Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa
File:                     2720640e-9111-44dd-a0b8-a005f04956a0.roa (raw, json)
Hash identifier:          w2m67DFMu/M/aUX3bDm9BnxwVFGldYhj5IkX3aXRf1c=
Subject key identifier:   84:49:71:BF:5F:CE:DC:80:F2:27:B7:3C:66:CB:DE:88:CA:2D:98:15
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       2FFD38295EC7EB8174166AF9C41C3DD027369FB8
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa
Signing time:             Wed 17 Jul 2024 00:00:00 +0000
ROA not before:           Wed 17 Jul 2024 00:00:00 +0000
ROA not after:            Wed 21 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80a0:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:fd:38:29:5e:c7:eb:81:74:16:6a:f9:c4:1c:3d:d0:27:36:9f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jul 17 00:00:00 2024 GMT
            Not After : Aug 21 23:59:59 2024 GMT
        Subject: serialNumber=f6e6d41a42ee1af67e71c76dcc12abb0ec1382ee60a4d05335fe28b4010635eb, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6d:5e:3d:71:40:a1:ce:fa:e3:79:2b:01:88:
                    20:6b:db:f2:88:2c:91:eb:8e:bb:64:d6:20:c5:59:
                    11:ae:a2:90:a5:4c:47:d4:36:ae:4d:34:b1:73:27:
                    a6:a9:7e:51:93:c7:54:ac:1e:57:b6:c3:46:47:b5:
                    92:30:bf:e0:a8:bb:d9:7a:97:c7:04:66:da:0b:b4:
                    21:78:a4:66:0f:11:5e:96:ca:96:6a:2e:24:f2:6b:
                    dd:d0:b6:94:39:59:63:d7:13:36:2f:af:e0:94:3d:
                    81:08:09:ef:c8:0f:05:1e:54:47:80:86:47:09:cc:
                    02:8f:4f:d7:9b:51:b8:3d:b5:17:ae:75:0f:98:b9:
                    70:c1:96:4e:1f:3d:fd:6e:dd:5b:3d:5f:4f:d3:df:
                    e7:8e:7a:d9:3a:66:dd:0b:51:14:ee:5d:86:13:e0:
                    f5:a3:60:d2:81:e0:19:a0:65:9d:f7:4a:d5:f3:5f:
                    a7:29:02:c8:31:e3:36:b0:03:b4:a7:35:9a:ee:32:
                    db:6e:e2:d8:2c:44:05:66:ca:9e:2e:af:89:92:57:
                    89:62:a4:1f:70:7c:56:53:dd:40:49:cd:46:2f:4b:
                    30:23:84:83:05:31:db:43:91:a9:00:79:b4:79:dc:
                    19:4c:6a:83:6c:eb:39:a0:7a:22:49:e7:9d:06:2e:
                    33:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:49:71:BF:5F:CE:DC:80:F2:27:B7:3C:66:CB:DE:88:CA:2D:98:15
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2720640e-9111-44dd-a0b8-a005f04956a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80a0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0a:31:64:80:4c:ee:a9:12:ad:98:5a:ff:0d:63:1e:39:a0:0b:
         87:86:fa:c1:81:70:05:42:99:16:84:d6:aa:fd:e3:1f:84:89:
         0c:38:31:49:2a:f1:46:93:58:7b:54:a8:78:65:90:56:1b:d1:
         2e:0c:bd:a6:b5:c3:c8:66:1b:0d:10:a3:1c:96:ba:00:a4:22:
         90:4d:4c:f6:51:0e:51:66:69:d1:83:4f:4e:d4:de:fc:4e:a1:
         b1:83:51:86:34:68:9e:e4:df:0c:19:e0:7b:79:ca:b8:40:1b:
         db:f6:99:cd:b6:bb:3a:48:07:47:72:b9:5f:53:e4:9a:ea:58:
         da:d8:67:48:bd:07:95:e4:83:86:d8:a1:a5:21:30:7f:ca:55:
         26:c2:ce:3b:f2:ee:81:31:7b:10:ca:38:46:a3:0c:59:98:90:
         eb:c9:ee:d0:1e:2c:c6:b8:50:62:35:71:b0:98:ac:8a:7e:0a:
         0c:44:4e:8f:79:51:38:04:3e:27:91:81:e2:9a:8d:6f:37:87:
         53:b8:a2:5b:17:2b:44:dd:59:1b:c0:e1:0d:49:6c:91:fe:d2:
         6f:f1:7a:de:0d:d9:34:5e:8c:c7:e3:81:f6:c9:7e:45:22:ac:
         6a:74:18:7e:f7:f8:21:48:49:68:96:32:0a:a3:b7:78:64:26:
         33:93:c1:31
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUL/04KV7H64F0Fmr5xBw90Cc2n7gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MDcxNzAwMDAwMFoX
DTI0MDgyMTIzNTk1OVowejFJMEcGA1UEBRNAZjZlNmQ0MWE0MmVlMWFmNjdlNzFj
NzZkY2MxMmFiYjBlYzEzODJlZTYwYTRkMDUzMzVmZTI4YjQwMTA2MzVlYjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwm1ePXFAoc7643krAYgga9vyiCyR
6467ZNYgxVkRrqKQpUxH1DauTTSxcyemqX5Rk8dUrB5XtsNGR7WSML/gqLvZepfH
BGbaC7QheKRmDxFelsqWai4k8mvd0LaUOVlj1xM2L6/glD2BCAnvyA8FHlRHgIZH
CcwCj0/Xm1G4PbUXrnUPmLlwwZZOHz39bt1bPV9P09/njnrZOmbdC1EU7l2GE+D1
o2DSgeAZoGWd90rV81+nKQLIMeM2sAO0pzWa7jLbbuLYLEQFZsqeLq+JkleJYqQf
cHxWU91ASc1GL0swI4SDBTHbQ5GpAHm0edwZTGqDbOs5oHoiSeedBi4zfQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIRJcb9fztyA8ie3PGbL3ojKLZgVMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzI3MjA2NDBlLTkxMTEtNDRkZC1hMGI4LWEwMDVmMDQ5NTZhMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+AoIAwDQYJKoZIhvcNAQELBQADggEBAAoxZIBM7qkSrZha/w1j
HjmgC4eG+sGBcAVCmRaE1qr94x+EiQw4MUkq8UaTWHtUqHhlkFYb0S4Mvaa1w8hm
Gw0QoxyWugCkIpBNTPZRDlFmadGDT07U3vxOobGDUYY0aJ7k3wwZ4Ht5yrhAG9v2
mc22uzpIB0dyuV9T5JrqWNrYZ0i9B5Xkg4bYoaUhMH/KVSbCzjvy7oExexDKOEaj
DFmYkOvJ7tAeLMa4UGI1cbCYrIp+CgxETo95UTgEPieRgeKajW83h1O4olsXK0Td
WRvA4Q1JbJH+0m/xet4N2TRejMfjgfbJfkUirGp0GH73+CFISWiWMgqjt3hkJjOT
wTE=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:06:07 2024 by rpki-client on console-ams.rpki-client.org