Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/0ae05889-eb6d-414c-88e9-bc293171f532.roa
File:                     0ae05889-eb6d-414c-88e9-bc293171f532.roa (raw, json)
Hash identifier:          WIyYtAo/8cR79nfQwoD9q8Gq0IGEo4nqfaYt4n/o//k=
Subject key identifier:   15:F4:54:30:2A:CF:8C:9A:49:1B:67:A1:8E:85:C3:40:78:99:E0:0D
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       0C42B9C0EFAA690089BA17A4DA143C386FAC3B0B
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/0ae05889-eb6d-414c-88e9-bc293171f532.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80f9:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:42:b9:c0:ef:aa:69:00:89:ba:17:a4:da:14:3c:38:6f:ac:3b:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=93ed00c31dc30cb52dab56f72f9975c04d87cfbbc70e931313ac7a66487e7382, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3c:a0:38:d5:69:83:33:b5:5b:68:e5:76:85:
                    10:4d:5b:9f:00:dd:02:1a:16:95:b9:06:b3:d1:e9:
                    17:1f:4b:1e:1d:ad:78:20:63:bd:af:98:9c:a3:01:
                    8d:0b:bb:90:2b:a4:28:b1:67:50:e4:35:9d:06:f2:
                    9b:82:a7:f4:bf:74:62:7c:1a:2a:6e:5e:3a:e5:eb:
                    e8:dd:1f:df:92:5f:92:01:a0:e5:64:9d:b9:c0:d6:
                    c4:cc:8b:c8:62:f8:9e:8e:0c:4f:e0:aa:4d:f5:0e:
                    1d:f0:d5:27:a9:98:22:82:48:8a:d7:03:dc:0f:d7:
                    4a:2a:54:00:d8:99:88:45:44:25:4b:3a:23:fd:da:
                    41:e4:45:44:72:1b:9e:02:ee:ed:02:7b:cd:ff:e9:
                    08:d1:17:e2:b8:5b:b4:46:c5:ec:bf:da:9b:94:4b:
                    b1:1a:1f:c6:56:05:e0:dc:4b:95:f3:8e:a9:60:ec:
                    d3:c6:46:0b:2b:84:65:ad:66:17:83:c4:61:65:07:
                    9d:19:19:37:6c:13:bf:52:db:02:62:49:3b:be:3d:
                    a8:52:4a:c0:e1:81:b9:5c:94:65:d7:58:68:9c:cf:
                    ba:08:3b:58:bf:43:16:79:fc:5b:b3:31:87:b1:aa:
                    7f:d2:6d:24:b7:3d:0a:8e:34:63:23:f4:94:bc:71:
                    f4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F4:54:30:2A:CF:8C:9A:49:1B:67:A1:8E:85:C3:40:78:99:E0:0D
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/0ae05889-eb6d-414c-88e9-bc293171f532.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80f9:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:95:11:43:aa:91:dc:c3:6d:5f:7a:19:86:de:cb:96:f3:1e:
         dd:0d:64:dd:e6:61:11:99:ab:46:10:f3:18:df:6b:fe:bb:b9:
         5f:9b:5b:78:fb:b4:5f:79:a0:16:bd:1c:42:93:74:8e:16:62:
         af:96:86:c5:67:b4:3f:3f:94:66:4e:43:06:73:bf:54:c7:6b:
         a3:d2:7a:8e:ba:72:8f:22:c5:f5:8d:97:ef:44:d9:89:03:29:
         1e:11:73:16:ff:05:8f:4f:8b:76:33:59:2d:41:04:e9:a2:d4:
         fe:1e:aa:76:14:05:3b:b2:f4:c3:bd:5d:0f:91:e3:cb:e9:f8:
         2b:19:db:5a:77:68:a4:b4:64:80:39:88:2a:fe:81:15:39:cc:
         21:9d:26:04:d5:be:5f:be:3b:f5:2e:0d:e6:1b:42:cc:f1:d6:
         b9:0d:ba:93:93:4d:64:aa:d5:d9:66:15:38:bb:b7:8a:80:93:
         18:48:ad:7b:fa:71:43:5c:7a:db:19:ac:10:e3:8f:4b:98:62:
         2d:6d:8d:9a:ea:24:d4:12:35:eb:2c:c1:87:e3:56:6d:44:1e:
         2c:3a:6d:a4:e2:84:11:ad:0a:eb:72:b2:6e:bc:32:c1:b4:36:
         fe:c1:47:ed:71:e8:d8:23:8a:69:4b:b8:e2:9e:72:4a:be:77:
         2f:93:5c:03
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUDEK5wO+qaQCJuhek2hQ8OG+sOwswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAOTNlZDAwYzMxZGMzMGNiNTJkYWI1
NmY3MmY5OTc1YzA0ZDg3Y2ZiYmM3MGU5MzEzMTNhYzdhNjY0ODdlNzM4MjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDygONVpgzO1W2jldoUQTVufAN0C
GhaVuQaz0ekXH0seHa14IGO9r5icowGNC7uQK6QosWdQ5DWdBvKbgqf0v3RifBoq
bl465evo3R/fkl+SAaDlZJ25wNbEzIvIYviejgxP4KpN9Q4d8NUnqZgigkiK1wPc
D9dKKlQA2JmIRUQlSzoj/dpB5EVEchueAu7tAnvN/+kI0RfiuFu0RsXsv9qblEux
Gh/GVgXg3EuV846pYOzTxkYLK4RlrWYXg8RhZQedGRk3bBO/UtsCYkk7vj2oUkrA
4YG5XJRl11honM+6CDtYv0MWefxbszGHsap/0m0ktz0KjjRjI/SUvHH0SQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBX0VDAqz4yaSRtnoY6Fw0B4meANMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzBhZTA1ODg5LWViNmQtNDE0Yy04OGU5LWJjMjkzMTcxZjUzMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+UAwDQYJKoZIhvcNAQELBQADggEBAIiVEUOqkdzDbV96GYbe
y5bzHt0NZN3mYRGZq0YQ8xjfa/67uV+bW3j7tF95oBa9HEKTdI4WYq+WhsVntD8/
lGZOQwZzv1THa6PSeo66co8ixfWNl+9E2YkDKR4Rcxb/BY9Pi3YzWS1BBOmi1P4e
qnYUBTuy9MO9XQ+R48vp+CsZ21p3aKS0ZIA5iCr+gRU5zCGdJgTVvl++O/UuDeYb
Qszx1rkNupOTTWSq1dlmFTi7t4qAkxhIrXv6cUNcetsZrBDjj0uYYi1tjZrqJNQS
NesswYfjVm1EHiw6baTihBGtCutysm68MsG0Nv7BR+1x6NgjimlLuOKeckq+dy+T
XAM=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org