Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa
File:                     65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa (raw, json)
Hash identifier:          b+cVU0USYC0VVeV5FNHhnpDQqi043GPKLLZz51adQ14=
Subject key identifier:   A4:9C:D1:C2:5F:16:F2:DD:79:0A:81:62:FA:64:EC:A9:68:09:5B:70
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       4DD619AF27E601944AB2992BA61E6686E3B8C39C
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8018::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d6:19:af:27:e6:01:94:4a:b2:99:2b:a6:1e:66:86:e3:b8:c3:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=7f026c2afa0bed57500fb192482f761eb2737f74e9380756e01b6c152006ec8a, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:03:e8:45:bc:12:35:9d:07:59:7f:71:51:2b:
                    68:35:94:9f:f3:3e:6e:09:78:08:57:3a:27:e5:a2:
                    dd:2b:e1:27:2e:79:ff:b2:4a:fc:be:b7:a6:38:5a:
                    6a:ae:56:1a:e6:d0:70:92:2c:c5:c8:50:b9:7a:da:
                    52:49:f7:b3:d6:af:cf:fc:1b:c4:b9:5c:b8:ae:07:
                    f9:e1:89:05:f6:34:35:d7:f1:25:32:29:89:41:dd:
                    fa:03:29:4a:61:2b:f8:8b:a2:50:3f:c5:a8:0a:b9:
                    44:0a:83:84:12:96:0c:5a:78:30:0d:69:8a:65:4f:
                    27:2e:c9:af:e4:8d:bf:90:75:98:47:30:d8:0f:c3:
                    e0:6f:a3:1b:e2:b3:a0:99:91:4b:59:f9:45:05:fc:
                    98:c8:05:d4:59:69:17:a6:6a:11:ea:ed:76:cd:df:
                    62:35:bc:1b:f2:be:91:0a:fc:40:7f:08:07:a2:ee:
                    ad:df:f3:89:4b:a5:9b:cf:82:2c:55:ff:8b:28:ec:
                    86:f1:6b:a7:7b:3e:e3:43:a6:74:d6:84:90:56:a9:
                    62:de:82:e7:b2:fd:2f:78:fb:36:da:d7:5c:46:22:
                    cb:a1:a1:2e:c7:6c:07:4f:68:1a:1a:82:30:b1:58:
                    95:b1:6f:ca:88:98:c5:a0:cc:22:24:dc:6c:37:ce:
                    89:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:9C:D1:C2:5F:16:F2:DD:79:0A:81:62:FA:64:EC:A9:68:09:5B:70
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8018::/36

    Signature Algorithm: sha256WithRSAEncryption
         23:a0:5d:67:50:22:b4:01:a8:3c:e5:78:35:cd:5f:b1:78:49:
         91:62:97:68:54:ef:40:ee:3e:0e:1a:73:a4:5d:83:af:0f:bf:
         94:9a:c2:79:ae:94:14:89:f3:73:5f:f1:52:ac:1a:26:61:a1:
         30:b0:03:68:79:46:25:2b:6e:d9:90:dd:8f:37:42:67:1b:89:
         96:72:18:ae:97:9c:f0:c4:c5:d2:29:79:2c:f9:f1:52:21:be:
         28:34:77:c5:87:70:eb:9a:5f:35:12:71:50:93:93:78:46:35:
         54:8c:91:56:62:ae:3c:c3:63:24:c0:59:99:8b:2c:8a:95:bc:
         e0:38:b2:aa:37:7b:ce:ba:9b:b0:2c:25:13:bb:4e:d3:05:e9:
         f1:6f:8b:ff:08:2b:ee:c4:45:3f:46:26:9f:a0:f9:31:39:3d:
         db:e5:cf:31:16:ff:73:d0:3c:a2:5f:4b:d0:47:41:c8:27:18:
         f4:02:02:6b:b6:cc:3f:55:15:4e:82:63:b0:c8:b3:b1:3b:4a:
         1d:bd:94:9c:b0:e7:b2:63:83:90:c5:03:ec:4a:bb:30:bc:99:
         b6:fe:fe:e6:53:de:bf:ea:34:98:ad:bb:8d:ed:ee:6a:30:d0:
         ec:6b:5b:fc:a3:a6:5b:fc:a8:84:fd:d8:e9:5d:02:99:b6:20:
         af:82:16:2c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTdYZryfmAZRKspkrph5mhuO4w5wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAN2YwMjZjMmFmYTBiZWQ1NzUwMGZi
MTkyNDgyZjc2MWViMjczN2Y3NGU5MzgwNzU2ZTAxYjZjMTUyMDA2ZWM4YTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4QPoRbwSNZ0HWX9xUStoNZSf8z5u
CXgIVzon5aLdK+EnLnn/skr8vremOFpqrlYa5tBwkizFyFC5etpSSfez1q/P/BvE
uVy4rgf54YkF9jQ11/ElMimJQd36AylKYSv4i6JQP8WoCrlECoOEEpYMWngwDWmK
ZU8nLsmv5I2/kHWYRzDYD8Pgb6Mb4rOgmZFLWflFBfyYyAXUWWkXpmoR6u12zd9i
Nbwb8r6RCvxAfwgHou6t3/OJS6Wbz4IsVf+LKOyG8Wunez7jQ6Z01oSQVqli3oLn
sv0vePs22tdcRiLLoaEux2wHT2gaGoIwsViVsW/KiJjFoMwiJNxsN86JEwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKSc0cJfFvLdeQqBYvpk7KloCVtwMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzY1ZjYwZWI1LWFlYTItNDhjNy04M2U5LTNlMTMwNWU2ZGJlYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJA+AGAAwDQYJKoZIhvcNAQELBQADggEBACOgXWdQIrQBqDzleDXN
X7F4SZFil2hU70DuPg4ac6Rdg68Pv5SawnmulBSJ83Nf8VKsGiZhoTCwA2h5RiUr
btmQ3Y83QmcbiZZyGK6XnPDExdIpeSz58VIhvig0d8WHcOuaXzUScVCTk3hGNVSM
kVZirjzDYyTAWZmLLIqVvOA4sqo3e866m7AsJRO7TtMF6fFvi/8IK+7ERT9GJp+g
+TE5PdvlzzEW/3PQPKJfS9BHQcgnGPQCAmu2zD9VFU6CY7DIs7E7Sh29lJyw57Jj
g5DFA+xKuzC8mbb+/uZT3r/qNJitu43t7mow0OxrW/yjplv8qIT92OldApm2IK+C
Fiw=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:46 2023 by rpki-client on console-fra.rpki-client.org