08:dd:92:98:be:56:33:6b:1d:60:ba:e7:53:d6:5c:b7:0b:d4:
         4a:f3:19:da:82:ea:d8:8d:fc:2e:67:50:e6:09:f6:d7:85:4f:
         73:69:6e:4d:4a:ea:27:39:14:1d:3d:9b:d1:89:79:df:ee:4a:
         f9:3a:90:80:d8:3d:f0:68:da:24:d0:87:09:98:27:e0:69:4f:
         b1:7a:6e:7d:50:76:6c:67:d0:a2:58:5b:e8:9a:d3:39:1f:b4:
         f4:00:f3:0b:0a:42:53:6e:a3:89:e2:c0:89:1f:72:bc:65:42:
         17:cc:a0:37:02:c8:33:12:f9:94:63:d6:04:65:78:47:a3:d7:
         64:da:8f:dc:5b:98:5f:85:5c:a9:75:b4:07:83:97:b7:0f:58:
         fd:ee:6c:5d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUR0NToQqBuV7NqFGgLuA/KUVlAXwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMTAwMDAwMFoX
DTI0MDcyNjIzNTk1OVowejFJMEcGA1UEBRNAZWVlNTk2NjVjM2I4OWFlZDdkMDA5
MTQ0OTcwOWE2MzMxMjEzM2Q4OTk3ZjEzZDliMjYwZDBkODgxMzdjNDM2MjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlu85oOfuJeGyAZCGd9hOl96+W38
0cb/Yn4lRFYnR0ms0bZtWFpzR7AcaTlkqudKOGmq6F6oBFsK3Du6W0RHFxV56Voa
ITNiRAOFahlHRpO9TP9PLgaW5S1fNK4JdvLg5fokZuhrkzF2bzJaRCi2UC2YiBEd
4SUc1Lktc+J0rS8t9H/F1wo67iEPDuvaJPmJZLp3Es5vOZiG/JnrNn7VnVzzIOh9
F01vDbm6Sgcqznp0HP0tB2JX68Ll8x+JIAH10nTFuKciavpWbp3xqK+f2K4/wbMA
AItUJsgnUVsaHIIimGMoZ5an70w45e+xxlzSEgGklIwEweztVN6FhuFZIwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIV8gO24qVGadLW9Ciwr8Wp8UVpQMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZmZDg5ZmYyLTRkZTYtNDUxNy04OGZjLTEyMzQ1Y2FiYjk2OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaFQAwDQYJKoZIhvcNAQELBQADggEBACH1UxuuI8Go8MvxQhg0
7/3p+62qYwa/k2MKMM4gyfpGaRQf4EjDcxmSC0k580erbWtOerp4GKKvI7LsiG/p
9jJozFMc3PBc1ut+fgWxBbQlsi4JBSHK5p4z/7AuK1AMrg00vQQONNh8PfA5MQjd
kpi+VjNrHWC651PWXLcL1ErzGdqC6tiN/C5nUOYJ9teFT3Npbk1K6ic5FB09m9GJ
ed/uSvk6kIDYPfBo2iTQhwmYJ+BpT7F6bn1Qdmxn0KJYW+ia0zkftPQA8wsKQlNu
o4niwIkfcrxlQhfMoDcCyDMS+ZRj1gRleEej12Taj9xbmF+FXKl1tAeDl7cPWP3u
bF0=
-----END CERTIFICATE-----
Generated at Fri Jun 21 01:45:40 2024 by rpki-client on console-ams.rpki-client.org