Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/3537691c-1a10-4699-a8a0-4cec50a35534.roa
File:                     3537691c-1a10-4699-a8a0-4cec50a35534.roa (raw, json)
Hash identifier:          UbUfuUzRMAwGEoWXaBIHLOmZxnUIxwpdxhfaeKvPItI=
Subject key identifier:   AB:50:D7:36:4D:EF:ED:F3:9D:5F:B3:14:2D:05:01:23:86:B3:76:34
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       732CF36A3FE54BB1F3677553D1B040A170FFDE4A
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/3537691c-1a10-4699-a8a0-4cec50a35534.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fa:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:2c:f3:6a:3f:e5:4b:b1:f3:67:75:53:d1:b0:40:a1:70:ff:de:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=24218b0f500a0965d07a2acc4b5304a4447bb574bc2effbad805d61d62747d97, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3d:47:d0:f0:ef:d1:c5:16:ff:19:52:eb:f4:
                    b0:99:79:d6:b1:8c:80:17:5d:53:ed:5d:25:4b:3f:
                    6b:fb:aa:c0:ab:e8:48:fe:e0:90:cd:bf:e2:c7:8a:
                    e2:ce:cd:79:23:e4:24:9a:50:32:98:92:d9:a3:12:
                    91:1c:70:ca:31:10:e4:a1:d2:46:f0:a7:bd:87:95:
                    ef:c6:04:fc:5b:b0:c3:7d:1a:66:d6:58:fb:30:4a:
                    62:82:1e:ec:73:cd:53:cb:e8:bc:98:5b:ea:79:49:
                    24:71:89:ee:93:34:28:dc:5f:0c:ca:bc:0a:11:cd:
                    bc:85:88:5a:e5:45:d9:27:bf:c4:43:7c:fa:52:57:
                    81:1d:99:8a:d3:27:31:2a:b5:12:bf:b8:e4:15:1d:
                    07:9d:e7:a7:ea:36:5f:2d:33:a7:8d:cf:30:f3:57:
                    ed:a5:13:64:07:30:00:da:3f:9b:d2:36:33:9d:7b:
                    a8:da:55:18:a2:3e:7b:68:f7:f4:fb:16:e6:ca:01:
                    30:d1:6a:a4:0d:8d:3f:a7:ba:06:c9:6a:8b:56:55:
                    37:cb:f1:ee:4f:2f:9d:12:4e:2d:e0:d4:a9:70:44:
                    c2:69:c7:d4:19:87:29:dc:55:d4:62:6f:c4:0e:a4:
                    15:c3:37:47:ea:44:ea:0e:60:9d:6a:9d:1c:a2:be:
                    a4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:50:D7:36:4D:EF:ED:F3:9D:5F:B3:14:2D:05:01:23:86:B3:76:34
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/3537691c-1a10-4699-a8a0-4cec50a35534.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fa:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5b:54:8f:65:b6:ff:9f:cb:f1:98:9b:f9:c5:26:11:08:07:89:
         f1:51:1d:16:d0:05:f3:cf:97:2f:83:1c:84:d2:74:13:b1:b4:
         76:22:25:7f:85:bb:6d:e0:d6:85:a2:22:a6:2b:13:de:d9:aa:
         4a:da:c2:e8:1c:4c:3b:de:5e:56:80:f1:d4:11:e8:d4:73:43:
         e9:63:dc:c6:95:db:8d:ac:0b:be:64:65:47:02:1c:f8:3f:2a:
         ea:8b:d1:50:13:00:fd:51:6a:35:b0:2f:e0:62:1a:c2:f9:71:
         62:46:12:a1:80:d6:35:ec:1d:ef:57:86:58:54:f7:f4:12:e8:
         fb:37:72:94:1b:fd:a9:33:18:ec:eb:91:72:8b:cb:8a:e2:cf:
         3e:d7:cf:78:90:7c:6f:58:cf:8d:47:66:d6:da:09:ab:d5:d1:
         28:1e:86:19:78:55:c4:55:fc:b4:d9:ca:1d:c2:f3:fb:23:49:
         34:26:cd:43:a7:5d:2e:34:3d:e0:95:d6:c5:be:0a:8b:46:0c:
         f0:e9:3c:1c:bb:15:3d:61:c2:0b:34:90:e4:9f:4e:3c:7d:56:
         c5:f5:e2:07:75:b0:0a:63:e0:4f:7a:f6:74:46:bb:11:7f:39:
         76:2a:2c:49:2d:45:5c:2c:8c:48:b0:db:4a:c2:49:be:d5:b3:
         4d:c5:d7:8f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcyzzaj/lS7HzZ3VT0bBAoXD/3kowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAMjQyMThiMGY1MDBhMDk2NWQwN2Ey
YWNjNGI1MzA0YTQ0NDdiYjU3NGJjMmVmZmJhZDgwNWQ2MWQ2Mjc0N2Q5NzEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqj1H0PDv0cUW/xlS6/SwmXnWsYyA
F11T7V0lSz9r+6rAq+hI/uCQzb/ix4rizs15I+QkmlAymJLZoxKRHHDKMRDkodJG
8Ke9h5XvxgT8W7DDfRpm1lj7MEpigh7sc81Ty+i8mFvqeUkkcYnukzQo3F8MyrwK
Ec28hYha5UXZJ7/EQ3z6UleBHZmK0ycxKrUSv7jkFR0Hneen6jZfLTOnjc8w81ft
pRNkBzAA2j+b0jYznXuo2lUYoj57aPf0+xbmygEw0WqkDY0/p7oGyWqLVlU3y/Hu
Ty+dEk4t4NSpcETCacfUGYcp3FXUYm/EDqQVwzdH6kTqDmCdap0cor6knQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKtQ1zZN7+3znV+zFC0FASOGs3Y0MB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzM1Mzc2OTFjLTFhMTAtNDY5OS1hOGEwLTRjZWM1MGEzNTUzNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+oAwDQYJKoZIhvcNAQELBQADggEBAFtUj2W2/5/L8Zib+cUm
EQgHifFRHRbQBfPPly+DHITSdBOxtHYiJX+Fu23g1oWiIqYrE97ZqkrawugcTDve
XlaA8dQR6NRzQ+lj3MaV242sC75kZUcCHPg/KuqL0VATAP1RajWwL+BiGsL5cWJG
EqGA1jXsHe9XhlhU9/QS6Ps3cpQb/akzGOzrkXKLy4rizz7Xz3iQfG9Yz41HZtba
CavV0Sgehhl4VcRV/LTZyh3C8/sjSTQmzUOnXS40PeCV1sW+CotGDPDpPBy7FT1h
wgs0kOSfTjx9VsX14gd1sApj4E969nRGuxF/OXYqLEktRVwsjEiw20rCSb7Vs03F
148=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org