Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/90e88caa-70b7-406a-a161-a6118790ffdb.roa
File:                     90e88caa-70b7-406a-a161-a6118790ffdb.roa (raw, json)
Hash identifier:          Yo90krdSyUnbEeGfJCWAQF1Uje32u8MTSULrRgEZpyY=
Subject key identifier:   FF:0A:C8:07:0B:8F:C1:F3:2C:D6:A3:AE:A5:4B:77:5C:BB:18:A8:78
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       179440E23706521947EE0FF7F8DD27D2E9ED3DDB
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/90e88caa-70b7-406a-a161-a6118790ffdb.roa
Signing time:             Mon 11 Mar 2024 00:00:00 +0000
ROA not before:           Mon 11 Mar 2024 00:00:00 +0000
ROA not after:            Mon 15 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:1008::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:94:40:e2:37:06:52:19:47:ee:0f:f7:f8:dd:27:d2:e9:ed:3d:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Mar 11 00:00:00 2024 GMT
            Not After : Apr 15 23:59:59 2024 GMT
        Subject: serialNumber=278d6cdebd48757a951df0fada1a94e066d7939207a4ed2a0ac5c2ef2e9e4e2a, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:17:1c:0d:4e:36:77:c5:dc:22:86:c5:71:28:
                    b5:31:59:16:4f:6b:66:c9:2a:37:fe:9c:93:01:48:
                    53:40:18:23:c1:56:52:3f:65:b7:d0:38:f2:6a:2b:
                    3f:8e:6e:a5:a2:17:26:c9:e0:cd:e2:9b:a3:37:87:
                    ed:b8:06:df:a7:59:17:36:f7:c2:b1:17:8d:41:b1:
                    6f:bd:c1:41:45:b6:d0:4a:77:74:84:ed:8d:d8:6f:
                    09:95:2d:c2:11:f8:13:5b:1f:ab:d9:70:d6:ae:f7:
                    76:b5:a0:93:9a:d1:59:e6:28:2c:94:be:ea:3b:b2:
                    6c:56:ff:e7:ba:6e:60:9f:85:7f:0c:fd:c9:5e:17:
                    db:75:b3:b2:31:4f:93:4a:95:50:73:64:dd:7d:4b:
                    c3:6d:a6:98:93:23:4a:c1:b0:fb:7a:65:12:67:bf:
                    2e:d9:91:9c:71:17:11:93:ca:5a:2a:c0:3b:8c:f1:
                    2c:d7:c1:ef:b3:82:c5:59:1b:41:cc:b6:0c:e4:32:
                    16:92:d8:06:c8:d9:ec:5f:53:b6:17:96:12:cd:fd:
                    78:95:34:70:6b:79:6d:b1:21:96:68:9f:22:2d:ea:
                    ae:db:9b:9c:b4:bb:5e:3d:b0:f9:8c:6f:29:8c:b8:
                    fd:1c:2e:80:a2:7c:27:63:ea:0c:aa:6c:50:35:c4:
                    e4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:0A:C8:07:0B:8F:C1:F3:2C:D6:A3:AE:A5:4B:77:5C:BB:18:A8:78
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/90e88caa-70b7-406a-a161-a6118790ffdb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:1008::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:7e:6c:13:ff:0a:f6:a5:27:93:83:c5:35:da:76:70:64:fb:
         41:06:62:97:e2:57:ab:c3:6c:e7:ee:aa:af:03:78:d0:cb:a4:
         03:b7:41:6c:9b:f7:35:30:5e:ce:95:f2:67:ea:9d:21:06:93:
         ab:c2:8b:05:40:fb:3f:46:c5:64:24:15:cd:f4:a7:9d:23:49:
         a7:51:30:a2:51:31:70:d7:15:aa:e2:dd:8f:68:66:4d:7e:0c:
         7e:aa:95:5b:0b:47:c3:1a:ca:b5:c7:22:5a:56:b4:8d:f5:6b:
         b5:5b:70:bf:8f:73:56:db:4e:6e:73:c2:e4:80:70:45:06:cc:
         29:80:6d:3d:aa:f8:b8:52:76:ca:a3:39:0b:a1:ac:23:b1:39:
         c5:03:ce:b2:d7:9f:fb:62:3c:5b:7d:4b:62:2c:18:fe:e8:9a:
         1d:43:67:52:68:cc:3b:1e:56:24:70:de:da:92:22:8d:3d:52:
         d5:c7:e4:ec:f8:c6:e4:f3:4e:22:3f:8c:d8:cf:7f:34:c9:79:
         78:f4:53:2e:b4:e9:47:23:27:20:c3:f6:2a:9c:9c:de:10:e4:
         f1:b7:47:d1:d5:86:4b:6c:73:f7:f8:81:2b:5c:f1:59:c2:0c:
         f0:d0:6d:28:6c:76:19:31:c0:51:2d:24:0b:e9:be:0e:33:25:
         40:92:d9:8c
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUF5RA4jcGUhlH7g/3+N0n0untPdswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI0MDMxMTAwMDAwMFoX
DTI0MDQxNTIzNTk1OVowejFJMEcGA1UEBRNAMjc4ZDZjZGViZDQ4NzU3YTk1MWRm
MGZhZGExYTk0ZTA2NmQ3OTM5MjA3YTRlZDJhMGFjNWMyZWYyZTllNGUyYTEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRccDU42d8XcIobFcSi1MVkWT2tm
ySo3/pyTAUhTQBgjwVZSP2W30Djyais/jm6lohcmyeDN4pujN4ftuAbfp1kXNvfC
sReNQbFvvcFBRbbQSnd0hO2N2G8JlS3CEfgTWx+r2XDWrvd2taCTmtFZ5igslL7q
O7JsVv/num5gn4V/DP3JXhfbdbOyMU+TSpVQc2TdfUvDbaaYkyNKwbD7emUSZ78u
2ZGccRcRk8paKsA7jPEs18Hvs4LFWRtBzLYM5DIWktgGyNnsX1O2F5YSzf14lTRw
a3ltsSGWaJ8iLequ25uctLtePbD5jG8pjLj9HC6AonwnY+oMqmxQNcTkOQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFP8KyAcLj8HzLNajrqVLd1y7GKh4MB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzkwZTg4Y2FhLTcwYjctNDA2YS1hMTYxLWE2MTE4NzkwZmZkYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzABAIMA0GCSqGSIb3DQEBCwUAA4IBAQBrfmwT/wr2pSeTg8U1
2nZwZPtBBmKX4lerw2zn7qqvA3jQy6QDt0Fsm/c1MF7OlfJn6p0hBpOrwosFQPs/
RsVkJBXN9KedI0mnUTCiUTFw1xWq4t2PaGZNfgx+qpVbC0fDGsq1xyJaVrSN9Wu1
W3C/j3NW205uc8LkgHBFBswpgG09qvi4UnbKozkLoawjsTnFA86y15/7YjxbfUti
LBj+6JodQ2dSaMw7HlYkcN7akiKNPVLVx+Ts+Mbk804iP4zYz380yXl49FMutOlH
Iycgw/YqnJzeEOTxt0fR1YZLbHP3+IErXPFZwgzw0G0obHYZMcBRLSQL6b4OMyVA
ktmM
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org