Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2c7dc99e-16c5-4312-b613-ac42e8b52f1e.roa
File:                     2c7dc99e-16c5-4312-b613-ac42e8b52f1e.roa (raw, json)
Hash identifier:          fgld3ozWGRjtTxO1m5c+KKNMM0SR4iqE04nVpWtNs+k=
Subject key identifier:   BA:93:AD:E6:AE:FB:6F:05:79:9C:66:7A:24:D6:7C:EE:2E:4F:20:FD
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       515BC39A7E995B1B75BD8FF0C9351072425D1B67
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2c7dc99e-16c5-4312-b613-ac42e8b52f1e.roa
Signing time:             Sat 16 Sep 2023 00:00:00 +0000
ROA not before:           Sat 16 Sep 2023 00:00:00 +0000
ROA not after:            Sat 21 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80f8:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 17 Sep 2023 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:5b:c3:9a:7e:99:5b:1b:75:bd:8f:f0:c9:35:10:72:42:5d:1b:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 16 00:00:00 2023 GMT
            Not After : Oct 21 23:59:59 2023 GMT
        Subject: serialNumber=bc5c3dc21f95881aee66a2caa5ac3612ae8eb45b27634307bd057fb1d890c7e7, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0c:39:f0:87:5c:c9:1c:e5:19:fc:c6:8f:17:
                    8a:39:e5:13:db:6a:6c:f7:6f:26:b5:f9:cd:5d:0f:
                    dc:24:cd:c5:fa:b9:51:24:cd:af:bd:0c:60:a9:04:
                    a8:e8:9f:fe:66:72:f4:51:c6:df:70:db:e4:6e:29:
                    cf:39:14:96:8c:a4:f2:cc:77:c4:85:23:99:44:24:
                    1e:66:5a:70:58:4e:cf:8e:4c:ad:a6:dc:32:df:4e:
                    41:64:39:01:50:9d:ee:56:b5:48:d0:b8:0f:7c:b2:
                    78:9b:fb:58:1d:6b:1f:9c:8c:38:be:36:fa:9e:ed:
                    63:5f:97:f3:6a:05:59:b1:56:d4:03:b1:9f:e1:6a:
                    e2:6b:33:c7:2a:19:ec:88:47:70:8e:05:54:68:32:
                    23:66:48:dd:6d:b6:a0:53:8e:df:4d:90:15:69:d9:
                    bd:a1:55:0e:97:45:3c:80:b5:98:7d:b6:32:3f:75:
                    07:4e:eb:6e:9b:65:58:03:3c:70:92:39:9e:d7:b2:
                    a3:4f:a4:f2:80:17:6c:1a:96:86:30:94:d9:27:80:
                    82:f6:4f:7f:7d:45:6c:cf:c3:9e:e6:62:68:12:ae:
                    4b:fa:6a:f4:f7:93:b1:2b:36:9d:68:4c:8c:f1:f4:
                    0f:95:55:5f:8b:78:43:44:d0:f3:12:a4:0c:63:b2:
                    78:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:93:AD:E6:AE:FB:6F:05:79:9C:66:7A:24:D6:7C:EE:2E:4F:20:FD
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/2c7dc99e-16c5-4312-b613-ac42e8b52f1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80f8:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b5:5c:d0:cc:02:e9:8d:7a:5c:3a:f3:fa:72:45:26:25:ef:12:
         e4:a4:16:45:73:6c:d3:d2:6a:3b:d8:89:69:b6:2a:c4:36:77:
         4d:ea:54:75:de:8d:02:d6:66:64:f9:f7:46:c9:82:6d:7e:5f:
         53:a8:05:a1:c2:ac:ed:e2:88:27:a4:6e:6f:a3:80:4f:73:f5:
         19:15:6f:79:3a:33:32:84:d8:ba:c7:c1:db:37:0c:be:f8:fa:
         f8:92:3e:e3:42:42:f7:52:6b:a1:60:71:e9:81:fd:0c:f0:a0:
         d8:e5:3c:bf:d6:7e:e8:0e:e6:9d:92:29:78:d8:ca:e7:7a:dd:
         fb:2b:ac:e1:d8:cd:5a:93:02:5c:34:c2:af:9d:18:41:b9:d7:
         37:5b:0f:bc:4c:00:3c:23:6d:a5:ff:81:12:34:ad:6e:2d:c3:
         9c:47:97:97:1e:7a:bf:17:1c:5b:93:16:81:13:26:94:43:b8:
         af:17:5e:9f:88:cd:c1:da:f1:90:26:53:4b:99:da:d6:af:fb:
         4e:41:84:fd:3d:81:5c:3e:ed:62:a8:bd:db:77:a4:69:a6:6e:
         b2:81:46:10:8e:06:1e:3a:e5:e4:0c:a6:b3:1d:71:2b:f7:7c:
         b8:bb:2b:2e:dc:0e:ff:c7:8a:fe:3e:3b:51:e3:25:10:73:89:
         05:40:da:f2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUUVvDmn6ZWxt1vY/wyTUQckJdG2cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxNjAwMDAwMFoX
DTIzMTAyMTIzNTk1OVowejFJMEcGA1UEBRNAYmM1YzNkYzIxZjk1ODgxYWVlNjZh
MmNhYTVhYzM2MTJhZThlYjQ1YjI3NjM0MzA3YmQwNTdmYjFkODkwYzdlNzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQw58IdcyRzlGfzGjxeKOeUT22ps
928mtfnNXQ/cJM3F+rlRJM2vvQxgqQSo6J/+ZnL0UcbfcNvkbinPORSWjKTyzHfE
hSOZRCQeZlpwWE7Pjkytptwy305BZDkBUJ3uVrVI0LgPfLJ4m/tYHWsfnIw4vjb6
nu1jX5fzagVZsVbUA7Gf4WriazPHKhnsiEdwjgVUaDIjZkjdbbagU47fTZAVadm9
oVUOl0U8gLWYfbYyP3UHTutum2VYAzxwkjme17KjT6TygBdsGpaGMJTZJ4CC9k9/
fUVsz8Oe5mJoEq5L+mr095OxKzadaEyM8fQPlVVfi3hDRNDzEqQMY7J4lQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLqTreau+28FeZxmeiTWfO4uTyD9MB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzJjN2RjOTllLTE2YzUtNDMxMi1iNjEzLWFjNDJlOGI1MmYxZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+EAwDQYJKoZIhvcNAQELBQADggEBALVc0MwC6Y16XDrz+nJF
JiXvEuSkFkVzbNPSajvYiWm2KsQ2d03qVHXejQLWZmT590bJgm1+X1OoBaHCrO3i
iCekbm+jgE9z9RkVb3k6MzKE2LrHwds3DL74+viSPuNCQvdSa6FgcemB/QzwoNjl
PL/WfugO5p2SKXjYyud63fsrrOHYzVqTAlw0wq+dGEG51zdbD7xMADwjbaX/gRI0
rW4tw5xHl5ceer8XHFuTFoETJpRDuK8XXp+IzcHa8ZAmU0uZ2tav+05BhP09gVw+
7WKovdt3pGmmbrKBRhCOBh465eQMprMdcSv3fLi7Ky7cDv/Hiv4+O1HjJRBziQVA
2vI=
-----END CERTIFICATE-----
Generated at Sat Sep 16 00:30:27 2023 by rpki-client on console-ams.rpki-client.org