Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/28716f72-e93f-4c3d-a271-5f3613042c49.roa
File:                     28716f72-e93f-4c3d-a271-5f3613042c49.roa (raw, json)
Hash identifier:          DYorhmhVohOjuZ+4bvDz0MxXbQ/wGuRyNhTcf/C10yM=
Subject key identifier:   45:E8:5D:E5:04:96:AD:0C:B3:43:7A:6F:43:21:40:B6:DE:3B:B4:6D
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       33201B37DE8738B9830FA8017DD94045652C4104
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/28716f72-e93f-4c3d-a271-5f3613042c49.roa
Signing time:             Fri 22 Mar 2024 00:00:00 +0000
ROA not before:           Fri 22 Mar 2024 00:00:00 +0000
ROA not after:            Fri 26 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2400:6500::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:20:1b:37:de:87:38:b9:83:0f:a8:01:7d:d9:40:45:65:2c:41:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Mar 22 00:00:00 2024 GMT
            Not After : Apr 26 23:59:59 2024 GMT
        Subject: serialNumber=6ed4b637dbfff972eb0dfdb2f619c24744ab5dcf962e09df93666c2b8fdaa1ef, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:28:1c:36:3b:e2:91:9d:d6:49:72:88:45:6e:
                    41:40:94:77:07:45:0b:55:74:eb:9e:11:bc:f1:80:
                    36:cb:13:1e:e2:19:98:10:bc:16:2f:63:ea:8c:5e:
                    a4:c2:c7:44:5c:02:1b:d7:34:a0:b3:9a:22:e8:3c:
                    cb:51:7a:47:b7:1f:ee:1b:59:01:19:3d:03:6f:97:
                    19:27:ac:59:68:26:97:dd:61:02:de:a5:2c:74:a7:
                    b0:3e:e6:8b:f1:a6:5a:31:be:9c:e3:be:32:86:f0:
                    cf:65:fb:10:5d:4e:c6:eb:6b:21:8a:d6:64:36:a7:
                    20:dc:8d:90:a2:b7:92:0d:e1:da:d7:7c:3b:47:7e:
                    5d:c2:f8:3a:4b:68:0c:3b:93:7c:ef:7d:28:6c:71:
                    9d:91:67:80:8c:9e:31:0a:7a:89:b2:f8:5e:b6:6d:
                    8e:21:90:1c:52:8a:7c:21:9d:55:f8:62:08:b5:4d:
                    29:f1:d8:be:85:d8:77:a0:09:c4:38:06:f0:8b:e5:
                    ec:99:b3:94:a2:64:c6:06:0b:14:bb:a9:ff:0d:01:
                    36:8a:78:03:07:da:c7:37:5d:76:f2:3c:d1:cb:f9:
                    67:89:f2:12:59:d0:28:d2:14:7c:3d:01:d7:5b:6f:
                    17:83:f3:48:86:29:d8:f3:99:55:1b:f5:4b:79:dd:
                    96:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E8:5D:E5:04:96:AD:0C:B3:43:7A:6F:43:21:40:B6:DE:3B:B4:6D
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/28716f72-e93f-4c3d-a271-5f3613042c49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:6500::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:b4:aa:5f:43:1f:a6:14:25:cd:e1:5e:b3:20:f0:8b:52:a9:
         50:33:0b:aa:e3:25:80:17:a9:1d:ba:2c:fa:60:21:9c:71:40:
         db:33:7a:99:7b:e8:7c:f0:da:4d:0d:cc:82:c8:b3:f9:bd:cc:
         04:54:a8:0c:3a:0c:8f:6f:0f:f1:63:a3:a6:60:75:4c:5c:46:
         75:95:60:8a:5f:5d:5a:c8:f4:25:4b:ad:65:fe:60:f5:e6:df:
         df:a9:81:2f:ae:3f:95:8f:e7:39:b9:21:c8:f3:16:ab:5d:a9:
         81:e5:bb:1a:bb:99:a2:bd:9b:50:7d:27:49:1c:8a:ff:13:a7:
         29:be:19:31:fe:90:2e:0c:4c:67:da:5f:21:0e:2d:74:54:1e:
         37:8b:81:b4:c6:ca:7a:3b:b6:cf:e4:a0:7b:eb:ea:07:11:e9:
         dd:8c:e0:ba:91:cf:ca:7b:68:3d:5c:d5:b7:c5:86:42:3b:3f:
         7a:ab:49:86:2b:f1:99:8d:23:59:c4:73:0d:70:5e:2b:72:20:
         72:d4:70:cd:bb:d7:46:ad:3b:d9:4c:63:b3:dd:93:f2:b8:e9:
         77:88:ca:dd:44:5b:ee:8b:5c:f8:90:75:03:29:95:6a:7b:a1:
         c5:df:7a:f1:68:27:ba:57:a0:ff:55:5c:a2:f6:90:a8:55:89:
         dc:e6:34:86
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUMyAbN96HOLmDD6gBfdlARWUsQQQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI0MDMyMjAwMDAwMFoX
DTI0MDQyNjIzNTk1OVowejFJMEcGA1UEBRNANmVkNGI2MzdkYmZmZjk3MmViMGRm
ZGIyZjYxOWMyNDc0NGFiNWRjZjk2MmUwOWRmOTM2NjZjMmI4ZmRhYTFlZjEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxygcNjvikZ3WSXKIRW5BQJR3B0UL
VXTrnhG88YA2yxMe4hmYELwWL2PqjF6kwsdEXAIb1zSgs5oi6DzLUXpHtx/uG1kB
GT0Db5cZJ6xZaCaX3WEC3qUsdKewPuaL8aZaMb6c474yhvDPZfsQXU7G62shitZk
Nqcg3I2QoreSDeHa13w7R35dwvg6S2gMO5N8730obHGdkWeAjJ4xCnqJsvhetm2O
IZAcUop8IZ1V+GIItU0p8di+hdh3oAnEOAbwi+XsmbOUomTGBgsUu6n/DQE2ingD
B9rHN1128jzRy/lnifISWdAo0hR8PQHXW28Xg/NIhinY85lVG/VLed2W3wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFEXoXeUElq0Ms0N6b0MhQLbeO7RtMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzI4NzE2ZjcyLWU5M2YtNGMzZC1hMjcxLTVmMzYxMzA0MmM0OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJABlADANBgkqhkiG9w0BAQsFAAOCAQEAgbSqX0MfphQlzeFesyDw
i1KpUDMLquMlgBepHbos+mAhnHFA2zN6mXvofPDaTQ3Mgsiz+b3MBFSoDDoMj28P
8WOjpmB1TFxGdZVgil9dWsj0JUutZf5g9ebf36mBL64/lY/nObkhyPMWq12pgeW7
GruZor2bUH0nSRyK/xOnKb4ZMf6QLgxMZ9pfIQ4tdFQeN4uBtMbKeju2z+Sge+vq
BxHp3YzgupHPyntoPVzVt8WGQjs/eqtJhivxmY0jWcRzDXBeK3IgctRwzbvXRq07
2Uxjs92T8rjpd4jK3URb7otc+JB1AymVanuhxd968Wgnuleg/1VcovaQqFWJ3OY0
hg==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:29 2024 by rpki-client on console-ams.rpki-client.org