Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa
File:                     b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa (raw, json)
Hash identifier:          K/3MTj98zdbYvJO1Rvs6JQijR67JhBusxQulcShfRfs=
Subject key identifier:   F6:3E:51:4B:53:01:74:DC:95:82:20:01:6D:99:58:94:EA:31:D0:09
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       0FE68C3E48E15077B35F301A71BDBC4DF84A76AE
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa
Signing time:             Sat 25 Mar 2023 00:00:00 +0000
ROA not before:           Sat 25 Mar 2023 00:00:00 +0000
ROA not after:            Sat 29 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:10fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Mar 2023 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e6:8c:3e:48:e1:50:77:b3:5f:30:1a:71:bd:bc:4d:f8:4a:76:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Mar 25 00:00:00 2023 GMT
            Not After : Apr 29 23:59:59 2023 GMT
        Subject: serialNumber=3a0af88921981f6921a8b4a0a98eb289da9b0f8424fc312d2445a507a87b3cf9, CN=bb9a9116-f615-462e-a680-5266b327e0fa, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5d:eb:5e:32:95:bc:e3:9c:8c:ed:de:b7:2a:
                    71:3d:ba:98:40:ae:e6:f9:e7:8b:ea:f7:67:cd:0c:
                    80:86:80:af:92:e1:b5:1b:0c:9d:71:46:20:d4:c5:
                    64:db:62:ab:14:83:52:5d:b9:8d:f1:8e:65:6b:af:
                    32:c3:43:9c:b5:1d:5c:3f:20:74:45:cd:a5:3a:fc:
                    d8:02:50:16:47:7c:9f:a3:7e:c7:8f:d2:59:17:98:
                    37:67:14:1c:be:8f:2c:c0:9c:3c:7b:d8:ab:5a:3e:
                    9d:6d:0c:e8:21:33:83:c2:5f:84:37:64:65:78:fe:
                    c7:12:8b:57:42:d5:5b:19:24:b5:d0:29:1b:a5:e2:
                    ea:1a:b5:3b:94:5b:66:7b:28:39:a1:d4:14:01:57:
                    b8:a6:a9:5f:a0:d9:d0:db:73:08:10:67:22:3c:c1:
                    d7:f3:e5:90:d7:6f:50:dd:cc:74:be:dc:f0:5f:8f:
                    fc:36:e9:5c:f3:b3:29:82:2a:0a:55:34:77:f3:63:
                    16:80:d3:16:1c:59:19:42:a4:d1:27:40:f0:9f:6a:
                    6d:9e:3a:1f:76:84:22:bd:51:c4:4e:d2:2c:74:f9:
                    f5:35:3e:d2:65:dd:8c:99:cf:a0:e1:eb:66:68:69:
                    55:a8:2b:aa:51:17:4f:bc:ea:f6:df:48:02:53:b8:
                    91:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F6:3E:51:4B:53:01:74:DC:95:82:20:01:6D:99:58:94:EA:31:D0:09
            X509v3 Authority Key Identifier: 
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/b3d57ffd-cfff-4f0f-9a34-bd001a900e9e.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:10fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:74:49:8a:e8:0b:4c:de:66:e0:d0:7b:ea:9a:f6:c5:c3:05:
         b8:56:2c:9a:8e:ef:54:93:30:10:45:7e:05:5b:f7:55:f3:49:
         ea:36:ee:a0:46:3c:35:3e:88:17:7c:2c:93:50:0a:c1:b3:67:
         16:2e:1a:4f:45:90:6b:48:6d:cc:f5:a1:1c:c4:88:8c:c4:c9:
         1d:95:1e:cd:5b:c3:93:35:fe:6e:bc:0f:b6:79:4b:6c:2e:61:
         1b:65:21:a3:e3:86:3b:16:d7:35:2e:9a:e3:8f:0b:81:f7:2c:
         27:95:4c:c1:55:1a:86:1f:e3:74:07:0b:67:70:4d:0c:18:fe:
         da:b4:2c:93:e2:c2:24:8c:0e:70:e4:53:b0:cd:95:72:ab:0a:
         0c:2c:0c:76:fb:09:65:79:ac:7f:1e:b2:84:9f:ba:4a:ad:99:
         f5:e4:2f:24:18:e6:2f:0e:ba:3a:85:61:46:63:d8:a2:25:33:
         e9:3d:16:04:9c:72:9d:4b:d0:e2:d5:71:4a:dd:3c:b1:a7:5c:
         a6:5c:91:c3:6d:aa:e5:39:22:55:a5:87:7b:36:fa:67:1e:a7:
         9e:cc:2d:8d:51:f3:78:8c:21:b9:8a:85:13:76:e8:8e:2f:87:
         15:7f:74:28:f4:35:57:9b:2a:66:2a:34:d0:3a:28:15:73:f6:
         8c:b3:a2:8f
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUD+aMPkjhUHezXzAacb28TfhKdq4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTIzMDMyNTAwMDAwMFoX
DTIzMDQyOTIzNTk1OVowgaUxSTBHBgNVBAUTQDNhMGFmODg5MjE5ODFmNjkyMWE4
YjRhMGE5OGViMjg5ZGE5YjBmODQyNGZjMzEyZDI0NDVhNTA3YTg3YjNjZjkxLTAr
BgNVBAMTJGJiOWE5MTE2LWY2MTUtNDYyZS1hNjgwLTUyNjZiMzI3ZTBmYTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1XeteMpW845yM7d63KnE9uphArub554vq
92fNDICGgK+S4bUbDJ1xRiDUxWTbYqsUg1JduY3xjmVrrzLDQ5y1HVw/IHRFzaU6
/NgCUBZHfJ+jfseP0lkXmDdnFBy+jyzAnDx72KtaPp1tDOghM4PCX4Q3ZGV4/scS
i1dC1VsZJLXQKRul4uoatTuUW2Z7KDmh1BQBV7imqV+g2dDbcwgQZyI8wdfz5ZDX
b1DdzHS+3PBfj/w26VzzsymCKgpVNHfzYxaA0xYcWRlCpNEnQPCfam2eOh92hCK9
UcRO0ix0+fU1PtJl3YyZz6Dh62ZoaVWoK6pRF0+86vbfSAJTuJFjAgMBAAGjggJL
MIICRzAdBgNVHQ4EFgQU9j5RS1MBdNyVgiABbZlYlOox0AkwHwYDVR0jBBgwFoAU
58raXwiB13vqSLB2ijdmtQBlrwgwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyLzU4cmFYd2lCMTN2
cVNMQjJpamRtdFFCbHJ3Zy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMyY2EzMGY1N2IvYjNk
NTdmZmQtY2ZmZi00ZjBmLTlhMzQtYmQwMDFhOTAwZTllLnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzcwOGFhZmFmLTAwYjQtNDg1Yi04NTRjLTBiMzJjYTMw
ZjU3Yi8xMmU1OTAwMS0zNWFjLTRhYmYtODU4Zi0zN2I5NTVhMjRiM2YuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAkA7MAEPwwDQYJKoZIhvcNAQELBQADggEBAGh0SYroC0zeZuDQe+qa9sXD
BbhWLJqO71STMBBFfgVb91XzSeo27qBGPDU+iBd8LJNQCsGzZxYuGk9FkGtIbcz1
oRzEiIzEyR2VHs1bw5M1/m68D7Z5S2wuYRtlIaPjhjsW1zUumuOPC4H3LCeVTMFV
GoYf43QHC2dwTQwY/tq0LJPiwiSMDnDkU7DNlXKrCgwsDHb7CWV5rH8esoSfukqt
mfXkLyQY5i8OujqFYUZj2KIlM+k9FgSccp1L0OLVcUrdPLGnXKZckcNtquU5IlWl
h3s2+mcep57MLY1R83iMIbmKhRN26I4vhxV/dCj0NVebKmYqNNA6KBVz9oyzoo8=
-----END CERTIFICATE-----
Generated at Sat Mar 25 00:36:14 2023 by rpki-client on console-fra.rpki-client.org