Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa
File:                     b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa (raw, json)
Hash identifier:          Z7p0o90dVfuWHVObVmeo9Vmlhe7IHn47IyXFve4DTFU=
Subject key identifier:   C6:03:EA:17:4D:D7:46:E0:7B:46:C1:46:7A:5A:28:AF:84:C8:6A:65
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       2CED27E270D8DAFEEE2FB4CBF46B7A4859BD8D33
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa
Signing time:             Sat 16 Sep 2023 00:00:00 +0000
ROA not before:           Sat 16 Sep 2023 00:00:00 +0000
ROA not after:            Sat 21 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:10fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 17 Sep 2023 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ed:27:e2:70:d8:da:fe:ee:2f:b4:cb:f4:6b:7a:48:59:bd:8d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Sep 16 00:00:00 2023 GMT
            Not After : Oct 21 23:59:59 2023 GMT
        Subject: serialNumber=a3069264cf13957f54ba0c29c8c54bafed9eb932c25741f1ed42462c745cc933, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f0:1a:61:c4:fb:06:f8:0d:e9:c8:64:9c:48:
                    c3:a9:4e:68:d9:8c:54:a1:d1:30:9c:35:44:72:66:
                    bb:aa:2e:a0:42:2b:5e:27:16:29:36:a4:dd:10:39:
                    28:26:e7:33:34:8e:83:4d:d4:e7:07:33:43:c6:aa:
                    a0:df:3e:e4:24:99:de:ec:3b:25:54:dd:0f:1d:7b:
                    2e:62:c3:5f:88:20:f3:eb:cb:5c:3b:39:1f:c1:37:
                    29:a5:f3:dc:ac:9b:5b:f1:5f:18:c9:18:48:84:22:
                    58:91:44:71:4f:ba:6a:22:30:54:ef:5f:1e:65:fd:
                    b2:7f:a5:0e:30:ef:3b:5b:d7:4f:13:11:40:d6:16:
                    55:ed:d0:04:e4:a1:af:0e:d4:ec:98:55:39:3e:43:
                    72:bb:36:f4:c0:d6:4a:bb:2b:b0:cb:df:b4:7c:42:
                    77:f7:19:97:9a:17:01:3f:cc:5d:06:9c:c8:97:dc:
                    c9:a7:34:e3:2b:09:d5:22:2b:b2:18:7c:c7:54:b1:
                    36:d1:66:57:7d:83:2d:32:51:04:66:3b:4b:54:15:
                    fd:1d:79:bb:88:9b:98:9b:ab:d8:10:f0:62:49:2c:
                    34:34:e4:f5:4b:3f:ad:13:ab:cc:59:19:d2:d4:96:
                    7b:7a:01:f1:ca:b6:55:cc:43:db:f0:7d:b6:c7:13:
                    e8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:03:EA:17:4D:D7:46:E0:7B:46:C1:46:7A:5A:28:AF:84:C8:6A:65
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:10fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:ac:ec:79:e9:53:8e:06:0a:31:9d:92:ca:94:45:05:28:3f:
         92:22:99:22:e2:fc:45:29:97:ad:86:03:b5:4a:a3:0c:95:2f:
         ef:24:c3:34:d9:86:8e:b2:41:b7:64:6c:bb:51:e0:a0:32:44:
         ff:a5:b0:5e:32:7c:b2:a3:10:5c:26:c1:5b:5e:93:52:14:92:
         32:fc:7d:62:44:bf:a1:12:70:e9:ca:b3:c5:70:d3:da:50:c8:
         22:f1:fa:01:9d:0d:b4:3e:64:70:f9:c0:c2:1d:d4:ca:1b:15:
         07:4b:cd:6d:72:27:87:0a:12:b8:0e:0c:15:1a:c2:76:25:1b:
         86:45:66:25:77:d3:b5:76:33:d0:06:38:41:af:ad:8a:2e:70:
         f0:3f:8d:0d:b8:fa:ca:d2:38:1f:02:b0:f4:c4:21:60:8c:60:
         cd:a4:28:dc:b4:53:68:72:fc:b5:31:48:c4:08:00:4c:86:1b:
         d1:c8:b5:cf:25:2e:e7:f7:f2:9d:d6:fd:15:f9:c8:48:68:8a:
         eb:4b:b2:dc:cc:0a:2a:fc:a4:5d:87:bb:75:49:66:e7:6d:13:
         db:c6:9e:d7:f9:7b:bc:f2:07:39:77:00:94:06:ed:1f:fb:eb:
         8b:ae:8a:09:18:d2:8d:3f:81:6e:dc:a2:91:74:6b:4f:69:38:
         9f:92:37:b3
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIULO0n4nDY2v7uL7TL9Gt6SFm9jTMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTIzMDkxNjAwMDAwMFoX
DTIzMTAyMTIzNTk1OVowejFJMEcGA1UEBRNAYTMwNjkyNjRjZjEzOTU3ZjU0YmEw
YzI5YzhjNTRiYWZlZDllYjkzMmMyNTc0MWYxZWQ0MjQ2MmM3NDVjYzkzMzEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPAaYcT7BvgN6chknEjDqU5o2YxU
odEwnDVEcma7qi6gQiteJxYpNqTdEDkoJuczNI6DTdTnBzNDxqqg3z7kJJne7Dsl
VN0PHXsuYsNfiCDz68tcOzkfwTcppfPcrJtb8V8YyRhIhCJYkURxT7pqIjBU718e
Zf2yf6UOMO87W9dPExFA1hZV7dAE5KGvDtTsmFU5PkNyuzb0wNZKuyuwy9+0fEJ3
9xmXmhcBP8xdBpzIl9zJpzTjKwnVIiuyGHzHVLE20WZXfYMtMlEEZjtLVBX9HXm7
iJuYm6vYEPBiSSw0NOT1Sz+tE6vMWRnS1JZ7egHxyrZVzEPb8H22xxPoVwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMYD6hdN10bge0bBRnpaKK+EyGplMB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
L2IzZDU3ZmZkLWNmZmYtNGYwZi05YTM0LWJkMDAxYTkwMGU5ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzABD8MA0GCSqGSIb3DQEBCwUAA4IBAQCDrOx56VOOBgoxnZLK
lEUFKD+SIpki4vxFKZethgO1SqMMlS/vJMM02YaOskG3ZGy7UeCgMkT/pbBeMnyy
oxBcJsFbXpNSFJIy/H1iRL+hEnDpyrPFcNPaUMgi8foBnQ20PmRw+cDCHdTKGxUH
S81tcieHChK4DgwVGsJ2JRuGRWYld9O1djPQBjhBr62KLnDwP40NuPrK0jgfArD0
xCFgjGDNpCjctFNocvy1MUjECABMhhvRyLXPJS7n9/Kd1v0V+chIaIrrS7LczAoq
/KRdh7t1SWbnbRPbxp7X+Xu88gc5dwCUBu0f++uLrooJGNKNP4Fu3KKRdGtPaTif
kjez
-----END CERTIFICATE-----
Generated at Sat Sep 16 00:30:27 2023 by rpki-client on console-ams.rpki-client.org