Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa
File:                     2720640e-9111-44dd-a0b8-a005f04956a0.roa (raw, json)
Hash identifier:          TOEckmDnoNYiWwWI6PuJC6redjdg+MxYNzLoZ/C0a4Y=
Subject key identifier:   51:C7:40:CA:AC:64:26:47:F9:98:77:1D:D7:23:58:35:D1:6D:FB:6D
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       31EF2815C7761763063D1E9FBE1A532EAFB6E4B8
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa
Signing time:             Tue 12 Mar 2024 00:00:00 +0000
ROA not before:           Tue 12 Mar 2024 00:00:00 +0000
ROA not after:            Tue 16 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80a0:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 03:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ef:28:15:c7:76:17:63:06:3d:1e:9f:be:1a:53:2e:af:b6:e4:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Apr 16 23:59:59 2024 GMT
        Subject: serialNumber=a02493fe74633c61358d3b70170875544c960a2781c772b96e6313715b61bb17, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4d:1f:43:d3:fd:c0:7d:fa:50:93:31:ec:41:
                    c8:6b:7a:0f:c0:1d:99:dd:3c:92:33:4e:f9:93:02:
                    72:2a:22:ee:b8:74:ec:46:7c:c6:91:53:f6:2a:38:
                    bb:a8:3a:50:70:73:7a:1c:ad:2a:7b:6f:59:29:4a:
                    43:f0:15:4a:fd:35:4c:66:de:05:de:79:b0:30:8b:
                    ae:1a:10:8e:dc:c0:c3:70:24:28:e9:c2:7d:3f:e0:
                    fc:6b:e0:b6:5c:a7:b7:68:d0:e8:53:88:7c:c5:30:
                    39:53:8e:27:fc:fd:ac:d1:43:0d:f8:70:dc:c4:c5:
                    bd:39:6d:f6:8e:f1:88:6a:90:e9:83:c3:fe:55:80:
                    7f:11:f6:c1:5c:e5:bf:b2:dc:f7:83:5f:5e:3a:8c:
                    fd:c2:20:b2:ce:42:a0:d5:91:28:60:3f:c2:89:85:
                    aa:b6:9f:20:08:cc:56:e2:e4:7e:d1:65:e4:4c:a6:
                    e5:f3:62:ac:22:93:f1:2f:b7:01:fe:ed:2f:cc:70:
                    4a:41:17:af:b8:eb:c5:6d:76:e6:55:31:e9:72:d3:
                    b8:e4:08:e6:08:a6:6d:f5:67:89:45:5c:1f:51:bc:
                    97:59:cf:d8:27:cc:0f:57:a0:dd:29:12:a2:43:06:
                    85:0b:9a:d4:df:a4:e3:57:bc:75:80:2f:06:ea:8a:
                    16:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:C7:40:CA:AC:64:26:47:F9:98:77:1D:D7:23:58:35:D1:6D:FB:6D
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80a0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         07:87:94:17:41:8b:36:ba:28:8a:6e:99:ec:aa:c6:60:ce:50:
         30:22:73:29:9a:8f:1b:d4:0b:26:9b:63:9a:eb:c8:bf:c4:58:
         13:80:1c:c2:29:aa:2b:d5:ac:7f:bc:e9:d8:5b:20:8d:bf:7f:
         9e:a3:31:c3:41:78:07:ca:b3:ae:2b:c6:66:8b:00:93:2c:57:
         e1:b3:7d:9a:6b:0f:68:19:59:cc:75:d8:13:40:28:d8:93:3c:
         fc:62:81:4c:87:a5:64:04:85:c0:ac:4f:bb:25:cb:d8:c3:3e:
         ef:e4:be:36:13:43:e5:5b:d8:93:6b:a0:db:fc:8d:0e:f8:ef:
         48:39:f6:d1:cb:6a:5c:61:8a:0f:9a:4c:c8:a2:78:ce:7c:50:
         5f:1e:a9:a2:6a:98:4e:5c:7c:55:c4:95:6b:c4:ee:7d:42:2e:
         1e:e9:7c:6c:36:9f:8c:88:ff:9c:b9:8d:4f:e5:57:82:2a:ae:
         ef:62:41:2c:06:70:6e:d0:ec:b1:70:86:16:7a:f9:70:80:12:
         00:bd:cb:2d:5c:c7:ad:bd:40:4f:95:25:27:6c:3f:44:b7:85:
         62:dd:bb:b7:d5:e7:82:45:66:c0:b5:a6:66:8f:b8:d0:f1:7a:
         bc:28:89:6e:6e:72:cc:e0:23:f7:7d:15:c0:a8:c5:66:89:6a:
         36:fb:1f:28
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMe8oFcd2F2MGPR6fvhpTLq+25LgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MDMxMjAwMDAwMFoX
DTI0MDQxNjIzNTk1OVowejFJMEcGA1UEBRNAYTAyNDkzZmU3NDYzM2M2MTM1OGQz
YjcwMTcwODc1NTQ0Yzk2MGEyNzgxYzc3MmI5NmU2MzEzNzE1YjYxYmIxNzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmk0fQ9P9wH36UJMx7EHIa3oPwB2Z
3TySM075kwJyKiLuuHTsRnzGkVP2Kji7qDpQcHN6HK0qe29ZKUpD8BVK/TVMZt4F
3nmwMIuuGhCO3MDDcCQo6cJ9P+D8a+C2XKe3aNDoU4h8xTA5U44n/P2s0UMN+HDc
xMW9OW32jvGIapDpg8P+VYB/EfbBXOW/stz3g19eOoz9wiCyzkKg1ZEoYD/CiYWq
tp8gCMxW4uR+0WXkTKbl82KsIpPxL7cB/u0vzHBKQRevuOvFbXbmVTHpctO45Ajm
CKZt9WeJRVwfUbyXWc/YJ8wPV6DdKRKiQwaFC5rU36TjV7x1gC8G6ooWjwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFHHQMqsZCZH+Zh3HdcjWDXRbfttMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzI3MjA2NDBlLTkxMTEtNDRkZC1hMGI4LWEwMDVmMDQ5NTZhMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+AoIAwDQYJKoZIhvcNAQELBQADggEBAAeHlBdBiza6KIpumeyq
xmDOUDAicymajxvUCyabY5rryL/EWBOAHMIpqivVrH+86dhbII2/f56jMcNBeAfK
s64rxmaLAJMsV+GzfZprD2gZWcx12BNAKNiTPPxigUyHpWQEhcCsT7sly9jDPu/k
vjYTQ+Vb2JNroNv8jQ7470g59tHLalxhig+aTMiieM58UF8eqaJqmE5cfFXElWvE
7n1CLh7pfGw2n4yI/5y5jU/lV4Iqru9iQSwGcG7Q7LFwhhZ6+XCAEgC9yy1cx629
QE+VJSdsP0S3hWLdu7fV54JFZsC1pmaPuNDxerwoiW5ucszgI/d9FcCoxWaJajb7
Hyg=
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:07:34 2024 by rpki-client on console-ams.rpki-client.org