Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/7ec71d95-427c-491b-a7cc-55afd17c6f55.roa
File:                     7ec71d95-427c-491b-a7cc-55afd17c6f55.roa (raw, json)
Hash identifier:          iCGWzDRzMWQ21P0WbzX0F4Gce6Td4+0vQ2Nv8nDq898=
Subject key identifier:   77:CA:69:B4:2D:9D:00:9B:91:6C:CC:46:A9:9B:08:52:2E:DC:00:43
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       56B2FF00894FB2A684F00C574D729D6C2DD12735
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/7ec71d95-427c-491b-a7cc-55afd17c6f55.roa
Signing time:             Fri 05 Apr 2024 00:00:00 +0000
ROA not before:           Fri 05 Apr 2024 00:00:00 +0000
ROA not after:            Fri 10 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:108c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Apr 2024 00:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:b2:ff:00:89:4f:b2:a6:84:f0:0c:57:4d:72:9d:6c:2d:d1:27:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Apr  5 00:00:00 2024 GMT
            Not After : May 10 23:59:59 2024 GMT
        Subject: serialNumber=6524bcb12bb980bfbb9916fb1b66f7c02a814a7b5c6061abfa118a72231619a7, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b2:ba:da:68:83:24:45:d8:98:87:9d:d2:51:
                    ee:73:94:e1:e8:3a:57:00:26:24:63:c4:c4:72:b7:
                    0b:33:db:4b:59:68:b1:40:5c:a4:4c:62:a7:a0:98:
                    73:7c:6d:db:c8:0b:12:1e:bc:49:6d:0a:b8:2a:0f:
                    eb:f7:4f:15:92:a1:18:03:4f:c9:90:fd:65:8b:44:
                    96:5b:00:46:ac:ca:1d:64:cb:0b:9b:8a:28:68:de:
                    d1:8f:f9:c9:f0:24:ce:68:3f:fc:85:88:cb:b3:fb:
                    fc:9f:03:e8:df:20:c0:e5:fe:e9:47:b2:f8:2f:f8:
                    e6:6a:75:96:d4:34:7f:89:31:47:4f:96:bb:50:8e:
                    66:d8:ae:37:cf:9b:08:1c:88:37:72:57:15:7f:2d:
                    ca:dd:1d:9f:62:f0:c0:18:e9:36:04:7e:9e:04:a9:
                    3d:f1:4d:f4:5d:01:e0:af:59:16:3a:e0:9f:ec:37:
                    bc:3f:cc:9b:e4:fa:30:49:c6:a0:a0:75:65:0c:46:
                    1a:d6:7a:5e:87:1e:de:0a:52:83:71:7e:10:61:f1:
                    fc:30:ff:70:44:17:c6:46:51:31:25:4b:74:47:99:
                    9b:4f:e7:e8:70:8d:89:d1:4e:0a:94:79:52:2b:14:
                    82:8e:0c:ff:f8:63:78:70:de:27:42:8c:c5:25:e1:
                    6c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:CA:69:B4:2D:9D:00:9B:91:6C:CC:46:A9:9B:08:52:2E:DC:00:43
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/7ec71d95-427c-491b-a7cc-55afd17c6f55.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:108c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:99:70:4b:fd:b0:31:00:67:10:51:4d:44:fd:f1:6b:b1:58:
         62:d7:56:f4:94:b3:f6:69:88:d9:ba:ec:76:74:c5:45:ea:b0:
         1a:66:98:91:a7:ed:05:e2:32:2d:d4:0a:ed:60:a3:91:ce:1b:
         43:3f:7e:be:9b:22:9b:89:0a:84:fe:ed:fb:d4:72:a2:9d:62:
         6e:36:2a:8a:92:40:9d:6d:74:a1:0c:0e:ce:64:82:70:25:d4:
         ed:72:3a:16:ff:be:37:3d:13:f5:93:a5:f0:f0:ce:bb:a4:bf:
         e9:62:ac:84:2a:0e:1d:8d:04:8a:55:c0:d0:2d:83:04:d6:ea:
         0f:1e:88:5c:4c:bc:51:de:72:63:b5:5c:fe:ed:f0:2a:e0:b8:
         57:bc:34:56:ad:83:b0:c6:94:cd:66:76:31:ee:61:61:bb:37:
         60:22:de:24:73:ac:57:97:d1:5b:33:2a:1f:e1:1d:0f:6d:94:
         c8:17:ac:27:a7:c5:19:eb:3e:02:cd:5a:31:e1:1b:58:64:d6:
         f6:de:04:91:08:fb:33:18:2e:c8:a4:a7:f9:61:64:d1:df:3e:
         c6:21:e9:44:ce:e9:c8:5f:b6:e0:44:59:89:27:41:b9:e7:3a:
         38:61:b3:68:b3:f6:2d:bc:d7:f2:5e:d9:1f:60:c5:cc:8e:cd:
         c1:32:ac:76
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUVrL/AIlPsqaE8AxXTXKdbC3RJzUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI0MDQwNTAwMDAwMFoX
DTI0MDUxMDIzNTk1OVowejFJMEcGA1UEBRNANjUyNGJjYjEyYmI5ODBiZmJiOTkx
NmZiMWI2NmY3YzAyYTgxNGE3YjVjNjA2MWFiZmExMThhNzIyMzE2MTlhNzEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLK62miDJEXYmIed0lHuc5Th6DpX
ACYkY8TEcrcLM9tLWWixQFykTGKnoJhzfG3byAsSHrxJbQq4Kg/r908VkqEYA0/J
kP1li0SWWwBGrModZMsLm4ooaN7Rj/nJ8CTOaD/8hYjLs/v8nwPo3yDA5f7pR7L4
L/jmanWW1DR/iTFHT5a7UI5m2K43z5sIHIg3clcVfy3K3R2fYvDAGOk2BH6eBKk9
8U30XQHgr1kWOuCf7De8P8yb5PowScagoHVlDEYa1npehx7eClKDcX4QYfH8MP9w
RBfGRlExJUt0R5mbT+focI2J0U4KlHlSKxSCjgz/+GN4cN4nQozFJeFsLQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHfKabQtnQCbkWzMRqmbCFIu3ABDMB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzdlYzcxZDk1LTQyN2MtNDkxYi1hN2NjLTU1YWZkMTdjNmY1NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzABCMMA0GCSqGSIb3DQEBCwUAA4IBAQBbmXBL/bAxAGcQUU1E
/fFrsVhi11b0lLP2aYjZuux2dMVF6rAaZpiRp+0F4jIt1ArtYKORzhtDP36+myKb
iQqE/u371HKinWJuNiqKkkCdbXShDA7OZIJwJdTtcjoW/743PRP1k6Xw8M67pL/p
YqyEKg4djQSKVcDQLYME1uoPHohcTLxR3nJjtVz+7fAq4LhXvDRWrYOwxpTNZnYx
7mFhuzdgIt4kc6xXl9FbMyof4R0PbZTIF6wnp8UZ6z4CzVox4RtYZNb23gSRCPsz
GC7IpKf5YWTR3z7GIelEzunIX7bgRFmJJ0G55zo4YbNos/YtvNfyXtkfYMXMjs3B
Mqx2
-----END CERTIFICATE-----
Generated at Thu Apr 18 00:21:02 2024 by rpki-client on console-ams.rpki-client.org