Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/41d48512-3b44-4b3e-ba21-6171938cc43c.roa
File:                     41d48512-3b44-4b3e-ba21-6171938cc43c.roa (raw, json)
Hash identifier:          FRJx7f20wwOdaR6aaodK17Z5S+USptAKoyhWw77dp30=
Subject key identifier:   4F:D4:B0:09:F5:C4:37:D8:F6:5C:69:CB:A8:DB:91:E1:B6:83:F0:8D
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       03EE1094B319D39A1F3C32745B53B2B37C0ED6EF
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/41d48512-3b44-4b3e-ba21-6171938cc43c.roa
Signing time:             Fri 22 Mar 2024 00:00:00 +0000
ROA not before:           Fri 22 Mar 2024 00:00:00 +0000
ROA not after:            Fri 26 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2400:6500::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ee:10:94:b3:19:d3:9a:1f:3c:32:74:5b:53:b2:b3:7c:0e:d6:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Mar 22 00:00:00 2024 GMT
            Not After : Apr 26 23:59:59 2024 GMT
        Subject: serialNumber=53b3dfc1d3552b5ef0f83b951592e157fb5ff62f397b30634abaddc3ec7485ec, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:68:ba:c4:22:5b:f5:09:ab:79:90:59:89:40:
                    f6:4b:ba:e3:77:bd:db:8f:04:5f:47:fa:18:df:15:
                    5e:c7:37:25:2f:38:6b:42:8c:4e:21:97:77:6b:55:
                    9e:27:77:ec:fc:e8:e0:4b:10:88:63:85:41:38:49:
                    da:85:36:83:44:e2:7e:d1:30:98:10:3d:97:36:02:
                    c8:13:d4:6e:8d:52:d9:91:62:46:6e:a2:7d:27:df:
                    ed:2b:5e:45:7f:60:aa:9e:77:98:24:89:a8:fb:49:
                    17:e7:a4:c2:ec:b4:5a:80:f5:e2:52:ca:72:65:87:
                    fa:7a:1e:68:ee:a0:ca:0c:7a:b5:25:b0:a9:5b:3b:
                    28:e6:aa:76:36:61:4d:57:28:4f:b6:b4:b7:c1:08:
                    a4:cc:0b:ab:25:f8:b4:c4:16:64:29:67:22:75:6c:
                    c4:b7:a8:cb:49:7f:73:2d:cb:db:24:b7:6a:4f:59:
                    18:38:6a:1b:8e:d4:4a:99:b9:ec:6a:73:3f:c1:80:
                    e9:c9:5b:6f:31:f4:03:1b:df:5a:17:c4:56:e2:e0:
                    2d:1e:af:d0:5a:3c:8a:f2:81:10:1a:65:87:49:a9:
                    95:43:c4:b1:fc:22:f4:ef:f6:ef:61:b2:35:84:80:
                    b1:58:ce:d7:d4:ca:98:24:ff:81:56:ab:e4:b2:a6:
                    a7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D4:B0:09:F5:C4:37:D8:F6:5C:69:CB:A8:DB:91:E1:B6:83:F0:8D
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/41d48512-3b44-4b3e-ba21-6171938cc43c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:6500::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:56:74:1c:8e:da:a9:89:fc:83:c5:20:53:72:17:01:26:22:
         d7:ad:fd:7d:3e:5a:de:71:a4:a7:22:7e:67:2b:50:7c:91:7c:
         88:f1:8f:f8:b9:b0:d8:d8:bf:a9:44:3a:27:c4:bf:14:53:61:
         1a:97:6b:31:50:6e:1e:82:0e:34:3f:59:2e:62:3a:26:81:aa:
         e8:f2:40:91:30:57:6d:84:eb:01:8c:1f:c0:1a:4c:06:b1:fb:
         0e:57:02:00:bf:98:f9:9b:26:58:b2:f6:ec:31:f4:c8:85:ca:
         1e:23:d3:9c:50:4d:2e:14:05:d8:f1:fc:7b:d1:51:71:40:e1:
         95:29:b6:4d:9a:0a:0a:4a:3f:07:6e:9c:7f:8b:e8:fd:ab:22:
         93:d8:e3:c7:1b:fc:74:5b:5a:f1:92:b7:39:ca:a3:38:9a:9e:
         55:c9:38:36:6c:de:b6:c4:a2:3b:7e:57:01:6f:0e:b7:2a:92:
         03:8e:23:51:f4:ea:34:e3:6d:8e:5d:bd:93:55:b2:01:ca:30:
         a3:a4:49:47:2a:da:63:10:76:c1:79:30:9c:c1:b9:c3:15:82:
         e9:60:7e:cb:18:01:9d:d7:fa:c9:e0:b4:2a:7d:26:1b:23:3b:
         56:17:e6:be:d5:ae:3f:0b:98:77:00:9a:18:b0:dc:80:d1:df:
         74:63:fd:ba
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUA+4QlLMZ05ofPDJ0W1Oys3wO1u8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI0MDMyMjAwMDAwMFoX
DTI0MDQyNjIzNTk1OVowejFJMEcGA1UEBRNANTNiM2RmYzFkMzU1MmI1ZWYwZjgz
Yjk1MTU5MmUxNTdmYjVmZjYyZjM5N2IzMDYzNGFiYWRkYzNlYzc0ODVlYzEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2i6xCJb9QmreZBZiUD2S7rjd73b
jwRfR/oY3xVexzclLzhrQoxOIZd3a1WeJ3fs/OjgSxCIY4VBOEnahTaDROJ+0TCY
ED2XNgLIE9RujVLZkWJGbqJ9J9/tK15Ff2CqnneYJImo+0kX56TC7LRagPXiUspy
ZYf6eh5o7qDKDHq1JbCpWzso5qp2NmFNVyhPtrS3wQikzAurJfi0xBZkKWcidWzE
t6jLSX9zLcvbJLdqT1kYOGobjtRKmbnsanM/wYDpyVtvMfQDG99aF8RW4uAtHq/Q
WjyK8oEQGmWHSamVQ8Sx/CL07/bvYbI1hICxWM7X1MqYJP+BVqvksqanzQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFE/UsAn1xDfY9lxpy6jbkeG2g/CNMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzQxZDQ4NTEyLTNiNDQtNGIzZS1iYTIxLTYxNzE5MzhjYzQzYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJABlADANBgkqhkiG9w0BAQsFAAOCAQEAN1Z0HI7aqYn8g8UgU3IX
ASYi1639fT5a3nGkpyJ+ZytQfJF8iPGP+Lmw2Ni/qUQ6J8S/FFNhGpdrMVBuHoIO
ND9ZLmI6JoGq6PJAkTBXbYTrAYwfwBpMBrH7DlcCAL+Y+ZsmWLL27DH0yIXKHiPT
nFBNLhQF2PH8e9FRcUDhlSm2TZoKCko/B26cf4vo/asik9jjxxv8dFta8ZK3Ocqj
OJqeVck4NmzetsSiO35XAW8OtyqSA44jUfTqNONtjl29k1WyAcowo6RJRyraYxB2
wXkwnMG5wxWC6WB+yxgBndf6yeC0Kn0mGyM7VhfmvtWuPwuYdwCaGLDcgNHfdGP9
ug==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org