Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/59860ec1-5f08-4648-8fa9-79f2bbf2ec8d.roa
File:                     59860ec1-5f08-4648-8fa9-79f2bbf2ec8d.roa (raw, json)
Hash identifier:          Cn8zww69rd5rF9RtwQ0wNSuuxjWe7z06drO14zGTiqE=
Subject key identifier:   C9:FA:31:49:59:67:F5:DE:DF:00:1C:1D:0A:9C:B4:24:7C:81:7D:41
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       072C96550FAAE0D435CEEA42E45F6DA91C49C868
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/59860ec1-5f08-4648-8fa9-79f2bbf2ec8d.roa
Signing time:             Mon 11 Mar 2024 00:00:00 +0000
ROA not before:           Mon 11 Mar 2024 00:00:00 +0000
ROA not after:            Mon 15 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:1004::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:2c:96:55:0f:aa:e0:d4:35:ce:ea:42:e4:5f:6d:a9:1c:49:c8:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Mar 11 00:00:00 2024 GMT
            Not After : Apr 15 23:59:59 2024 GMT
        Subject: serialNumber=5e38683c4b0df464524f23588fcfb98603307c6c56a0816b5ccb40d8515e9aea, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1b:ed:a9:64:7b:fb:ee:89:06:42:0b:35:a8:
                    93:73:d5:e4:cc:21:f7:76:55:ed:8c:96:0c:51:dc:
                    75:32:45:41:0c:32:4b:d1:ee:a0:09:f9:3e:ec:ea:
                    b3:f2:86:b3:2a:6d:37:e7:78:f8:b4:28:3d:87:07:
                    4e:d8:38:48:68:e1:af:e5:82:43:fa:2d:7b:5a:f5:
                    3c:ef:d1:37:49:79:03:cd:6d:c1:2c:a7:06:21:6f:
                    d1:e2:5c:c3:fe:b0:6c:5d:b9:d8:01:cb:d5:29:0b:
                    1d:1d:48:b1:90:4a:7b:c9:73:74:ee:fe:c1:6b:a4:
                    f4:19:ad:3e:50:aa:5a:78:b6:a3:0d:d9:3f:61:4c:
                    21:c2:c5:cf:f7:ab:0f:aa:63:fe:35:bf:eb:e3:58:
                    73:36:5c:35:c2:1d:54:e7:5d:c6:c2:ce:ec:ee:f6:
                    e6:4a:05:fe:7c:53:1b:7a:19:38:8e:68:f8:12:d4:
                    fa:3e:07:c4:a3:5c:da:1a:8b:54:95:27:fd:df:b8:
                    1b:15:e7:a1:01:2e:35:86:c9:6e:4c:09:25:f3:3f:
                    47:63:50:3a:56:43:ec:4a:7b:a7:12:cc:2a:79:fe:
                    8b:4d:8b:bb:3b:67:84:ba:75:07:57:4b:58:a5:43:
                    ec:24:da:49:93:7b:6c:ad:d1:66:45:07:23:3b:fa:
                    40:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:FA:31:49:59:67:F5:DE:DF:00:1C:1D:0A:9C:B4:24:7C:81:7D:41
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/59860ec1-5f08-4648-8fa9-79f2bbf2ec8d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:1004::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:e8:4a:50:b7:6d:82:24:30:12:57:e7:7e:93:e1:5f:e4:6f:
         0e:66:fb:7c:ce:a4:6c:e3:83:78:51:b3:c7:9f:bc:d9:b9:e0:
         35:ea:73:69:df:66:28:a2:59:ef:6e:7a:17:e0:28:54:43:d2:
         56:8e:e2:0d:b4:fb:70:fc:49:96:8a:f0:6e:00:b1:c3:42:60:
         d6:99:2f:ef:3b:b4:98:df:9e:f6:0a:f9:09:7c:00:79:bc:f1:
         ce:94:d9:10:bc:dd:71:60:9a:1d:d8:0e:9f:5f:9d:8d:3b:52:
         25:1e:69:b9:bf:6d:97:6e:ec:62:91:76:6a:01:15:6f:ea:54:
         d1:7e:9e:72:8a:fe:6e:0d:c9:24:d5:8c:47:67:ce:85:d0:18:
         f8:cc:37:6a:e2:92:41:4c:7b:25:33:2f:f8:26:41:9a:f9:fc:
         75:e4:ab:3d:86:73:54:60:8e:83:be:04:f6:76:07:dd:b6:7f:
         74:5c:df:be:83:47:b9:35:b0:cf:e1:40:b3:79:d8:d0:e2:bd:
         c3:3c:9c:13:00:46:84:28:d9:b8:4a:72:47:3c:1f:df:08:9a:
         40:f8:57:e0:84:b9:a9:71:ea:65:43:c5:6b:8f:8a:8b:74:c4:
         11:4e:07:bc:cf:32:c3:21:6a:34:86:04:f7:86:b2:f4:a5:f1:
         c8:c6:dd:d9
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUByyWVQ+q4NQ1zupC5F9tqRxJyGgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI0MDMxMTAwMDAwMFoX
DTI0MDQxNTIzNTk1OVowejFJMEcGA1UEBRNANWUzODY4M2M0YjBkZjQ2NDUyNGYy
MzU4OGZjZmI5ODYwMzMwN2M2YzU2YTA4MTZiNWNjYjQwZDg1MTVlOWFlYTEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhvtqWR7++6JBkILNaiTc9XkzCH3
dlXtjJYMUdx1MkVBDDJL0e6gCfk+7Oqz8oazKm0353j4tCg9hwdO2DhIaOGv5YJD
+i17WvU879E3SXkDzW3BLKcGIW/R4lzD/rBsXbnYAcvVKQsdHUixkEp7yXN07v7B
a6T0Ga0+UKpaeLajDdk/YUwhwsXP96sPqmP+Nb/r41hzNlw1wh1U513Gws7s7vbm
SgX+fFMbehk4jmj4EtT6PgfEo1zaGotUlSf937gbFeehAS41hsluTAkl8z9HY1A6
VkPsSnunEswqef6LTYu7O2eEunUHV0tYpUPsJNpJk3tsrdFmRQcjO/pA1wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMn6MUlZZ/Xe3wAcHQqctCR8gX1BMB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzU5ODYwZWMxLTVmMDgtNDY0OC04ZmE5LTc5ZjJiYmYyZWM4ZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzABAEMA0GCSqGSIb3DQEBCwUAA4IBAQAK6EpQt22CJDASV+d+
k+Ff5G8OZvt8zqRs44N4UbPHn7zZueA16nNp32YoolnvbnoX4ChUQ9JWjuINtPtw
/EmWivBuALHDQmDWmS/vO7SY3572CvkJfAB5vPHOlNkQvN1xYJod2A6fX52NO1Il
Hmm5v22XbuxikXZqARVv6lTRfp5yiv5uDckk1YxHZ86F0Bj4zDdq4pJBTHslMy/4
JkGa+fx15Ks9hnNUYI6DvgT2dgfdtn90XN++g0e5NbDP4UCzedjQ4r3DPJwTAEaE
KNm4SnJHPB/fCJpA+FfghLmpceplQ8Vrj4qLdMQRTge8zzLDIWo0hgT3hrL0pfHI
xt3Z
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:19 2024 by rpki-client on console-fra.rpki-client.org