Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/2f35c729-72a9-490b-b37f-984abc13307d.roa
File:                     2f35c729-72a9-490b-b37f-984abc13307d.roa (raw, json)
Hash identifier:          V/aFOF/G9ThMO9gvNFtgnoYYKhhF5x+ux5IwUGQItLg=
Subject key identifier:   5C:C4:8D:0B:1E:04:11:A3:7C:12:F7:57:D4:33:ED:9B:13:B1:83:7C
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       2A3F08FEC4CEEC956CDB1B7768261C9FD2EE8F08
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/2f35c729-72a9-490b-b37f-984abc13307d.roa
Signing time:             Mon 11 Mar 2024 00:00:00 +0000
ROA not before:           Mon 11 Mar 2024 00:00:00 +0000
ROA not after:            Mon 15 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:1010::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:3f:08:fe:c4:ce:ec:95:6c:db:1b:77:68:26:1c:9f:d2:ee:8f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Mar 11 00:00:00 2024 GMT
            Not After : Apr 15 23:59:59 2024 GMT
        Subject: serialNumber=3e8d947a4b7c9b285890ed9dd5b0d02be31e60cfe0142d112cd4caabd4f6ecc8, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e5:87:4c:3b:ef:8b:6f:d7:c6:45:2b:ab:31:
                    79:b6:e8:f2:b1:ea:da:a7:99:00:5d:67:2b:42:da:
                    58:92:2f:42:8d:f1:81:48:48:2e:f4:af:3d:ad:84:
                    79:0d:8b:b6:20:bf:8b:16:0c:e5:f9:53:2f:a6:46:
                    49:b1:3e:ca:0a:20:b2:37:b1:a3:e0:70:e8:44:0a:
                    12:a6:15:80:4f:08:d4:cf:70:f9:58:ba:8b:1c:59:
                    e6:b8:93:13:39:30:61:cd:df:7e:84:a1:86:26:78:
                    ae:a5:88:0d:d6:82:e7:71:20:79:e0:ac:d3:9f:42:
                    75:8c:34:3b:d8:ac:24:c6:ff:0e:c0:26:4a:6c:58:
                    dc:a9:d7:fc:05:c9:da:d8:5c:77:69:0c:21:ac:82:
                    87:a7:b2:84:61:12:c6:1b:b1:19:ec:28:8e:ec:5d:
                    8d:cd:0c:47:09:e3:8a:3c:8b:12:fa:f4:fc:d0:ba:
                    05:41:07:3a:70:ae:cf:f8:16:d2:f7:65:24:68:27:
                    87:3b:2c:85:b6:2a:82:4a:44:71:70:33:42:53:88:
                    bb:63:cc:d4:cb:a7:40:36:c1:14:fb:14:cf:f6:53:
                    60:56:dd:0d:b3:99:f5:3f:9c:6c:b7:ba:f1:2e:3e:
                    8d:38:68:ef:07:04:9c:42:eb:6a:4d:20:7b:bd:45:
                    85:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C4:8D:0B:1E:04:11:A3:7C:12:F7:57:D4:33:ED:9B:13:B1:83:7C
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/2f35c729-72a9-490b-b37f-984abc13307d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:1010::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:4c:9a:99:f9:d2:0b:f9:78:92:ea:21:47:e0:70:c5:40:c4:
         28:91:3c:6f:a0:b8:78:f7:e5:b6:e0:d5:c7:d2:57:bd:11:4a:
         53:26:9c:90:bb:15:01:6c:a3:22:2a:d5:f1:71:a4:1d:15:e8:
         09:3f:55:34:67:d9:09:5b:63:7b:c1:53:a4:13:39:49:47:45:
         98:94:c9:47:28:01:6a:fa:df:53:7d:27:2a:92:6d:73:38:d0:
         f8:ca:8c:71:c8:7a:a0:27:ff:48:a5:f2:c6:9d:79:0e:52:51:
         bc:73:9f:8c:af:b4:73:39:4a:38:c4:2e:3e:ed:b3:ff:a4:d6:
         ef:3b:e1:a1:0c:32:6f:b1:4b:3b:3d:6c:a3:48:a2:fd:cd:83:
         eb:e3:9b:9d:cd:52:7f:e2:e9:4d:e7:a9:df:d9:c2:69:5e:68:
         ff:5a:3f:44:b5:42:1e:f6:1b:e8:71:08:54:e5:5a:22:65:db:
         2a:bf:99:aa:78:b8:ca:96:0c:69:d2:09:99:ac:7d:8e:2b:94:
         66:6a:82:6e:bd:85:be:fb:68:a1:8b:76:4c:c9:a4:bd:51:39:
         bd:9b:4e:f8:54:67:48:cd:6b:8c:f3:0b:be:88:25:13:eb:51:
         07:34:a7:91:06:93:73:f9:c9:c9:9f:ab:f7:66:4e:ee:75:b5:
         8b:b0:97:28
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUKj8I/sTO7JVs2xt3aCYcn9LujwgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI0MDMxMTAwMDAwMFoX
DTI0MDQxNTIzNTk1OVowejFJMEcGA1UEBRNAM2U4ZDk0N2E0YjdjOWIyODU4OTBl
ZDlkZDViMGQwMmJlMzFlNjBjZmUwMTQyZDExMmNkNGNhYWJkNGY2ZWNjODEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+WHTDvvi2/XxkUrqzF5tujysera
p5kAXWcrQtpYki9CjfGBSEgu9K89rYR5DYu2IL+LFgzl+VMvpkZJsT7KCiCyN7Gj
4HDoRAoSphWATwjUz3D5WLqLHFnmuJMTOTBhzd9+hKGGJniupYgN1oLncSB54KzT
n0J1jDQ72Kwkxv8OwCZKbFjcqdf8Bcna2Fx3aQwhrIKHp7KEYRLGG7EZ7CiO7F2N
zQxHCeOKPIsS+vT80LoFQQc6cK7P+BbS92UkaCeHOyyFtiqCSkRxcDNCU4i7Y8zU
y6dANsEU+xTP9lNgVt0Ns5n1P5xst7rxLj6NOGjvBwScQutqTSB7vUWFuQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFFzEjQseBBGjfBL3V9Qz7ZsTsYN8MB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzJmMzVjNzI5LTcyYTktNDkwYi1iMzdmLTk4NGFiYzEzMzA3ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzABAQMA0GCSqGSIb3DQEBCwUAA4IBAQAbTJqZ+dIL+XiS6iFH
4HDFQMQokTxvoLh49+W24NXH0le9EUpTJpyQuxUBbKMiKtXxcaQdFegJP1U0Z9kJ
W2N7wVOkEzlJR0WYlMlHKAFq+t9TfScqkm1zOND4yoxxyHqgJ/9IpfLGnXkOUlG8
c5+Mr7RzOUo4xC4+7bP/pNbvO+GhDDJvsUs7PWyjSKL9zYPr45udzVJ/4ulN56nf
2cJpXmj/Wj9EtUIe9hvocQhU5VoiZdsqv5mqeLjKlgxp0gmZrH2OK5RmaoJuvYW+
+2ihi3ZMyaS9UTm9m074VGdIzWuM8wu+iCUT61EHNKeRBpNz+cnJn6v3Zk7udbWL
sJco
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org